Vulnerabilities > Salesforce > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-07-01 CVE-2023-26136 Unspecified vulnerability in Salesforce Tough-Cookie
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode.
network
low complexity
salesforce
critical
9.8
2023-01-07 CVE-2016-15012 Unspecified vulnerability in Salesforce Mobile Software Development KIT 3.2.0/4.0.0
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x.
network
low complexity
salesforce
critical
9.8
2021-03-26 CVE-2021-1628 XXE vulnerability in Salesforce Mule
MuleSoft is aware of a XML External Entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers.
network
low complexity
salesforce CWE-611
critical
9.8
2021-03-26 CVE-2021-1627 Server-Side Request Forgery (SSRF) vulnerability in Salesforce Mule
MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers.
network
low complexity
salesforce CWE-918
critical
9.8
2021-03-26 CVE-2021-1626 Unspecified vulnerability in Salesforce Mule
MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers.
network
low complexity
salesforce
critical
9.8