8 matches found
CVE-2026-42047
creationtimestamp| type| source ---|---|--- 2026-05-07 21:51:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlc75oykjj2z 2026-05-08 00:00:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlcgfqfolk2h...
CVE-2026-42047 Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the...
@b3dotfun/b3-api (>=0.0.42 <=0.0.102), @b3dotfun/sdk (>=0.0.27-alpha.1 <=0.1.70-alpha.9) +38 more potentially affected by CVE-2026-42047 via inngest (>=3.22.13 <=3.47.0)
inngest NPM version =3.22.13, =0.0.42, =0.0.27-alpha.1, =1.0.4, =0.0.26, =2.0.5, =0.0.3-canary.1, =0.1.2, =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.0, =0.1.13, =1.0.1-alpha.0, =0.0.1, =1.0.1, =1.0.4-alpha.13 and more Source cves: CVE-2026-42047 Source advisory:...
@b3dotfun/b3-api (>=0.0.42 <=0.0.102), @b3dotfun/sdk (>=0.0.27-alpha.1 <=0.1.70-alpha.9) +38 more potentially affected by CVE-2026-42047 via inngest (>=3.22.13 <=3.47.0)
inngest NPM version =3.22.13, =0.0.42, =0.0.27-alpha.1, =1.0.4, =0.0.26, =2.0.5, =0.0.3-canary.1, =0.1.2, =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.0, =0.1.13, =1.0.1-alpha.0, =0.0.1, =1.0.1, =1.0.4-alpha.13 and more Source cves: CVE-2026-42047 Source advisory:...
CVE-2023-42047
PDF-XChange Editor JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit...
CVE-2023-42047
CVE-2023-42047 concerns PDF-XChange Editor. The issue resides in JP2 file parsing where improper validation of input data can cause memory corruption, enabling arbitrary code execution in the target process. Public descriptions indicate that exploitation requires user interaction (e.g., visiting ...
CVE-2021-42047
creationtimestamp| type| source ---|---|--- 2022-09-29 07:47:52+00:00| seen| https://t.me/cibsecurity/50684...
CVE-2021-42047
CVE-2021-42047 concerns the Growth extension in MediaWiki up to 1.36.2 with Mentor Dashboard enabled. The issue allows an authenticated mentor to trigger a stored XSS payload (for example via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback) by logging in as a mentor. Multiple co...