August 5, 2025, update for OneNote 2016 (KB5002761)

August 5, 2025, update for OneNote 2016 KB5002761 This article describes update 5002761 for Microsoft OneNote 2016 that was released on August 5, 2025.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply t...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2025:02529-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02529-1 advisory. MozillaFirefox is updated to the 140ESR series. Firefox Extended Support Release 140.0esr ESR:...

CVE-2025-34072

A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol MCP Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embeddin...

CVE-2025-34072 Anthropic Slack MCP Server Data Exfiltration via Link Unfurling

A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol MCP Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embeddin...

CVE-2024-49279

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Floeter Hyperlink Group Block hyperlink-group-block allows Stored XSS.This issue affects Hyperlink Group Block: from n/a through = 1.17.5...

CVE-2024-56411

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting XSS vulnerability of the hyperlink base in the HTML page header. The HTML page is formed without sanitizing the hyperlink base. Versions 3.7.0,...

CVE-2023-2808

Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link...

CVE-2023-30452

The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter...

CVE-2021-30245

The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-https hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to...

CVE-2021-30109

Froala Editor 3.2.6 is affected by Cross Site Scripting XSS. Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting XSS vulnerability within the hyperlink creation module...

CVE-2021-24627

The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection...

CVE-2020-13958

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the documen...

CVE-2025-31885

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Floeter Hyperlink Group Block hyperlink-group-block allows DOM-Based XSS.This issue affects Hyperlink Group Block: from n/a through = 2.0.1...

WordPress Hyperlink Group Block plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Hyperlink Group Block versions = 2.0.1...

CVE-2025-31885

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Floeter Hyperlink Group Block hyperlink-group-block allows DOM-Based XSS.This issue affects Hyperlink Group Block: from n/a through = 2.0.1...

CVE-2025-31885 WordPress Hyperlink Group Block plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Floeter Hyperlink Group Block hyperlink-group-block allows DOM-Based XSS.This issue affects Hyperlink Group Block: from n/a through = 2.0.1...

CVE-2025-31885 WordPress Hyperlink Group Block plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Floeter Hyperlink Group Block allows DOM-Based XSS. This issue affects Hyperlink Group Block: from n/a through 2.0.1...

CVE-2025-31885

CVE-2025-31885 concerns the Hyperlink Group Block WordPress plugin. The vulnerability affects Hyperlink Group Block, version 2.0.1 and earlier, with an authenticated (Contributor+) cross-site scripting flaw. The CVE description identifies a Cross-Site Scripting issue (documented as DOM-Based XSS ...

WordPress plugin Hyperlink Group Block 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

PT-2025-14261 · Unknown · Daniel Floeter Hyperlink Group Block

Name of the Vulnerable Software and Affected Versions: Daniel Floeter Hyperlink Group Block versions 2.0.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This can lead to cross-site scripting attacks...