Lucene search
K

585 matches found

The Hacker News
The Hacker News
added 1 hour ago4 views

Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity

Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth...

6.1AI score
Exploits0
OSV
OSV
added yesterday2 views

MAL-2026-10234 Malicious code in slds-lsp-client (npm)

The slds-lsp-client package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Salesforce SLD...

6.1AI score
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43067

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

6.1AI score0.00097EPSS
Exploits0References2
NVD
NVD
added 4 days ago5 views

CVE-2026-13243

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

4.8CVSS0.00097EPSS
Exploits0References1
CVE
CVE
added 4 days ago25 views

CVE-2026-13243

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

4.8CVSS6.1AI score0.00097EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-13243 Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

0.00097EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 9:16 a.m.11 views

CVE-2026-49099

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...

5.3CVSS0.00341EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:11 a.m.6 views

CVE-2026-49099

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...

6AI score0.00341EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/06 8:11 a.m.5 views

EUVD-2026-41845

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...

6AI score0.00341EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:11 a.m.14 views

CVE-2026-49099

Summary: CVE-2026-49099 affects the Apache Camel Salesforce component. Non-Camel header constants (e.g., sObjectQuery, apexUrl) bypass the HTTP header filter, allowing an unauthenticated HTTP client to influence internal behavior by setting operation parameters (SOQL/SOSL, SObject name/id, Apex U...

5.3CVSS6AI score0.00341EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:11 a.m.33 views

CVE-2026-49099 Apache Camel Salesforce: Non-Camel-prefixed Exchange header constants bypass the HTTP header filter, allowing an HTTP client to influence internal behaviour

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...

0.00341EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-55906

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection and authorization bypass issue exists in the Apache Camel Salesforce component. The...

5.3CVSS6.2AI score0.00341EPSS
Exploits0References9
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-557 Salesforce Uni2TS has a Code Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0...

9.8CVSS6.1AI score0.00372EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 6:48 p.m.4 views

DRUPAL-CONTRIB-2026-063

The Salesforce Suite of modules integrates Drupal with Salesforce. The Salesforce module does not properly validate the OAuth handshake during interactive authentication, allowing an attacker to hijack the authorization token and bind the site to an attacker's Salesforce account. This vulnerabili...

4.8CVSS5.7AI score0.00097EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52176

Name of the Vulnerable Software and Affected Versions Drupal Salesforce Suite versions 0.0.0 through 5.1.3 Description A Cross-Site Request Forgery CSRF issue exists where the software fails to properly validate the OAuth handshake during interactive authentication. This allows an attacker to...

6AI score0.00097EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/19 9:3 a.m.31 views

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app until further notice...

6AI score
Exploits0
NVD
NVD
added 2026/06/15 9:17 p.m.12 views

CVE-2026-49109

Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.4.3 versions...

9.8CVSS0.00383EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.14 views

EUVD-2026-36884

Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.4.3 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.22 views

CVE-2026-49109

CVE-2026-49109 concerns the WordPress plugin set “Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms” (versions

9.8CVSS5.3AI score0.00383EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.29 views

CVE-2026-49109 WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.4.3 versions...

9.8CVSS0.00383EPSS
Exploits0References1
Rows per page
Query Builder