Network Content Inspection Rules
Default Rule:
Enable
Disable
| Rule ID | Rule Description | Confidence Level | DDI Default Rule | Network Content Inspection Pattern Release Date | ||
|---|---|---|---|---|---|---|
| DDI RULE 5708 | CVE-2025-0232 - CODEZIPS BLOODBANK EXPLOIT - HTTP(Request) | 2026/03/12 | DDI RULE 5708 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5708 | ||
| DDI RULE 5709 | CVE-2024-20439 - CISCO CSLU EXPLOIT - HTTP(Request) | 2026/03/12 | DDI RULE 5709 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5709 | ||
| DDI RULE 5643 | CVE-2025-55183 - React Server Information Leak Exploit - HTTP(Request) | 2026/02/05 | DDI RULE 5643 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5643 | ||
| DDI RULE 5640 | CVE-2025-12197 - EVENTS URILIB EXPLOIT - HTTP(Request) | 2026/02/04 | DDI RULE 5640 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5640 | ||
| DDI RULE 5641 | CVE-2025-13661 - LOCALHOST CAB TRAVERSAL EXPLOIT - HTTP(Response) | 2026/02/04 | DDI RULE 5641 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5641 | ||
| DDI RULE 5642 | CVE-2025-68614 - API GENERIC SCRIPTINJECT EXPLOIT - HTTP(Request) | 2026/02/04 | DDI RULE 5642 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5642 | ||
| DDI RULE 5604 | CVE-2025-58360 - OSGeo GeoServer SSRF Exploit - HTTP (Response) | 2026/02/03 | DDI RULE 5604 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5604 | ||
| DDI RULE 5636 | CVE-2025-37164 - HPE OneView RCE Exploit - HTTP (Request) | 2026/02/03 | DDI RULE 5636 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5636 | ||
| DDI RULE 5637 | CVE-2025-13486 - WordPress RCE Exploit - HTTP (Request) | 2026/02/03 | DDI RULE 5637 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5637 | ||
| DDI RULE 5635 | GoBuster - HTTP (Request) | 2026/01/29 | DDI RULE 5635 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5635 | ||
| DDI RULE 5630 | CVE-2023-52163 - Digiever Command Injection Exploit - HTTP (Request) | 2026/01/28 | DDI RULE 5630 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5630 | ||
| DDI RULE 5631 | CVE-2018-10561 - Dasan GPON RCE Exploit - HTTP(Request) | 2026/01/28 | DDI RULE 5631 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5631 | ||
| DDI RULE 5632 | CVE-2018-4063 - Sierra Wireless AirLink Remote Code Execution Exploit - HTTP (Request) | 2026/01/28 | DDI RULE 5632 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5632 | ||
| DDI RULE 5633 | CVE-2017-18369 - Billion router Command Injection Exploit - HTTP (Request) | 2026/01/28 | DDI RULE 5633 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5633 | ||
| DDI RULE 5634 | CVE-2025-7414 -Tenda O3V2 Router Command Injection Vulnerability Exploit - HTTP(Request) | 2026/01/28 | DDI RULE 5634 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5634 | ||
| DDI RULE 5618 | CVE-2025-9900 - TIFF File Upload Large Image Length Exploit - HTTP (Response) | 2026/01/27 | DDI RULE 5618 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5618 | ||
| DDI RULE 5625 | CVE-2023-35813 - Sitecore Remote Code Execution Exploit - HTTP (Request) | 2026/01/27 | DDI RULE 5625 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5625 | ||
| DDI RULE 5629 | CVE-2026-24061 - GNU InetUtils telnetd AuthBypass Exploit - TCP (Request) | 2026/01/27 | DDI RULE 5629 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5629 | ||
| DDI RULE 5616 | NTLM Relay via WebDAV PropFind Method - HTTP(Response) | 2026/01/26 | DDI RULE 5616 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5616 | ||
| DDI RULE 5622 | CVE-2026-0759 - Katana Network Development Starter Kit RCE Exploit - HTTP (Request) | 2026/01/21 | DDI RULE 5622 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5622 | ||
| DDI RULE 5623 | CVE-2026-0756 - github-kanban-mcp-server execAsync RCE Exploit - HTTP(Request) | 2026/01/21 | DDI RULE 5623 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5623 | ||
| DDI RULE 5624 | CVE-2026-0772 - Langflow Disk Cache Deserialization RCE Exploit - HTTP(Request) | 2026/01/21 | DDI RULE 5624 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5624 | ||
| DDI RULE 5626 | CVE-2026-0766 - NOpen WebUI load_tool_module_by_id RCE Exploit - HTTP(Request) | 2026/01/21 | DDI RULE 5626 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5626 | ||
| DDI RULE 5627 | CVE-2026-0761 - Foundation Agents MetaGPT Mapping RCE Exploit - HTTP(Request) | 2026/01/21 | DDI RULE 5627 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5627 | ||
| DDI RULE 5619 | CVE-2025-53645 - Zimbra DOS Exploit - HTTP (Request) | 2026/01/19 | DDI RULE 5619 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5619 | ||
| DDI RULE 5620 | CVE-2025-8088 - WinRAR Directory Traversal Exploit - HTTP (Response) | 2026/01/19 | DDI RULE 5620 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5620 | ||
| DDI RULE 5617 | CVE-2025-55182 - RSC NEXTJS Unicode RCE Exploit - HTTP (Request) | 2026/01/15 | DDI RULE 5617 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5617 | ||
| DDI RULE 5615 | CVE-2025-15061 - Framelink Figma MCP Server fetchWithRetry RCE Exploit - HTTP(Request) | 2026/01/14 | DDI RULE 5615 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5615 | ||
| DDI RULE 5594 | CVE-2025-53417 - DIAview Directory Traversal Exploit AG - HTTP(Response) | 2026/01/13 | DDI RULE 5594 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5594 | ||
| DDI RULE 5613 | CVE-2025-14931 - Hugging Face smolagents Remote Python Executor RCE Exploit - HTTP (Request) | 2026/01/12 | DDI RULE 5613 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5613 | ||
| DDI RULE 5614 | CVE-2025-64447 - Fortinet FortiWeb ApacheCookie_parse Auth Bypass Exploit - HTTP(Request) | 2026/01/12 | DDI RULE 5614 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5614 | ||
| DDI RULE 5605 | CVE-2025-59718 - Fortinet FortiOS Authentication Bypass Exploit - HTTP (Response) | 2026/01/07 | DDI RULE 5605 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5605 | ||
| DDI RULE 5603 | CVE-2021-26828 - Mismatch File Upload leading to RCE Exploit - HTTP (Response) | 2026/01/06 | DDI RULE 5603 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5603 | ||
| DDI RULE 5612 | CVE-2025-14500 - IceWarp14 X-File-Operation RCE Exploit - HTTP (Request) | 2026/01/06 | DDI RULE 5612 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5612 | ||
| DDI RULE 5592 | CVE-2025-12490 - Netgate pfSense Directory Traversal Exploit - HTTP (Request) | 2026/01/05 | DDI RULE 5592 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5592 | ||
| DDI RULE 5610 | CVE-2025-61734 - Apache Kylin downloadMetadataBackTmpFile Exploit Request - HTTP(Request) | 2025/12/29 | DDI RULE 5610 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5610 | ||
| DDI RULE 5609 | CVE-2023-50291 - Apache Solr Insecure Endpoint Exploit - HTTP (Request) | 2025/12/22 | DDI RULE 5609 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5609 | ||
| DDI RULE 5587 | PNIO-CM Profinet Sensor - UDP(Request) | 2025/12/18 | DDI RULE 5587 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5587 | ||
| DDI RULE 5599 | CVE-2025-5946 - Centreon Authenticated Remote Code Execution - HTTP (Response) | 2025/12/18 | DDI RULE 5599 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5599 | ||
| DDI RULE 5601 | IEC61850 MMS SENSOR - TCP (Request) | 2025/12/18 | DDI RULE 5601 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5601 | ||
| DDI RULE 5606 | CVE-2025-62391 - Ivanti Endpoint Manager PatchHistory SQL Inj RCE Exploit - HTTP (Request) | 2025/12/18 | DDI RULE 5606 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5606 | ||
| DDI RULE 5607 | CGI CHANGE PASSWORD EXPLOIT - HTTP(Request) | 2025/12/18 | DDI RULE 5607 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5607 | ||
| DDI RULE 5583 | CVE-2025-59538 - Argo CD DOS Exploit - HTTP(Response) | 2025/12/16 | DDI RULE 5583 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5583 | ||
| DDI RULE 5602 | CVE-2025-12686 - Synology auth_info Overflow Exploit - HTTP(Request) | 2025/12/16 | DDI RULE 5602 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5602 | ||
| DDI RULE 5593 | CVE-2025-64163 - DataEase Server SSRF Exploit - HTTP(Request) | 2025/12/15 | DDI RULE 5593 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5593 | ||
| DDI RULE 5600 | CVE-2025-34175 - Netgate pfSense XSS Exploit - HTTP (Request) | 2025/12/15 | DDI RULE 5600 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5600 | ||
| DDI RULE 5591 | Apache Tomcat Improper Encoding Exploit - HTTP (Response) | 2025/12/10 | DDI RULE 5591 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5591 | ||
| DDI RULE 5596 | (0Day) Microsoft SharePoint GetTransformer Unsafe Reflection Denial-of-Service Vulnerability - HTTP (Request) | 2025/12/10 | DDI RULE 5596 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5596 | ||
| DDI RULE 5597 | CVE-2025-61733 - Apache Kylin Authentication Bypass - HTTP(Request) | 2025/12/10 | DDI RULE 5597 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5597 | ||
| DDI RULE 5595 | CVE-2025-55182 - RSC NEXTJS RCE Exploit - HTTP (Request) | 2025/12/06 | DDI RULE 5595 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5595 | ||
| DDI RULE 5584 | CVE-2025-62411 - LibreNMS Alert Transport Stored Cross-Site Scripting Exploit - HTTP(Response) | 2025/12/04 | DDI RULE 5584 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5584 | ||
| DDI RULE 5582 | MSSQL Successful Logon - TCP(Response) | 2025/12/03 | DDI RULE 5582 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5582 | ||
| DDI RULE 5585 | Microsoft SharePoint IsAuthorizedType Deserialization of Untrusted Data DoS Exploit - HTTP (Request) | 2025/12/03 | DDI RULE 5585 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5585 | ||
| DDI RULE 5589 | CVE-2025-40755 - Siemens SINEC NMS System Monitoring SQL Injection Exploit - HTTP(Request) | 2025/12/03 | DDI RULE 5589 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5589 | ||
| DDI RULE 5590 | NETGEAR DGN1000 Unauthenticated Remote Code Execution - HTTP (Request) | 2025/12/02 | DDI RULE 5590 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5590 | ||
| DDI RULE 5586 | CVE-2025-61757 - Oracle Fusion Authentication Bypass Exploit - HTTP (Response) | 2025/12/01 | DDI RULE 5586 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5586 | ||
| DDI RULE 5576 | LUMMASTEALER TRAVERSAL - HTTP(Response) | 2025/11/27 | DDI RULE 5576 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5576 | ||
| DDI RULE 5558 | CVE-2025-54447 - Samsung MagicINFO 9 Server RCE Exploit - HTTP (Request) | 2025/11/26 | DDI RULE 5558 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5558 | ||
| DDI RULE 5574 | Possible CVE-2025-64446 - FortiWeb Path Traversal Exploit - HTTP (Response) | 2025/11/26 | DDI RULE 5574 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5574 | ||
| DDI RULE 5575 | Possible CVE-2025-12480 - Gladinet Triofox Authentication Bypass Exploit - HTTP (Response) | 2025/11/26 | DDI RULE 5575 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5575 | ||
| DDI RULE 5588 | SHULUD GIT - HTTP(REQUEST) | 2025/11/26 | DDI RULE 5588 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5588 | ||
| DDI RULE 5581 | CVE-2025-9242 - WatchGuard Firebox Authentication Bypass Exploit - HTTP (Request) | 2025/11/24 | DDI RULE 5581 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5581 | ||
| DDI RULE 5580 | CVE-2025-53378 - Trend Micro Worry-Free Business Security Missing Authentication Exploit - HTTP (Response) | 2025/11/20 | DDI RULE 5580 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5580 | ||
| DDI RULE 5563 | CVE-2025-12489 - Evernote openBrowser Command Injection Privilege Escalation Exploit - HTTP(Response) | 2025/11/19 | DDI RULE 5563 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5563 | ||
| DDI RULE 5577 | CVE-2025-6023 - Grafana Labs Cross-Site Scripting Exploit - HTTP (Request) | 2025/11/19 | DDI RULE 5577 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5577 | ||
| DDI RULE 5578 | CVE-2025-37106 - Hewlett AutoPass License Server Hardcoded Credentials Exploit - TCP (Request) | 2025/11/19 | DDI RULE 5578 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5578 | ||
| DDI RULE 5579 | CVE-2025-27225 - TRUfusion Enterprise Unauthenticated Information-Disclosure Exploit - HTTP(Response) | 2025/11/19 | DDI RULE 5579 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5579 | ||
| DDI RULE 5531 | SUSPICIOUS LOGIN SUCCESS - HTTP(Request) | 2025/11/18 | DDI RULE 5531 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5531 | ||
| DDI RULE 5532 | WEBSOCKET SSH TUNNEL - HTTP(Request) | 2025/11/18 | DDI RULE 5532 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5532 | ||
| DDI RULE 5561 | CVE-2025-12488 - oobabooga Reliance on Untrusted Inputs Remote Code Execution Exploit - HTTP(Request) | 2025/11/17 | DDI RULE 5561 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5561 | ||
| DDI RULE 5565 | CVE-2025-48703 - CentOS Web Panel Command Injection Exploit - HTTP (Request) | 2025/11/13 | DDI RULE 5565 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5565 | ||
| DDI RULE 5571 | Suspicious HASSH Client - SSH (Request) | 2025/11/12 | DDI RULE 5571 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5571 | ||
| DDI RULE 5567 | PromptLock AI Ransomware - HTTP (Request) | 2025/11/11 | DDI RULE 5567 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5567 | ||
| DDI RULE 5568 | Microsoft Exchange PowerShell NTLM Relay Exploit - HTTP(Request) | 2025/11/11 | DDI RULE 5568 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5568 | ||
| DDI RULE 5569 | CVE-2025-62383 - Ivanti Endpoint Manager SQL Injection Exploit - HTTP (Request) | 2025/11/11 | DDI RULE 5569 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5569 | ||
| DDI RULE 5570 | CVE-2025-62389 - Ivanti Endpoint Manager SQL Injection Exploit - HTTP (Request) | 2025/11/11 | DDI RULE 5570 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5570 | ||
| DDI RULE 5564 | CVE-2025-10203 - Digilent WaveForms DWF3WORK File Traversal Exploit - HTTP(Response) | 2025/11/10 | DDI RULE 5564 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5564 | ||
| DDI RULE 5566 | MSSQL Unsuccessful Logon - TCP(Response) | 2025/11/06 | DDI RULE 5566 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5566 | ||
| DDI RULE 5562 | CVE-2025-24893 - XWiki SolrSearchMacros text Code Injection Exploit - HTTP(Response) | 2025/11/05 | DDI RULE 5562 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5562 | ||
| DDI RULE 5557 | CVE-2025-37107 - Hewlett AutoPass License Server Authentication Bypass Exploit - TCP (Request) | 2025/11/04 | DDI RULE 5557 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5557 | ||
| DDI RULE 5559 | LLMNR Query Response - Variant 2 | 2025/10/30 | DDI RULE 5559 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5559 | ||
| DDI RULE 5547 | CVE-2025-6806 - Marvell QConvergeConsole decryptFile Directory Traversal Exploit - HTTP(Response) | 2025/10/29 | DDI RULE 5547 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5547 | ||
| DDI RULE 5551 | CVE-2025-25271 - Phoenix Contact CHARX SEC-3150 OCPP Authentication Bypass Exploit - HTTP(Response) | 2025/10/29 | DDI RULE 5551 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5551 | ||
| DDI RULE 5560 | CVE-2025-54926 - Ecostruxure Traversal Exploit - HTTP(Request) | 2025/10/29 | DDI RULE 5560 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5560 | ||
| DDI RULE 5544 | CVE-2025-6801 - Marvell QConvergeConsole Directory Traversal Exploit - HTTP(Response) | 2025/10/28 | DDI RULE 5544 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5544 | ||
| DDI RULE 5556 | QNAP TS-464 Authentication Bypass Vulnerability - HTTP (Request) | 2025/10/28 | DDI RULE 5556 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5556 | ||
| DDI RULE 5545 | CVE-2025-6805 - Marvell QConvergeConsole Directory Traversal Exploit - HTTP(Response) | 2025/10/27 | DDI RULE 5545 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5545 | ||
| DDI RULE 5553 | Oracle E-Business Remote Code Execution Exploit Sensor - HTTP(Response) | 2025/10/27 | DDI RULE 5553 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5553 | ||
| DDI RULE 5554 | CVE-2025-5947 - WordPress Authentication Bypass Exploit- HTTP(Request) | 2025/10/27 | DDI RULE 5554 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5554 | ||
| DDI RULE 5555 | CVE-2025-8426 - Marvell QConvergeConsole Directory Traversal Exploit - HTTP (Request) | 2025/10/27 | DDI RULE 5555 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5555 | ||
| DDI RULE 5540 | CVE-2025-5961 - AJAX EXPLOIT - HTTP(Response) | 2025/10/22 | DDI RULE 5540 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5540 | ||
| DDI RULE 5552 | CVE-2025-8297 - Ivanti Avalanche RCE Exploit - HTTP(Request) | 2025/10/22 | DDI RULE 5552 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5552 | ||
| DDI RULE 5550 | CVE-2025-40775 - ISC Bind DOS Exploit - DNS(Request) | 2025/10/21 | DDI RULE 5550 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5550 | ||
| DDI RULE 5516 | CVE-2019-12526 - SQUID EXPLOIT - HTTP(Response) | 2025/10/16 | DDI RULE 5516 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5516 | ||
| DDI RULE 5534 | Samsung MagicINFO 9 Traversal RCE Exploit - HTTP(Request) | 2025/10/16 | DDI RULE 5534 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5534 | ||
| DDI RULE 5542 | CVE-2025-54466 - RCE APACHE EXPLOIT - HTTP(Request) | 2025/10/16 | DDI RULE 5542 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5542 | ||
| DDI RULE 5548 | CVE-2025-53609 - Fortinet FortiWeb Directory Traversal Exploit - HTTP(Response) | 2025/10/16 | DDI RULE 5548 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5548 | ||
| DDI RULE 5546 | POSSIBLE WSUS RCE EXPLOIT - HTTP(Request) | 2025/10/15 | DDI RULE 5546 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5546 | ||
| DDI RULE 5521 | CVE-2025-10035 - Fortra GoAnywhere MFT Deserialization Exploit - HTTP (Response) | 2025/10/14 | DDI RULE 5521 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5521 | ||
| DDI RULE 5515 | Matchboil Downloader- HTTP (Request) | 2025/10/13 | DDI RULE 5515 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5515 | ||
| DDI RULE 5526 | SPOOLSS Enumeration via Endpoint Mapper Sensor - DCE-RPC (Request) | 2025/10/13 | DDI RULE 5526 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5526 | ||
| DDI RULE 5530 | DNS Query for SOA Record Sensor - DNS (Response) | 2025/10/13 | DDI RULE 5530 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5530 | ||
| DDI RULE 5541 | Machine requested TGS for Administrator - Kerberos (Request) | 2025/10/13 | DDI RULE 5541 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5541 | ||
| DDI RULE 5543 | Suspicious SAMR Enumeration via Endpoint Mapper Sensor - DCE-RPC (Request) | 2025/10/13 | DDI RULE 5543 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5543 | ||
| DDI RULE 5511 | CVE-2025-26319 - FlowiseAI Flowise attachments Directory Traversal Exploit - HTTP(Response) | 2025/10/09 | DDI RULE 5511 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5511 | ||
| DDI RULE 5519 | CVE-2025-53417 - DIAview Directory Traversal Exploit - HTTP(Response) | 2025/10/09 | DDI RULE 5519 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5519 | ||
| DDI RULE 5535 | CVE-2025-7913 - TOTOLINK Buffer Overflow Exploit - TCP(Request) | 2025/10/09 | DDI RULE 5535 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5535 | ||
| DDI RULE 5537 | CVE-2025-52367 - PivotX CMS Cross Site Scripting Exploit- HTTP(Request) | 2025/10/09 | DDI RULE 5537 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5537 | ||
| DDI RULE 5539 | CVE-2025-7912 - TOTOLINK Buffer Overflow Exploit - TCP(Request) | 2025/10/09 | DDI RULE 5539 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5539 | ||
| DDI RULE 5522 | CVE-2025-1829 - TOTOLINK Command Injection Exploit - HTTP(Request) | 2025/10/08 | DDI RULE 5522 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5522 | ||
| DDI RULE 5524 | NetExec PetitPotam RCE Attempt - HTTP (Request) | 2025/10/08 | DDI RULE 5524 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5524 | ||
| DDI RULE 5527 | Suspicious Search DNS Node Object Query - LDAP (Request) | 2025/10/08 | DDI RULE 5527 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5527 | ||
| DDI RULE 5529 | AddRequest to DomainDnsZones Sensor - LDAP (Request) | 2025/10/08 | DDI RULE 5529 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5529 | ||
| DDI RULE 5533 | Samsung MagicINFO 9 File RCE Exploit - HTTP(Request) | 2025/10/08 | DDI RULE 5533 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5533 | ||
| DDI RULE 5538 | CVE-2025-59528 - Flowise CustomMCP Remote Code Execution Exploit- HTTP(Request) | 2025/10/08 | DDI RULE 5538 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5538 | ||
| DDI RULE 5536 | CVE-2025-61882 - Oracle Remote Code Execution Exploit - HTTP(Request) | 2025/10/07 | DDI RULE 5536 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5536 | ||
| DDI RULE 5488 | CVE-2025-20352 - Cisco IOS and IOS XE Overflow Exploit - SNMP(Request) | 2025/10/06 | DDI RULE 5488 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5488 | ||
| DDI RULE 5514 | EncryptHubRecon Trojan - HTTP (Request) | 2025/10/06 | DDI RULE 5514 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5514 | ||
| DDI RULE 5525 | Impacket RCE Attempt - HTTP (Request) | 2025/10/06 | DDI RULE 5525 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5525 | ||
| DDI RULE 5513 | RevLynx Backdoor - HTTP (Request) | 2025/10/02 | DDI RULE 5513 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5513 | ||
| DDI RULE 5517 | CVE-2025-26399 - Solarwinds RCE Exploit - HTTP(Request) | 2025/10/02 | DDI RULE 5517 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5517 | ||
| DDI RULE 5520 | CVE-2025-25256 - Fortinet FortiSIEM Command Injection - TCP(Request) | 2025/10/02 | DDI RULE 5520 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5520 | ||
| DDI RULE 5512 | CVE-2025-53772 - Web Deploy RCE Exploit - HTTP (Request) | 2025/10/01 | DDI RULE 5512 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5512 | ||
| DDI RULE 5518 | CVE-2025-32821 - Sonic Wall Directory Traversal Exploit - HTTP (Request) | 2025/10/01 | DDI RULE 5518 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5518 | ||
| DDI RULE 5505 | CVE-2025-7775 - NetScaler ADC and NetScaler Gateway Remote Code Execution - HTTP(Response) | 2025/09/23 | DDI RULE 5505 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5505 | ||
| DDI RULE 5509 | CVE-2025-53475 - Advantech iView NetworkServlet SQL Injection Exploit - HTTP(Response | 2025/09/23 | DDI RULE 5509 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5509 | ||
| DDI RULE 5510 | CVE-2025-40597 - SonicWall SMA100 Heap Buffer Overflow Exploit - HTTP(Request) | 2025/09/23 | DDI RULE 5510 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5510 | ||
| DDI RULE 5496 | CVE-2025-1302 JSONPath-Plus Remote Code Execution Exploit Attempt - HTTP (Request) | 2025/09/22 | DDI RULE 5496 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5496 | ||
| DDI RULE 5506 | MCP Server Prompt Lists - HTTP(Request) | 2025/09/17 | DDI RULE 5506 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5506 | ||
| DDI RULE 5507 | MCP Server Prompt Get - HTTP(Request) | 2025/09/17 | DDI RULE 5507 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5507 | ||
| DDI RULE 5508 | MCP Server Client Notification - HTTP(Request) | 2025/09/17 | DDI RULE 5508 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5508 | ||
| DDI RULE 5504 | CVE-2024-8069 - Citrix Session Recording Remote Code Execution Exploit - HTTP (Request) | 2025/09/16 | DDI RULE 5504 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5504 | ||
| DDI RULE 5482 | MCP Server Tools Discovery - HTTP (Request) | 2025/09/15 | DDI RULE 5482 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5482 | ||
| DDI RULE 5483 | MCP Server Tools Execution - HTTP (Request) | 2025/09/15 | DDI RULE 5483 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5483 | ||
| DDI RULE 5484 | MCP Server Resource Discovery - HTTP (Request) | 2025/09/15 | DDI RULE 5484 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5484 | ||
| DDI RULE 5485 | MCP Server Resource Retrieval - HTTP (Request) | 2025/09/15 | DDI RULE 5485 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5485 | ||
| DDI RULE 5502 | CVE-2025-54309 CrushFTP Authentication Bypass Exploit - HTTP (Response) | 2025/09/11 | DDI RULE 5502 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5502 | ||
| DDI RULE 5503 | CVE-2025-54918 - PRIVILEGE ESCALATION EXPLOIT - DCERPC (Response) | 2025/09/11 | DDI RULE 5503 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5503 | ||
| DDI RULE 5501 | CVE-2024-51092 - LibreNMS Command Injection - HTTP (Request) | 2025/09/10 | DDI RULE 5501 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5501 | ||
| DDI RULE 5499 | Possible CVE-2023-23752 Authentication Bypass Exploit - HTTP (Response) | 2025/09/09 | DDI RULE 5499 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5499 | ||
| DDI RULE 5497 | UDP Controller - UDP (Request) | 2025/09/08 | DDI RULE 5497 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5497 | ||
| DDI RULE 5495 | CVE-2025-54253 Adobe EM Remote Code Execution Exploit - HTTP (Request) | 2025/09/03 | DDI RULE 5495 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5495 | ||
| DDI RULE 5493 | CVE-2025-23320 - NVIDIA Triton SharedMemoryManager Information Disclosure Exploit - HTTP (Request) | 2025/09/01 | DDI RULE 5493 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5493 | ||
| DDI RULE 5494 | CVE-2025-23318 - NVIDIA Triton Inference Server IPC Remote Code Execution Exploit - HTTP (Response) | 2025/09/01 | DDI RULE 5494 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5494 | ||
| DDI RULE 5490 | MCP Sampling Request - HTTP (Request) | 2025/08/28 | DDI RULE 5490 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5490 | ||
| DDI RULE 5491 | MCP Elicitation Request - HTTP (Request) | 2025/08/28 | DDI RULE 5491 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5491 | ||
| DDI RULE 5492 | CVE-2013-3893 MS Internet Explorer RCE Exploit - HTTP (Response) | 2025/08/28 | DDI RULE 5492 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5492 | ||
| DDI RULE 5481 | MCP Initialize Communication - HTTP (Response) | 2025/08/27 | DDI RULE 5481 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5481 | ||
| DDI RULE 5480 | Malicious PKL Extension Sensor - HTTP (Response) | 2025/08/20 | DDI RULE 5480 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5480 | ||
| DDI RULE 5486 | CVE-2025-53778 - PRIVILEGE ESCALATION EXPLOIT - DCERPC (Response) | 2025/08/20 | DDI RULE 5486 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5486 | ||
| DDI RULE 5464 | CVE-2023-7028 Authentication Bypass Exploit - HTTP (Request) | 2025/08/14 | DDI RULE 5464 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5464 | ||
| DDI RULE 5468 | CVE-2025-4427 and CVE-2025-4428 Authentication Bypass Exploit - HTTP (Response) | 2025/08/14 | DDI RULE 5468 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5468 | ||
| DDI RULE 5474 | CVE-2025-7910 - D-Link DIR-513 1.10 curTime leads to Buffer Overflow Exploit - HTTP (Request) | 2025/08/14 | DDI RULE 5474 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5474 | ||
| DDI RULE 5476 | CVE-2024-7399 - MAGICINFO PATH TRAVERSAL - HTTP (Request) | 2025/08/14 | DDI RULE 5476 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5476 | ||
| DDI RULE 5477 | CISCO ISE RCE - HTTP (Request) | 2025/08/14 | DDI RULE 5477 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5477 | ||
| DDI RULE 5478 | CVE-2025-49718 - SQL SERVER INFO DISCLOSURE - TCP (Request) | 2025/08/14 | DDI RULE 5478 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5478 | ||
| DDI RULE 5479 | CVE-2024-1212 Progress Kemp LoadMaster Command Injection Exploit - HTTP (Request) | 2025/08/14 | DDI RULE 5479 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5479 | ||
| DDI RULE 5475 | CVE-2025-7862 - TOTOLINK Improper Authentication Exploit - HTTP (Request) | 2025/08/13 | DDI RULE 5475 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5475 | ||
| DDI RULE 5472 | CVE-2022-46169 - Cacti Command Injection Exploit - HTTP (Request) | 2025/08/12 | DDI RULE 5472 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5472 | ||
| DDI RULE 5465 | RAVEN STEALER DATAEXFIL - HTTP (Request) | 2025/08/11 | DDI RULE 5465 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5465 | ||
| DDI RULE 5469 | CVE-2025-54440 - SAMSUNG MAGICINFO RCE EXPLOIT - HTTP (Request) | 2025/08/11 | DDI RULE 5469 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5469 | ||
| DDI RULE 5470 | CVE-2025-34112 - RIVERBED SQLINJECTION - HTTP (Request) | 2025/08/11 | DDI RULE 5470 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5470 | ||
| DDI RULE 5471 | CVE-2025-4779 - LUNARYAI XSS - HTTP (Request) | 2025/08/11 | DDI RULE 5471 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5471 | ||
| DDI RULE 5463 | Trend Micro ApexOne Command Injection Exploit Attempt - HTTP (Request) | 2025/08/06 | DDI RULE 5463 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5463 | ||
| DDI RULE 5466 | CVE-2023-2533 - PAPERCUT CSRF EXPLOIT - HTTP (Request) | 2025/08/06 | DDI RULE 5466 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5466 | ||
| DDI RULE 5467 | CVE-2025-6811 - MESCIUS ACTIVEREPORTSNET RCE - HTTP (Response) | 2025/08/06 | DDI RULE 5467 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5467 | ||
| DDI RULE 5445 | CVE-2025-25257 - FortiWeb SQL Injection Exploit - HTTP (Response) | 2025/08/04 | DDI RULE 5445 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5445 | ||
| DDI RULE 5451 | CVE-2019-9621 - Zimbra SSRF Exploit - HTTP (Response) | 2025/08/04 | DDI RULE 5451 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5451 | ||
| DDI RULE 5455 | CVE-2024-54085 - AMI AUTHBYPASS EXPLOIT - HTTP (Request) | 2025/07/30 | DDI RULE 5455 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5455 | ||
| DDI RULE 5456 | CVE-2025-6802 - MARVELL QCONVERGECONSOLE RCE EXPLOIT ATTEMPT - HTTP (Request) | 2025/07/30 | DDI RULE 5456 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5456 | ||
| DDI RULE 5457 | CVE-2025-6794 - MARVELL QCONVERGECONSOLE RCE EXPLOIT ATTEMPT - HTTP (Request) | 2025/07/30 | DDI RULE 5457 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5457 | ||
| DDI RULE 5460 | CVE-2023-34048 - VMware vCenter Server Authentication Pointer Use of Out-of-range Pointer Offset Exploit - TCP (Request) | 2025/07/30 | DDI RULE 5460 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5460 | ||
| DDI RULE 5462 | CVE-2025-47981 - NEGOEX RCE Exploit- SMB2 (Request) | 2025/07/30 | DDI RULE 5462 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5462 | ||
| DDI RULE 5423 | SockDetours Magic Number - TCP(Request) | 2025/07/29 | DDI RULE 5423 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5423 | ||
| DDI RULE 5439 | CVE-2025-47812 - Wing FTP Server Command Injection Exploit - HTTP (Response) | 2025/07/29 | DDI RULE 5439 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5439 | ||
| DDI RULE 5444 | CVE-2025-20281 - CISCO ISE ERS RCE - HTTP (Request) | 2025/07/28 | DDI RULE 5444 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5444 | ||
| DDI RULE 5452 | CVE-2025-20281 - Cisco Identity Services Engine RCE Exploit - HTTP(Request) | 2025/07/25 | DDI RULE 5452 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5452 | ||
| DDI RULE 5453 | CVE-2025-20337 - Cisco Identity Services Engine Deserialization RCE Exploit - HTTP(Request) | 2025/07/25 | DDI RULE 5453 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5453 | ||
| DDI RULE 5454 | CVE-2025-20282 - Cisco Identity Services Engine File Upload Exploit - HTTP(Request) | 2025/07/25 | DDI RULE 5454 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5454 | ||
| DDI RULE 5447 | NETBIOS DEVICES DISCOVERY - UDP(RESPONSE) | 2025/07/23 | DDI RULE 5447 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5447 | ||
| DDI RULE 5424 | Encoded EXE File transfer - FTP(Request) | 2025/07/22 | DDI RULE 5424 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5424 | ||
| DDI RULE 5440 | CVE-2024-28988 - SOLARWINDS RCE - HTTP (Request) | 2025/07/22 | DDI RULE 5440 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5440 | ||
| DDI RULE 5442 | CVE-2025-6543 - CITRIX NETSCALERADC MEMLEAK - HTTP (Request) | 2025/07/22 | DDI RULE 5442 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5442 | ||
| DDI RULE 5446 | CVE-2025-53770 - Sharepoint Deserialization Exploit - HTTP (Request) | 2025/07/22 | DDI RULE 5446 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5446 | ||
| DDI RULE 5449 | CVE-2021-28474 - Sharepoint Server RCE Exploit - HTTP(Request) | 2025/07/22 | DDI RULE 5449 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5449 | ||
| DDI RULE 5438 | ONELOGIN ADMINAPI - HTTP (Request) | 2025/07/17 | DDI RULE 5438 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5438 | ||
| DDI RULE 5441 | CVE-2024-3721 - TBK DVR RCE - HTTP (Request) | 2025/07/17 | DDI RULE 5441 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5441 | ||
| DDI RULE 5443 | CVE-2025-5777 - CITRIX BLEED MEMORY OVERFLOW - HTTP (Request) | 2025/07/17 | DDI RULE 5443 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5443 | ||
| DDI RULE 5422 | WEBSOCKET UPGRADE - HTTP(Response) | 2025/07/16 | DDI RULE 5422 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5422 | ||
| DDI RULE 5437 | Possible DNS Tunneling - DNS (Response) - Variant 3 | 2025/07/16 | DDI RULE 5437 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5437 | ||
| DDI RULE 5436 | CVE-2016-10033 - PHPMailer RCE Exploit - HTTP (Request) | 2025/07/14 | DDI RULE 5436 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5436 | ||
| DDI RULE 5432 | CVE-2023-39780 - ASUS Command Injection Exploit - HTTP (Request) | 2025/07/09 | DDI RULE 5432 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5432 | ||
| DDI RULE 5435 | CVE-2025-33073 - Windows SMB Client Elevation of Privilege Vulnerability Exploit - DNS (Response) | 2025/07/09 | DDI RULE 5435 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5435 | ||
| DDI RULE 5434 | APT - BPFDOOR - HTTP(Request) | 2025/07/08 | DDI RULE 5434 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5434 | ||
| DDI RULE 5425 | CVE-2021-32030 - ASUS Router and Lyra Mini Authentication Bypass Exploit - HTTP (Response) | 2025/07/07 | DDI RULE 5425 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5425 | ||
| DDI RULE 5430 | Possible WebShell Attempt via PHP Obfuscation - HTTP (Request) - Variant 2 | 2025/07/07 | DDI RULE 5430 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5430 | ||
| DDI RULE 5431 | CVE-2025-30397 - JSCRIPT RCE - HTTP (Response) | 2025/07/03 | DDI RULE 5431 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5431 | ||
| DDI RULE 5433 | APT - BPFDOOR - TCP - Variant 2 | 2025/07/03 | DDI RULE 5433 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5433 | ||
| DDI RULE 5428 | CVE-2025-24016 - Wazuh Insecure Deserialization Exploit - HTTP (Request) | 2025/06/30 | DDI RULE 5428 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5428 | ||
| DDI RULE 5429 | CVE-2023-33538 - TPLink Command Injection Exploit - HTTP (Request) | 2025/06/30 | DDI RULE 5429 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5429 | ||
| DDI RULE 5384 | CVE-2025-32433 - Erlang OTP Server RCE Exploit - SSH (Request) | 2025/06/26 | DDI RULE 5384 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5384 | ||
| DDI RULE 5421 | APT - BPFDOOR - UDP | 2025/06/26 | DDI RULE 5421 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5421 | ||
| DDI RULE 5408 | CVE-2024-56145 - Craft CMS RCE Exploit - HTTP (Response) | 2025/06/25 | DDI RULE 5408 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5408 | ||
| DDI RULE 5417 | CVE-2025-33053 - WEBDAV RCE - HTTP (Response) | 2025/06/24 | DDI RULE 5417 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5417 | ||
| DDI RULE 5381 | CVE-2025-30406 - GLADINET CENTRESTACK RCE - HTTP (Request) | 2025/06/23 | DDI RULE 5381 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5381 | ||
| DDI RULE 5420 | APT - BPFDOOR - TCP | 2025/06/19 | DDI RULE 5420 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5420 | ||
| DDI RULE 5414 | CVE-2025-49220 - APEX CENTRAL RCE - HTTP (Response) | 2025/06/18 | DDI RULE 5414 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5414 | ||
| DDI RULE 5409 | CVE-2025-2146 - CANON BUFFER OVERFLOW - HTTP (Request) | 2025/06/17 | DDI RULE 5409 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5409 | ||
| DDI RULE 5415 | CVE-2025-49213 - ENDPOINT ENCRYPTION RCE - TCP (Request) | 2025/06/17 | DDI RULE 5415 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5415 | ||
| DDI RULE 5416 | CVE-2025-49212 - ENDPOINT ENCRYPTION RCE - TCP (Request) | 2025/06/17 | DDI RULE 5416 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5416 | ||
| DDI RULE 5368 | CVE-2022-43939 - PENTAHO AUTHBYPASS RCE EXPLOIT - HTTP(Response) | 2025/06/11 | DDI RULE 5368 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5368 | ||
| DDI RULE 5389 | FORTISANDBOX RCE EXPLOIT - HTTP(Response) | 2025/06/11 | DDI RULE 5389 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5389 | ||
| DDI RULE 5393 | CVE-2020-15999 - FREETYPE RCE EXPLOIT - HTTP(Response) | 2025/06/11 | DDI RULE 5393 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5393 | ||
| DDI RULE 5410 | CVE-2025-24813 - APACHE TOMCAT RCE - HTTP (Request) | 2025/06/10 | DDI RULE 5410 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5410 | ||
| DDI RULE 5411 | CVE-2025-3248 - LANGFLOW RCE - HTTP (Request) | 2025/06/10 | DDI RULE 5411 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5411 | ||
| DDI RULE 5412 | CVE-2025-32756 - FORTINET RCE - HTTP (Request) | 2025/06/10 | DDI RULE 5412 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5412 | ||
| DDI RULE 5413 | CVE-2025-46337 - ADODB SQL INJECTION - HTTP (Response) | 2025/06/10 | DDI RULE 5413 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5413 | ||
| DDI RULE 4590 | VIDAR - HTTP(REQUEST) - Variant 2 | 2025/06/05 | DDI RULE 4590 | /vinfo/us/threat-encyclopedia/network/ddi-rule-4590 | ||
| DDI RULE 5380 | CVE-2024-11131 - SYNOLOGY BUFFER OVERFLOW - HTTP(RESPONSE) | 2025/06/05 | DDI RULE 5380 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5380 | ||
| DDI RULE 5402 | Multiple Occurrences of Negotiate Request Activity Sensor - RDP (Request) | 2025/06/05 | DDI RULE 5402 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5402 | ||
| DDI RULE 5405 | ALLEGRA MULTIPLE DIRECTORY TRAVERSAL EXPLOIT ATTEMPT - HTTP (REQUEST) | 2025/06/05 | DDI RULE 5405 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5405 | ||
| DDI RULE 5404 | CVE-2025-29635 - DLINK COMMAND INJECTION EXPLOIT ATTEMPT- HTTP (REQUEST) | 2025/06/04 | DDI RULE 5404 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5404 | ||
| DDI RULE 5403 | CVE-2025-24054 - MSNTLM EXPLOIT - HTTP(Response) | 2025/05/29 | DDI RULE 5403 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5403 | ||
| DDI RULE 5406 | ECHARGE COMMAND INJECTION EXPLOIT - HTTP (Response) | 2025/05/29 | DDI RULE 5406 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5406 | ||
| DDI RULE 5329 | CVE-2024-8856 - WordPress Time Capsule Plugin Exploit - HTTP (Response) | 2025/05/28 | DDI RULE 5329 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5329 | ||
| DDI RULE 5395 | IVANTI EPMANAGER EXPLOIT - HTTP(Response) | 2025/05/27 | DDI RULE 5395 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5395 | ||
| DDI RULE 5400 | Presence of Angry IP Scanner - DNS (Response) | 2025/05/27 | DDI RULE 5400 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5400 | ||
| DDI RULE 5390 | Possible AS-REP Roasting Attack - Kerberos (Request) | 2025/05/26 | DDI RULE 5390 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5390 | ||
| DDI RULE 5399 | CVE-2019-2729 or CVE-2019-2725 - Oracle Weblogic - HTTP (Request) | 2025/05/22 | DDI RULE 5399 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5399 | ||
| DDI RULE 5360 | APT - BPFDOOR - ICMP (Request) | 2025/05/21 | DDI RULE 5360 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5360 | ||
| DDI RULE 5372 | SQLMAP Sensor - HTTP (Response) | 2025/05/21 | DDI RULE 5372 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5372 | ||
| DDI RULE 5396 | Suspicious Shell Command in Header - HTTP (Request) | 2025/05/19 | DDI RULE 5396 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5396 | ||
| DDI RULE 5370 | CVE-2024-41710 - MITEL6800 RCE EXPLOIT - HTTP(Request) | 2025/05/14 | DDI RULE 5370 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5370 | ||
| DDI RULE 5394 | CVE-2024-57050 - TPLINK EXPLOIT - HTTP(Response) | 2025/05/13 | DDI RULE 5394 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5394 | ||
| DDI RULE 5371 | CVE-2025-31161 - CRUSHFTP AUTH BYPASS - HTTP (Response) | 2025/05/08 | DDI RULE 5371 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5371 | ||
| DDI RULE 5365 | CVE-2024-11040 - VLLM DOS EXPLOIT - HTTP (Response) | 2025/05/07 | DDI RULE 5365 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5365 | ||
| DDI RULE 5391 | CVE-2025-22461 - IVANTI SQLI - HTTP (Response) | 2025/05/07 | DDI RULE 5391 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5391 | ||
| DDI RULE 5392 | CVE-2024-23468 - SOLARWINDS PATH TRAVERSAL - TCP (Request) | 2025/05/07 | DDI RULE 5392 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5392 | ||
| DDI RULE 5388 | Invoke Request Activity via DCOM - DCERPC (Request) | 2025/05/06 | DDI RULE 5388 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5388 | ||
| DDI RULE 5387 | CVE-2023-44221 - SONICWALL EXPLOIT COMMAND INJECTION EXPLOIT - HTTP(RESPONSE) | 2025/05/03 | DDI RULE 5387 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5387 | ||
| DDI RULE 5385 | CVE-2021-47667 - ZENDTO RCE - HTTP (Request) | 2025/04/30 | DDI RULE 5385 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5385 | ||
| DDI RULE 5382 | CVE-2025-31324 - SAP NETWEAVER UPLOAD EXPLOIT REQUEST - HTTP(REQUEST) | 2025/04/26 | DDI RULE 5382 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5382 | ||
| DDI RULE 5377 | ROUTER CLEARTEXT PASSWORD DISCLOSURE EXPLOIT - HTTP (Request) | 2025/04/22 | DDI RULE 5377 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5377 | ||
| DDI RULE 5376 | CVE-2024-11042 - APACHE AI FILE DELETION - HTTP (Request) | 2025/04/21 | DDI RULE 5376 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5376 | ||
| DDI RULE 5373 | CVE-2025-22457 - XFORWARDEDFOR BUFFER OVERFLOW - HTTP (Request) | 2025/04/16 | DDI RULE 5373 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5373 | ||
| DDI RULE 5375 | CVE-2024-10188 - LITELLM DOS - HTTP (Request) | 2025/04/16 | DDI RULE 5375 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5375 | ||
| DDI RULE 5362 | CVE-2025-24893 - XWIKI SOLRSEARCHMACROS RCE - HTTP (Request) | 2025/04/15 | DDI RULE 5362 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5362 | ||
| DDI RULE 5364 | CVE-2024-8859 - MLFLOW DIRECTORY TRAVERSAL - HTTP (Request) | 2025/04/15 | DDI RULE 5364 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5364 | ||
| DDI RULE 5367 | CVE-2025-30355 - DOS Exploit - HTTP(Response) | 2025/04/15 | DDI RULE 5367 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5367 | ||
| DDI RULE 5369 | IVANTI TRAVERSAL EXPLOIT - HTTP(Response) | 2025/04/15 | DDI RULE 5369 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5369 | ||
| DDI RULE 5352 | POSSIBLE CVE-2025-21277 - MSMQ BUFFER EXPLOIT - HTTP(Request) | 2025/04/03 | DDI RULE 5352 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5352 | ||
| DDI RULE 5353 | CVE-2024-45195 - APACHE OFBIZ RCE EXPLOIT - HTTP(Request) | 2025/04/03 | DDI RULE 5353 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5353 | ||
| DDI RULE 5355 | WMI QUERY RCE - DCERPC (Request) | 2025/04/03 | DDI RULE 5355 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5355 | ||
| DDI RULE 5363 | CVE-2024-50330 - IVANTI SQL INJECTION - HTTP (Response) | 2025/04/02 | DDI RULE 5363 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5363 | ||
| DDI RULE 5326 | IVANTI SQL INJECTION RCE EXPLOIT - HTTP (Request) | 2025/03/26 | DDI RULE 5326 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5326 | ||
| DDI RULE 5359 | CVE-2018-8639 - Win32k Privilege Escalation Exploit - HTTP (Response) | 2025/03/26 | DDI RULE 5359 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5359 | ||
| DDI RULE 5351 | Microsoft Windows Zero Day Vulnerability (ZDI-25-148) - HTTP(Response) | 2025/03/25 | DDI RULE 5351 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5351 | ||
| DDI RULE 5357 | CVE-2018-9276 - PRTG Command Injection - HTTP (Request) | 2025/03/25 | DDI RULE 5357 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5357 | ||
| DDI RULE 5324 | CVE-2024-43468 - CM SQL INJECTION RCE - HTTP (Response) | 2025/03/24 | DDI RULE 5324 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5324 | ||
| DDI RULE 5335 | CVE-2025-21377 - NTLM RELAY EXPLOIT - HTTP (Response) | 2025/03/24 | DDI RULE 5335 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5335 | ||
| DDI RULE 5356 | CVE-2025-29927 - NEXTJS MIDDLEWARE EXPLOIT - HTTP(Response) | 2025/03/24 | DDI RULE 5356 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5356 | ||
| DDI RULE 5333 | WMI RCE - DCERPC (Request) | 2025/03/19 | DDI RULE 5333 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5333 | ||
| DDI RULE 5341 | Suspicious Shell Command Sensor - TCP | 2025/03/18 | DDI RULE 5341 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5341 | ||
| DDI RULE 5336 | CVE-2025-21308 - WINDOWS THEMES SPOOFING EXPLOIT - HTTP (Response) | 2025/03/13 | DDI RULE 5336 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5336 | ||
| DDI RULE 5338 | CVE-2025-0108 - PALO ALTO AUTH BYPASS EXPLOIT - HTTP (Response) | 2025/03/13 | DDI RULE 5338 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5338 | ||
| DDI RULE 5342 | ITaskSchedulerService Remote Schedule Tasks (Create) - SMB (Request) | 2025/03/13 | DDI RULE 5342 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5342 | ||
| DDI RULE 5343 | ITaskSchedulerService Remote Schedule Tasks (Run) - SMB (Request) | 2025/03/13 | DDI RULE 5343 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5343 | ||
| DDI RULE 5344 | ITaskSchedulerService Remote Schedule Tasks (Delete) - SMB (Request) | 2025/03/13 | DDI RULE 5344 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5344 | ||
| DDI RULE 5345 | ITaskSchedulerService Remote Schedule Tasks (Create) - SMB2 (Request) | 2025/03/13 | DDI RULE 5345 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5345 | ||
| DDI RULE 5346 | ITaskSchedulerService Remote Schedule Tasks (Run) - SMB2 (Request) | 2025/03/13 | DDI RULE 5346 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5346 | ||
| DDI RULE 5347 | ITaskSchedulerService Remote Schedule Tasks (Delete) - SMB2 (Request) | 2025/03/13 | DDI RULE 5347 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5347 | ||
| DDI RULE 5348 | SVCCTL Create Service - SMB2 (Request) | 2025/03/13 | DDI RULE 5348 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5348 | ||
| DDI RULE 5349 | SVCCTL Start Service - SMB2 (Request) | 2025/03/13 | DDI RULE 5349 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5349 | ||
| DDI RULE 5327 | CVE-2024-43365 - CACTI XSS EXPLOIT - HTTP (Response) | 2025/03/12 | DDI RULE 5327 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5327 | ||
| DDI RULE 5331 | CVE-2024-46909 - WhatsUp Gold WriteDataFile Directory Traversal Exploit - TCP (Request) | 2025/03/11 | DDI RULE 5331 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5331 | ||
| DDI RULE 5337 | CVE-2024-55591 - FORTINET SECURITY BYPASS EXPLOIT - HTTP (Response) | 2025/03/10 | DDI RULE 5337 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5337 | ||
| DDI RULE 5321 | CVE-2025-0105 - Palo Alto Networks Expedition Input Validation Exploit - HTTP (Response) | 2025/03/05 | DDI RULE 5321 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5321 | ||
| DDI RULE 5334 | CVE-2024-13158 - IVANTI DIRECTORY TRAVERSAL EXPLOIT- HTTP (Request) | 2025/03/05 | DDI RULE 5334 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5334 | ||
| DDI RULE 5340 | LBLINK COMMAND INJECTION EXPLOIT - HTTP (Request) | 2025/03/05 | DDI RULE 5340 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5340 | ||
| DDI RULE 5332 | CVE-2024-43639 - Microsoft Windows KDC Integer Overflow Exploit - TCP (Response) | 2025/03/04 | DDI RULE 5332 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5332 | ||
| DDI RULE 5322 | Active Directory Certificate Services Template Discovery - LDAP (Request) - Variant 2 | 2025/03/03 | DDI RULE 5322 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5322 | ||
| DDI RULE 5330 | NMAP NetBios Session Service Scan - TCP (Request) | 2025/03/03 | DDI RULE 5330 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5330 | ||
| DDI RULE 5313 | CVE-2010-2568 - Windows Shell RCE - HTTP (Response) | 2025/02/20 | DDI RULE 5313 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5313 | ||
| DDI RULE 5323 | CVE-2024-49112 - INTEGER OVERFLOW EXPLOIT - LDAP (Response) | 2025/02/20 | DDI RULE 5323 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5323 | ||
| DDI RULE 5317 | CVE-2024-56337 - APACHE TOMCAT RCE - HTTP (Response) | 2025/02/19 | DDI RULE 5317 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5317 | ||
| DDI RULE 5305 | CVE-2024-42327 - Zabbix SQL Injection - HTTP (Response) | 2025/02/18 | DDI RULE 5305 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5305 | ||
| DDI RULE 5318 | CVE-2025-0282 - IVANTI RCE EXPLOIT - HTTP(Request) | 2025/02/17 | DDI RULE 5318 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5318 | ||
| DDI RULE 5320 | CVE-2025-0107 - Palo Alto Networks Expedition Insecure Deserialization Exploit - HTTP (Response) | 2025/02/17 | DDI RULE 5320 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5320 | ||
| DDI RULE 5316 | CVE-2024-37404 - IVANTI RCE EXPLOIT - HTTP (Response) | 2025/02/12 | DDI RULE 5316 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5316 | ||
| DDI RULE 5314 | ADCS Suspicious use of Certificate - Kerberos (Request) | 2025/02/11 | DDI RULE 5314 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5314 | ||
| DDI RULE 5310 | CVE-2024-52047 - DIRECTORY TRAVERSAL EXPLOIT - HTTP (Request) | 2025/02/06 | DDI RULE 5310 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5310 | ||
| DDI RULE 5312 | CVE-2024-40711 - Veeam Backup & Replication Remote Command Execution Exploit - HTTP (Response) | 2025/02/06 | DDI RULE 5312 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5312 | ||
| DDI RULE 5303 | CVE-2024-51378 - CYBERPANEL RCE EXPLOIT - HTTP (Request) | 2025/02/05 | DDI RULE 5303 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5303 | ||
| DDI RULE 5311 | CVE-2022-22947 - SPRINGCLOUD RCE EXPLOIT - HTTP (Request) | 2025/02/05 | DDI RULE 5311 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5311 | ||
| DDI RULE 5292 | CVE-2024-47575 - FORTIMANAGER RCE EXPLOIT - HTTP (Response) | 2025/02/04 | DDI RULE 5292 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5292 | ||
| DDI RULE 5304 | CVE-2024-12828 - WEBMIN RCE EXPLOIT - HTTP (Response) | 2025/01/30 | DDI RULE 5304 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5304 | ||
| DDI RULE 5306 | CVE-2024-53691 - QNAP RCE - HTTP (Request) | 2025/01/30 | DDI RULE 5306 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5306 | ||
| DDI RULE 5307 | CVE-2024-50388 - QNAP BACKUP EXPLOIT - HTTP(Request) | 2025/01/30 | DDI RULE 5307 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5307 | ||
| DDI RULE 5302 | CVE-2024-8963 - IVANTI AUTH BYPASS EXPLOIT - HTTP (Response) | 2025/01/24 | DDI RULE 5302 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5302 | ||
| DDI RULE 5300 | CVE-2024-29847 - IVANTI RCE EXPLOIT - TCP (Request) | 2025/01/22 | DDI RULE 5300 | /vinfo/us/threat-encyclopedia/network/ddi-rule-5300 |