585 matches found
Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity
Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth...
MAL-2026-10234 Malicious code in slds-lsp-client (npm)
The slds-lsp-client package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Salesforce SLD...
EUVD-2026-43067
Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...
CVE-2026-13243
Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...
CVE-2026-13243
Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...
CVE-2026-13243 Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063
Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...
CVE-2026-49099
Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...
CVE-2026-49099
Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...
EUVD-2026-41845
Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...
CVE-2026-49099
Summary: CVE-2026-49099 affects the Apache Camel Salesforce component. Non-Camel header constants (e.g., sObjectQuery, apexUrl) bypass the HTTP header filter, allowing an unauthenticated HTTP client to influence internal behavior by setting operation parameters (SOQL/SOSL, SObject name/id, Apex U...
CVE-2026-49099 Apache Camel Salesforce: Non-Camel-prefixed Exchange header constants bypass the HTTP header filter, allowing an HTTP client to influence internal behaviour
Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...
PT-2026-55906
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection and authorization bypass issue exists in the Apache Camel Salesforce component. The...
PYSEC-2026-557 Salesforce Uni2TS has a Code Injection vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0...
DRUPAL-CONTRIB-2026-063
The Salesforce Suite of modules integrates Drupal with Salesforce. The Salesforce module does not properly validate the OAuth handshake during interactive authentication, allowing an attacker to hijack the authorization token and bind the site to an attacker's Salesforce account. This vulnerabili...
PT-2026-52176
Name of the Vulnerable Software and Affected Versions Drupal Salesforce Suite versions 0.0.0 through 5.1.3 Description A Cross-Site Request Forgery CSRF issue exists where the software fails to properly validate the OAuth handshake during interactive authentication. This allows an attacker to...
Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data
Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app until further notice...
CVE-2026-49109
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.4.3 versions...
EUVD-2026-36884
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.4.3 versions...
CVE-2026-49109
CVE-2026-49109 concerns the WordPress plugin set “Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms” (versions
CVE-2026-49109 WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.3 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.4.3 versions...