GHSA-MG2H-6X62-WPWC Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass

Impact In applications that specify different validation strategies for different content types, it's possible to bypass the validation by providing a slightly altered content type such as with different casing or altered whitespacing before ;. Users using the the following pattern are affected: ...

WordPress WooCommerce License Manager Plugin <= 5.3.1 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce License Manager Type Plugin Vulnerable versions = 5.3.1 Fixed in 5.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29121 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ebf509e643b0 Credits Dave Jong Patchstack...

Phusion Passenger SpawningKit Access Control Error Vulnerability

Phusion Passenger is an Apache module from Phusion Netherlands for deploying Ruby on Rails projects on Apache and Nginx web servers.SpawningKit is one of the components. An access control error vulnerability exists in SpawningKit in versions 5.3.x prior to Phusion Passenger 5.3.2. An attacker cou...