577 matches found
CVE-2026-2418
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...
EUVD-2026-9599
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...
CVE-2026-2418
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...
CVE-2026-2418 Login with Salesforce <= 1.0.2 - Unauthenticated Authentication Bypass
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...
CVE-2026-2418
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...
CVE-2026-2418
CVE-2026-2418 — WordPress plugin Login with Salesforce
CVE-2026-2418 Login with Salesforce <= 1.0.2 - Unauthenticated Authentication Bypass
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...
WordPress plugin Login with Salesforce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-23220
The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...
"4BDN: Connected Salesforce Org already exists"
Challenge When attempting to add a Salesforce sandbox to an on-premise installation of Veeam Backup for Salesforce , the following error occurs: 4BDN: Connected Salesforce Org already exists. Cause This occurs when the sandbox being added has the same name as a Salesforce sandbox that was...
MAL-2026-1048 Malicious code in edx-salesforce (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c4ffac16b09d8312b28d4f65cd3d0f49ecccca9de9d7bbdac0aed694b28949b7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2026-26029
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...
CVE-2026-26029
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...
CVE-2026-26029 sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...
CVE-2026-26029
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...
CVE-2026-26029 sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...
CVE-2026-26029
CVE-2026-26029 affects the sf-mcp-server component (Salesforce MCP server for Claude for Desktop). The issue arises from unsafe use of child_process.exec when forming Salesforce CLI commands with user-controlled input, enabling a potential command injection. Successful exploitation could execute ...
CVE-2026-25650
MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...
CVE-2026-25650
MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...
CVE-2026-25650
CVE-2026-25650 concerns MCP Salesforce Connector (Model Context Protocol) prior to version 0.1.10. An arbitrary attribute access flaw allows disclosure of Salesforce OAuth bearer tokens used by MCP-Salesforce. Multiple sources (Red Hat, NVD, CVE lists, advisories) confirm the issue and that it is...