EUVD-2026-29373

The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...

CVE-2026-45430

The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...

CVE-2026-45430

CVE-2026-45430 affects the Salesforce module for Backdrop CMS (vulnerable: 1.x-1.0.0 and earlier; fixed in 1.x-1.0.1 or later). The root cause is the module not properly using a random state parameter to protect the OAuth-like authorization flow, leaving it susceptible to CSRF attacks. The CVSSv3...

CVE-2026-45430

The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...

CVE-2026-45430

The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...

CVE-2026-45430

The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...

PT-2026-39931

The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...

Backdrop CMS Salesforce 跨站请求伪造漏洞

Backdrop CMS Salesforce is a data synchronization extension module developed by Backdrop CMS Inc. for integration with the Salesforce platform. Versions of Backdrop CMS Salesforce prior to 1.x-1.0.1 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from improper us...

ShinyHunters Leaks Data of Udemy, Zara, 7-Eleven in Salesforce Linked Breach

ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems...

How to Deploy Veeam Backup for Salesforce External Client App

Purpose This article documents how to create an External Client App ECA in Salesforce to integrate with Veeam Backup for Salesforce via Salesforce API. An ECA with proper permissions is required for Veeam Backup for Salesforce to integrate with Salesforce API using the OAuth 2.0 protocol. Solutio...

CVE-2026-35178

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...

EUVD-2026-19450

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...

CVE-2026-35178 Workbench Affected by Remote Code Execution (RCE) via Malicious Cookie in Timezone Conversion

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...

CVE-2026-34951

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize user-supplied input...

PT-2026-30712

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...

ShinyHunters Hackers Claim Theft of 3M+ Cisco Records, Threaten Public Leak

ShinyHunters hackers claim they stole 3 million+ Cisco records via Salesforce and AWS, warning of a public leak if demands are not met by April 3, 2026...

External Client App (ECA) for Veeam Data Cloud — Adapting to New Salesforce Security Requirements

Support Statement Summary of Changes to Salesforce Security Protocols Salesforce has introduced new security protocols for third-party applications accessing Salesforce organizations. This change affects all third-party products that integrate with Salesforce, requiring those vendors to transitio...

CVE-2026-2298

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 30th, 2026...

EUVD-2026-14512

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 30th, 2026...

CVE-2026-2298

Technical details for CVE-2026-2298 are not provided in the supplied documents; no affected products, versions, impact, or remediation are specified. Monitor official sources for updates.