VYPR
Vendor

Salesforce

Products
11
CVEs
29
Across products
29
Status
Private

Products

11

Recent CVEs

29
View all 29 CVEs →
  • CVE-2026-22586CriJan 24, 2026
    risk 0.64cvss 9.8epss 0.01

    Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud…

  • CVE-2025-43698CriJun 10, 2025
    risk 0.59cvss 9.1epss 0.00

    Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2025

  • CVE-2026-35178CriApr 6, 2026
    risk 0.57cvss 9.8epss 0.00

    Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled…

  • CVE-2025-9844HigSep 23, 2025
    risk 0.57cvss 8.8epss 0.00

    Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6.

  • CVE-2025-43701HigJun 10, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data.  This impacts OmniStudio: before version 254.

  • CVE-2025-43700HigJun 10, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data.  This impacts OmniStudio: before Spring 2025.

  • CVE-2025-43697HigJun 10, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025

  • CVE-2017-15010HigOct 4, 2017
    risk 0.42cvss 7.5epss 0.03

    A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.

  • CVE-2025-43699MedJun 10, 2025
    risk 0.34cvss 5.3epss 0.00

    Client-Side Enforcement of Server-Side Security vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of required permission check.  This impacts OmniStudio: before Spring 2025

  • CVE-2026-34951MedApr 6, 2026
    risk 0.33cvss 6.1epss 0.00

    Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting vulnerability via the footerScripts parameter, which does not sanitize…

  • CVE-2020-12011Jul 16, 2020
    risk 0.01cvss epss 0.29

    A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A…

  • CVE-2026-2298Mar 23, 2026
    risk 0.00cvss epss 0.00

    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 30th, 2026.

  • CVE-2026-22583Jan 24, 2026
    risk 0.00cvss epss 0.01

    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

  • CVE-2026-22582Jan 24, 2026
    risk 0.00cvss epss 0.01

    Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026.

  • CVE-2026-22585Jan 24, 2026
    risk 0.00cvss epss 0.00

    Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects…

  • CVE-2026-22584Jan 9, 2026
    risk 0.00cvss epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.

  • CVE-2025-64322Nov 4, 2025
    risk 0.00cvss epss 0.00

    Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0.

  • CVE-2025-64321Nov 4, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0.

  • CVE-2025-64320Nov 4, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0.

  • CVE-2025-64319Nov 4, 2025
    risk 0.00cvss epss 0.00

    Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1