117 matches found
CVE-2026-4221
A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has...
CVE-2026-4221
Tiandy Easy7 Integrated Management Platform 7.17.0 is affected by an unrestricted upload vulnerability in the Endpoint component via /rest/file/uploadLedImage. The issue allows remote exploitation with no authentication when uploading a File argument, potentially enabling arbitrary file upload. P...
CVE-2026-4221 Tiandy Easy7 Integrated Management Platform Endpoint uploadLedImage unrestricted upload
A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has...
openSUSE Security Advisory (SUSE-SU-2025:4221-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-4221-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-4221
The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-downloader' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-4221 Animated Buttons <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-downloader' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-4221 Animated Buttons <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-downloader' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Animated Buttons plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang in WordPress Plugin Animated Buttons versions = 1.0.0...
CVE-2023-4221
creationtimestamp| type| source ---|---|--- 2023-12-17 14:43:00+00:00| seen| https://t.me/ctinow/155614...
CVE-2023-4221
Command injection in main/lp/openofficepresentation.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...
CVE-2023-4221
Command injection in main/lp/openofficepresentation.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...
CVE-2023-4221 Chamilo LMS Learning Path PPT2LP Command Injection Vulnerability
Command injection in main/lp/openofficepresentation.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...
CVE-2023-4221
Summary: CVE-2023-4221/4222 affect Chamilo LMS up to version 1.11.24. Technical details in connected docs show command injection vulnerabilities in specific PHP classes used for Learning Paths uploads: main/lp/openoffice_presentation.class.php (CVE-2023-4221) and main/lp/openoffice_text_document....
SUSE CVE-2014-4221
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries...
CVE-2021-4221
creationtimestamp| type| source ---|---|--- 2022-12-22 22:19:59+00:00| seen| https://t.me/cibsecurity/55131...
CVE-2021-4221
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected.Note: Due to a clerical error this advisory was...
CVE-2021-4221
CVE-2021-4221 : Affects Firefox for Android. If a domain name contains a RTL (Right-to-Left) character, the domain could render to the right of the path, enabling user confusion and spoofing. The vulnerability is limited to Firefox for Android; other OSes are unaffected. The advisory notes Firefo...
CVE-2021-4221
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected.Note: Due to a clerical error this advisory was...
CVE-2021-4221
If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected.Note: Due to a clerical error this advisory was...