CVE-2025-6448

A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_room.php. The manipulation of the argument room_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Publication date: Sun, 22 Jun 2025 00:00:00 +0000

Cyber News related to CVE-2025-6448

CVE-2025-6448 - A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_room.php. The manipulation of the argument ...
6 months ago

CVE-2007-6448 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6120. Reason: This candidate is a duplicate of CVE-2007-6120. Notes: All CVE users should reference CVE-2007-6120 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com

In Other News: Ukraine Hacks Russia, CVE for Water ICS Attacks, New Intel Xeon CPUs - Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. The activity is associated with the ...
2 years ago Securityweek.com CVE-2023-6448 Volt Typhoon Akira

CVE-2017-6448 - The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file. ...
8 years ago

CVE-2006-6448 - Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the user parameter to vf_memberdetail.asp, and other unspecified vectors. NOTE: The provenance of this information ...
8 years ago

CVE-2016-6448 - A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following products: Cisco Meeting ...
8 years ago

CVE-2008-6448 - Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
8 years ago

CVE-2014-6448 - Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access. ...
5 years ago

CVE-2012-6448 - Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
5 years ago

CVE-2018-6448 - A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host. ...
4 years ago

CVE-2020-6448 - Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ...
3 years ago

CVE-2023-6448 - Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system. ...
10 months ago Tenable.com

CVE-2015-6448 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none ...
55 years ago Tenable.com

CVE-2024-6448 - The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible ...
1 year ago

CVE-2013-6448 - The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary ...
11 years ago

Two-day water outage in remote Irish region caused by pro-Iran hackers - Residents of a remote area on Ireland's west coast were left without water last week due to a cyberattack perpetrated by a pro-Iran hacking group targeting a piece of equipment the hackers complained was made in Israel. The incident affected a ...
2 years ago Therecord.media CVE-2023-6448

MongoDB issues weekend warning of breach The Register - Critical vulnerabilities: The not-patch-Tuesday list. As is usually the case this time of month, the most pressing vulnerabilities of recent days were revealed/patched in Patch Tuesday releases. CVSS 9.8 - So many CVEs: Siemens SIMATIC S7-1500 CPU ...
2 years ago Go.theregister.com CVE-2023-6448 Hunters

CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server. It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
9 months ago Cybersecuritynews.com CVE-2024-5594

Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security - In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers and exploiting vulnerabilities that were only partially addressed by the July 8, ...
5 months ago Krebsonsecurity.com CVE-2025-53770

CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
10 months ago Cybersecuritynews.com CVE-2024-53651 CVE-2025-25067 CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2023-37482 CVE-2024-54015 CVE-2022-38465 CVE-2025-24811 CVE-2025-20615 CVE-2025-24836 CVE-2025-23421 CVE-2024-53977 CVE-2025-23363 CVE-2025-1283 CVE-2025-23403 CVE-2025-26473 CVE-2025-25281 CVE-2025-24861

Apple backports zero-day patches to older iPhones and Macs - Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. Specifically, the latest update for iOS 18.4 and iPadOS 18.4 fixes 77 ...
8 months ago Bleepingcomputer.com CVE-2025-30456

Weekly Cybersecurity Newsletter: Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More - Google has issued an emergency security update for its Chrome browser to address a critical zero-day vulnerability, CVE-2025-6558, that is being actively exploited in the wild. The Node.js project released security updates on July 15, 2025, to fix ...
5 months ago Cybersecuritynews.com CVE-2025-6558

CVE-2025-37859 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago

Hardening Windows Servers - Top Strategies to Prevent Exploits in 2025 - By leveraging the default security enhancements in Windows Server 2025 alongside strategic implementations of Application Control, Attack Surface Reduction, and proper credential management, organizations can significantly reduce their risk exposure ...
7 months ago Cybersecuritynews.com

CISA Warns of Windows NTFS Vulnerability Actively Exploited to Access Sensitive Data - In an era where file system vulnerabilities comprise 23% of KEV entries, the March 2025 advisories serve as a stark reminder: patch, segment, and verify—before attackers exploit the gaps. These flaws CVE-2025-24984, CVE-2025-24991, CVE-2025-24993, ...
9 months ago Cybersecuritynews.com CVE-2025-24984