Lucene search
K

577 matches found

RedhatCVE
RedhatCVE
added 2026/03/06 7:54 a.m.5 views

CVE-2026-2418

The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...

9.1CVSS5.8AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 6:30 a.m.6 views

EUVD-2026-9599

The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...

5.9AI score0.0024EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 6:16 a.m.9 views

CVE-2026-2418

The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...

9.1CVSS0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 6:0 a.m.2 views

CVE-2026-2418 Login with Salesforce <= 1.0.2 - Unauthenticated Authentication Bypass

The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...

5.8AI score0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 6:0 a.m.5 views

CVE-2026-2418

The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...

5.9AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 6:0 a.m.15 views

CVE-2026-2418

CVE-2026-2418 — WordPress plugin Login with Salesforce

9.1CVSS5.9AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 6:0 a.m.33 views

CVE-2026-2418 Login with Salesforce <= 1.0.2 - Unauthenticated Authentication Bypass

The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...

0.0024EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

WordPress plugin Login with Salesforce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.1CVSS5.8AI score0.0024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23220

The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user such as admin by simply knowing the email...

5.9AI score0.0024EPSS
Exploits0References2
Veeam
Veeam
added 2026/03/02 12:0 a.m.12 views

"4BDN: Connected Salesforce Org already exists"

Challenge When attempting to add a Salesforce sandbox to an on-premise installation of Veeam Backup for Salesforce , the following error occurs: 4BDN: Connected Salesforce Org already exists. Cause This occurs when the sandbox being added has the same name as a Salesforce sandbox that was...

6AI score
Exploits0
OSV
OSV
added 2026/02/26 1:55 p.m.3 views

MAL-2026-1048 Malicious code in edx-salesforce (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c4ffac16b09d8312b28d4f65cd3d0f49ecccca9de9d7bbdac0aed694b28949b7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/13 1:30 a.m.6 views

CVE-2026-26029

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

7.5CVSS6AI score0.00911EPSS
Exploits0References1
NVD
NVD
added 2026/02/11 10:15 p.m.13 views

CVE-2026-26029

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

7.5CVSS0.00911EPSS
Exploits0References2
OSV
OSV
added 2026/02/11 9:25 p.m.5 views

CVE-2026-26029 sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

7.5CVSS6.1AI score0.00911EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:25 p.m.4 views

CVE-2026-26029

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

7.5CVSS6AI score0.00911EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/11 9:25 p.m.5 views

CVE-2026-26029 sf-mcp-server has a Command Injection in query_records tool due to unsafe use of child_process.exec

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

7.5CVSS6AI score0.00911EPSS
Exploits0References2
CVE
CVE
added 2026/02/11 9:25 p.m.21 views

CVE-2026-26029

CVE-2026-26029 affects the sf-mcp-server component (Salesforce MCP server for Claude for Desktop). The issue arises from unsafe use of child_process.exec when forming Salesforce CLI commands with user-controlled input, enabling a potential command injection. Successful exploitation could execute ...

7.5CVSS6AI score0.00911EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/07 7:31 p.m.6 views

CVE-2026-25650

MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...

8.7CVSS5.5AI score0.00409EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 7:16 p.m.9 views

CVE-2026-25650

MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...

8.7CVSS0.00409EPSS
Exploits0References3
CVE
CVE
added 2026/02/06 6:53 p.m.11 views

CVE-2026-25650

CVE-2026-25650 concerns MCP Salesforce Connector (Model Context Protocol) prior to version 0.1.10. An arbitrary attribute access flaw allows disclosure of Salesforce OAuth bearer tokens used by MCP-Salesforce. Multiple sources (Red Hat, NVD, CVE lists, advisories) confirm the issue and that it is...

8.7CVSS5.5AI score0.00409EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder