Damien Elmes

1 exploit Active since Oct 2025
CVE-2025-62185 WRITEUP MEDIUM WRITEUP
Anki < 25.02.5 - Unauthenticated Arbitrary Code Execution via Crafted Shared Deck
In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlp_x86.exe.
CVSS 6.7