CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

RedhatCVE•added 2026/02/13 1:30 a.m.•2 views

CVE-2026-26029

sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of childprocess.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation allows attackers to...

7.5CVSS6AI score0.00028EPSS

Exploits0References1

vulnersOsv•added 2025/11/24 9:26 p.m.•3 views

@kitalive/sfdx-plugin (>=0.1.2 <=0.1.3), @salesforce/data (>=0.0.3 <=0.1.8) +4 more potentially affected by unknown CVE via template-lib (=1.1.2)

template-lib NPM version =1.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on template-lib and may be impacted: - @kitalive/sfdx-plugin =0.1.2, =0.0.3, =0.0.3, =51.6.0, =7.94.1, =7.115.1 - sfdx-node =3.1.0 Source cves: unknown CVE Source advisory:...

5.8AI score

Exploits0

RedhatCVE•added 2025/09/25 2:54 a.m.•2 views

CVE-2025-9844

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6...

8.8CVSS6.9AI score0.00068EPSS

Exploits0References1

NVD•added 2025/09/23 2:15 p.m.•2 views

CVE-2025-9844

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6...

8.8CVSS0.00068EPSS

Exploits0References1

vulnersOsv•added 2025/09/23 1:44 p.m.•2 views

@flosum/cli (>=0.0.0 <=0.0.3), @flosum/salesforce (>=1.17.10 <=1.17.12-test.18) potentially affected by CVE-2025-9844 via @salesforce/cli (=2.100.4)

@salesforce/cli NPM version =2.100.4 is affected by a known vulnerability. The following packages have a transitive dependency on @salesforce/cli and may be impacted: - @flosum/cli =0.0.0, =1.17.10, =1.17.12-test.18 Source cves: CVE-2025-9844 Source advisory: SNYK:JS-SALESFORCECLI-13011148...

8.8CVSS7.4AI score0.00068EPSS

Exploits0

Cvelist•added 2025/09/23 1:11 p.m.•6 views

CVE-2025-9844

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6...

0.00068EPSS

Exploits0References1

Vulnrichment•added 2025/09/23 1:11 p.m.•1 views

CVE-2025-9844

Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6...

6.6AI score0.00068EPSS

Exploits0References1

CVE•added 2025/09/23 1:11 p.m.•11 views

CVE-2025-9844

CVE-2025-9844 (Salesforce CLI on Windows) Affected software: Salesforce CLI (Salesforce) on Windows.Root cause: Uncontrolled Search Path Element that can lead to replacement of a trusted executable.Impact: Potential code execution through replacing a trusted executable; CVSS v3.1 base score 8.8 (...

8.8CVSS6.6AI score0.00068EPSS

Exploits0References1

Positive Technologies•added 2025/09/23 12:0 a.m.•1 views

PT-2025-39170

Name of the Vulnerable Software and Affected Versions Salesforce CLI versions prior to 2.106.6 Description A flaw exists in the Salesforce CLI on Windows that allows for malicious DLL injection due to an uncontrolled search path element. This can lead to the replacement of trusted executables...

8.8CVSS6.8AI score0.00068EPSS

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by