CVE-2026-3385

A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wrencompiler.c. The manipulation results in uncontrolled recursion. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the...

CVE-2026-3385

creationtimestamp| type| source ---|---|--- 2026-03-01 10:04:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfyifmg4bd2k...

CVE-2026-3385

The CVE-2026-3385 affects wren-lang wren up to 0.4.0. The vulnerability is in resolveLocal (src/vm/wren_compiler.c), causing uncontrolled recursion. Local attack is required. Exploit is public and may be used; reports indicate the project was informed via issue but has not responded. There are no...

EUVD-2026-3385

Calling wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the wewordv member, which on subsequent calls to wordfree may abort the process...

CVE-2011-3385

Cross-site scripting XSS vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307...

CVE-2013-3385

The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance...

CVE-2025-3385

A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Classification Management Page. The manipulation of the argument Classification name leads to cross site scripting. The attack can ...

CVE-2025-3385

creationtimestamp| type| source ---|---|--- 2025-04-08 01:26:24+00:00| seen| https://t.me/cvedetector/22354...

CVE-2025-3385

A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Classification Management Page. The manipulation of the argument Classification name leads to cross site scripting. The attack can ...

CVE-2025-3385 LinZhaoguan pb-cms Classification Management Page cross site scripting

A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Classification Management Page. The manipulation of the argument Classification name leads to cross site scripting. The attack can ...

CVE-2024-42363

Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into the Kubernetes::Util.parsefile method where it is unsafely deserialized using the YAML.loadstream...

CVE-2024-42363

CVE-2024-42363 affects Samson (Zendesk open source web interface for deployment) prior to v3385. The issue stems from the user-controlled parameter “role” entering the Kubernetes::RoleVerificationsController, flowing into RoleConfigFile, then Kubernetes::Util.parse_file where YAML.load_stream des...

CVE-2024-42363 GHSL-2023-136_Samson

Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the RoleConfigFile initializer and then into the Kubernetes::Util.parsefile method where it is unsafely deserialized using the YAML.loadstream...

Samson 安全漏洞

Samson is a Zendesk open source web interface for deployment. A security vulnerability exists in Samson versions prior to v3385 that stems from the presence of insecure deserialization that could lead to remote code execution RCE...

PT-2024-29898 · Unknown · Kubernetes

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 3385 Description: The issue arises from the user-controlled role parameter entering the application in the Kubernetes::RoleVerificationsController. This parameter flows into the RoleConfigFile initializer and then...

CVE-2024-3385

creationtimestamp| type| source ---|---|--- 2024-04-10 20:08:42+00:00| seen| Telegram/KYIaGGUUECfiFFhr1hRQaqqeF1Mr1zoJwWDvL7eDPVKrWpg 2024-04-15 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1270...

CVE-2024-3385

A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the...

CVE-2024-3385 PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled

A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the...

CVE-2024-3385 PAN-OS: Firewall Denial of Service (DoS) when GTP Security is Disabled

A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online. This affects the...

Palo Alto Networks PAN-OS 9.0.x < 9.0.17-h4 / 9.1.x < 9.1.17 / 10.1.x < 10.1.12 / 10.2.x < 10.2.8 / 11.0.x < 11.0.3 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 9.0.x prior to 9.0.17-h4 or 9.1.x prior to 9.1.17 or 10.1.x prior to 10.1.12 or 10.2.x prior to 10.2.8 or 11.0.x prior to 11.0.3. It is, therefore, affected by a vulnerability. - A packet processing mechanism in Palo Alto...