Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-32484 | 1 Ankitects | 1 Anki | 2024-11-21 | N/A | 7.4 HIGH |
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability. | |||||
CVE-2024-32152 | 3 Ankitects, Linux, Microsoft | 3 Anki, Linux Kernel, Windows | 2024-11-21 | N/A | 3.1 LOW |
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability. |