CVE-2023-40050

Upload profile either
through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec
check command with maliciously crafted profile allows remote code execution.

Source: CVE-2023-40050

CVE-2023-37966

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2.

Source: CVE-2023-37966

CVE-2023-42425

An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components.

Source: CVE-2023-42425

CVE-2023-42658

Archive, check and export commands in Chef InSpec
prior to 4.56.58 and 5.22.29 allow local command execution via maliciously
crafted profile.

Source: CVE-2023-42658

CVE-2023-31212

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through 1.3.0.

Source: CVE-2023-31212

CVE-2023-37243

The C:WindowsTempAgent.Package.AvailabilityAgent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:WindowsTempAgent.Package.Availability folder inherits permissions from C:WindowsTemp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.

Source: CVE-2023-37243

CVE-2023-33927

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19.

Source: CVE-2023-33927

CVE-2023-36508

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1.

Source: CVE-2023-36508

CVE-2023-24410

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Contact Form – WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25.

Source: CVE-2023-24410

CVE-2023-35879

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78.

Source: CVE-2023-35879