Stored XSS in ChatterMate AI chatbot framework versions 1.0.8 and below. The chatbot accepts and renders malicious HTML/JavaScript from user input. PoC and patch available.
Arbitrary file upload in Kalrav AI Agent WordPress plugin due to missing file type validation in the kalrav_upload_file AJAX action.
Argument injection in Salesforce Marketing Cloud Engagement CloudPagesURL component. Second Salesforce Marketing Cloud CVE with same root cause.
Argument injection in Salesforce Marketing Cloud Engagement MicrositeURL component allows command execution. First of four critical Salesforce Marketing Cloud CVEs.
Write-after-free crash in GPU compiler process triggered by unusual GPU shader code loaded from the web. Browser vulnerability through WebGPU shader compilation.
Hardcoded cryptographic key in Salesforce Marketing Cloud Engagement used across CloudPages, Forward to a Friend, Profile Center, and Subscription Center. Fourth critical Salesforce CVE.
Use of broken/risky cryptographic algorithm in Salesforce Marketing Cloud Engagement affecting CloudPages, Forward to a Friend, Profile Center, and Subscription Center components.