Drupal SQL Injection

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys. id: CVE-2014-3704 info: name: Drupal SQL...

CVE-2026-3704

creationtimestamp| type| source ---|---|--- 2026-03-08 03:15:59+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3704...

EUVD-2026-3704

Malicious code in terminalbrush PyPI...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003704)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003704 advisory. An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function buildaudioprocunit in the file sound/usb/mixer.c. Tenable h...

MiracleLinux 3 : poppler-0.5.4-4.4.14.0.1.AXS3 (AXSA:2010-461:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-461:02 advisory. Poppler, a PDF rendering library, it's a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. Security issues fixed with th...

Linux Distros Unpatched Vulnerability : CVE-2012-3704

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application...

Linux Distros Unpatched Vulnerability : CVE-2010-3704

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics...

CVE-2025-3704

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DBAR Productions Volunteer Sign Up Sheets allows Stored XSS.This issue affects Volunteer Sign Up Sheets: from n/a before 5.5.5. The patch is available exclusively on GitHub at...

CVE-2025-3704

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DBAR Productions Volunteer Sign Up Sheets pta-volunteer-sign-up-sheets allows Stored XSS.This issue affects Volunteer Sign Up Sheets: from n/a through 5.5.5...

CVE-2025-3704 WordPress Volunteer Sign Up Sheets plugin < 5.5.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DBAR Productions Volunteer Sign Up Sheets allows Stored XSS.This issue affects Volunteer Sign Up Sheets: from n/a before 5.5.5. The patch is available exclusively on GitHub at...

CVE-2025-3704 WordPress Volunteer Sign Up Sheets plugin < 5.5.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DBAR Productions Volunteer Sign Up Sheets pta-volunteer-sign-up-sheets allows Stored XSS.This issue affects Volunteer Sign Up Sheets: from n/a through 5.5.5...

CVE-2025-3704

CVE-2025-3704 concerns the WordPress plugin “Volunteer Sign Up Sheets” by DBAR Productions. The vulnerability is an stored XSS caused by improper input neutralization during web page generation in versions prior to 5.5.5. Public references indicate the patch is available only on GitHub (pt a-volu...

WordPress Volunteer Sign Up Sheets plugin < 5.5.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Poystick Patchstack Alliance in WordPress Plugin Volunteer Sign Up Sheets versions 5.5.5...

CVE-2020-3704

u'While processing invalid connection request PDU which is nonstandard interval or timeout is 0 from central device may lead peripheral system enter into dead lock state.This CVE is equivalent to InvalidConnectionRequestCVE-2019-19193 mentioned in sweyntooth paper' in Snapdragon Auto, Snapdragon...

CVE-2013-3704

The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a...

Linux Distros Unpatched Vulnerability : CVE-2022-3704

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file...

FreeBSD : netatalk3 -- Multiple vulnerabilities (c742dbe8-3704-11ef-9e6e-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c742dbe8-3704-11ef-9e6e-b42e991fc52e advisory. [email protected] reports: This entry documents the following three vulnerabilities: Tenable has...

CVE-2024-3704 SQL Injection vulnerability in OpenGnsys

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d Espeto. This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database...

CVE-2024-3704

OpenGnsys

Rocky Linux 8 : numpy (RLSA-2019:3704)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2019:3704 advisory. - DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary cod...