Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nebulab solidus vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-41274
solidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidus_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend compone...
Nebulab Solidus Auth Devise
7.5
CVSSv3
CVE-2021-43805
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus before 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was su...
Nebulab Solidus
5.3
CVSSv3
CVE-2020-15109
In solidus prior to 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without chang...
Nebulab Solidus
4.3
CVSSv3
CVE-2022-31000
solidus_backend is the admin interface for the Solidus e-commerce framework. Versions before 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows malicious users to change the state of an order's adjustments if they ho...
Nebulab Solidus
4.3
CVSSv3
CVE-2021-43846
`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` before 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without ...
Nebulab Solidus
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started