CVE-2026-25650

CVE-2026-25650 concerns MCP Salesforce Connector (Model Context Protocol) prior to version 0.1.10. An arbitrary attribute access flaw allows disclosure of Salesforce OAuth bearer tokens used by MCP-Salesforce. Multiple sources (Red Hat, NVD, CVE lists, advisories) confirm the issue and that it is...

EUVD-2026-5627

MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...

CVE-2026-25650 MCP Salesforce Connector has arbitrary attribute access which leads to disclosure of Salesforce auth token

MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...

Information Exposure

Overview mcp-salesforce-connector is an A Model Context Protocol MCP server implementation for Salesforce integration Affected versions of this package are vulnerable to Information Exposure due to arbitrary attribute access. An attacker can obtain sensitive bearer tokens by accessing arbitrary...

MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token

Impact Disclosure of Salesforce OAuth bearer tokens used by the MCP. Patches fix applied in 0.1.10 Workarounds Rotate any Salesforce tokens/credentials used by MCP-Salesforce...

PT-2026-6777

Name of the Vulnerable Software and Affected Versions MCP Salesforce Connector versions prior to 0.1.10 Description The software is a Model Context Protocol MCP server implementation for Salesforce integration. A flaw exists where arbitrary attribute access can lead to the disclosure of Salesforc...

EUVD-2022-24975

Malicious code in bioql PyPI...

CVE-2024-45296 path-to-regexp outputs backtracking regular expressions

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event...

Malicious code in galileo-web-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1ea1d3425cddab091828432f9dffef7f8bc36f5fbf9bcd0e01dffe737417e92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PYSEC-2024-43

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...

LangChain Security Breach

LangChain builds applications using LLM through composability. A security vulnerability exists in LangChain 0.1.10 and earlier versions that stems from a URI traversal vulnerability when loading configuration files...

Deserialization of untrusted data

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

CVE-2023-28448 Versionize is lacking bound checks, potentially leading to out of bounds memory access

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

CVE-2023-28448 Versionize is lacking bound checks, potentially leading to out of bounds memory access

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

CVE-2022-1690

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection...

CVE-2022-1690

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection...

CVE-2022-1689

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection...

Voloko Twitter-stream Trust Management Issues Vulnerability

Laust Rud Jacobsen Voloko Twitter-stream is an application from the individual developer Laust Rud Jacobsen in Denmark. It provides a simple Ruby client library for the Twitter-stream API. A vulnerability exists in Voloko Twitter-stream for trust management issues. The vulnerability stems from th...

apt-listbugs design flaws

apt-listbugs is a security detection tool used to check if software installations and upgrades are safe. A security vulnerability exists in the previous version 0.1.10 of apt-listbugs that stems from the program's unsafe creation of temporary files. An attacker could have unknown effects via...