Dae

**Name of the Vulnerable Software and Affected Versions** Ankitects Anki versions prior to 25.02 **Description** The issue allows for attacker-controlled access to the internal API through a crafted shared deck, even without knowledge of an API key. This can be achieved through various methods, including scripts or the SRC attribute of an `IMG` element. **Recommendations** For versions prior to 25.02, update to a version that includes a complete fix for the issue. As a temporary workaround, consider restricting access to shared decks or disabling the internal API until a patch is available. Avoid using crafted shared decks in the affected Ankitects Anki versions until the issue is resolved.