Cloud One Workload Security and Deep Security Updates
- * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008679* - Identified BADRABBIT Ransomware Propagation Over SMB
1008327* - Identified Server Suspicious SMB Session
1010214* - Identified Trend Micro ApexOne Backup Folder Access
1010101* - Identified Usage Of PAExec Command Line Tool (ATT&CK T1569.002)
1009801* - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040)
1010025* - Microsoft Windows NTLM Tampering Vulnerability (CVE-2019-1166)
1012187* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2024-43642)
1010900* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)
1010317* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2020-1301)
1010652* - Microsoft Windows SMB2 Server Information Disclosure Vulnerability (CVE-2020-17140)
1010653* - Microsoft Windows SMB2 Server Remote Code Execution Vulnerability (CVE-2020-17096)
1010192* - Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)
1008717* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-11771)
1011587* - Microsoft Windows Server Service Tampering Vulnerability (CVE-2022-30216)
1010521* - Netlogon Elevation Of Privilege Vulnerability Over SMB (Zerologon) (CVE-2020-1472)
DCERPC Services - Client
1008328* - Identified Client Suspicious SMB Session
1010585* - Identified Possible Ransomware File Extension Create Activity Over Network Share - Client (ATT&CK T1486, T1080)
1004566* - Identified Suspicious Microsoft DLL File Over Network Share
1009331* - Microsoft Filter Manager Elevation Of Privilege Vulnerability (CVE-2018-8333)
1012183* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over SMB (ZDI-25-148)
1010201* - Microsoft Windows LNK Remote Code Execution Vulnerability Over SMB (CVE-2020-0729)
1012075* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability Over SMB (CVE-2024-38112)
1009717* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability Over SMB
1011436* - Microsoft Windows RPC Remote Code Execution Vulnerability Over SMB (CVE-2022-26809)
1011459* - Microsoft Windows RPC Remote Code Execution Vulnerability Over TCP (CVE-2022-26809)
1010319* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2020-1284)
1008915* - Microsoft Windows SMBv3 Denial Of Service Vulnerability (CVE-2018-0833)
1011950* - Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Over SMB (CVE-2024-21412)
1007120* - SMB DLL Injection Exploit Detected (ATT&CK T1055.001)
DNS Client
1007456* - DNS Malformed Response Detected
1008571* - DNS Request To ShadowPad Domain Detection
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
1008204* - DNSMessenger Malware Domain Blocker
1009135* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225)
IPSec-IKE
1011669* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Denial Of Service Vulnerability (CVE-2023-21547)
1011801* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Denial Of Service Vulnerability (CVE-2023-21758)
1011536* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability (CVE-2022-34721)
Ivanti Endpoint Manager
1012205* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50326)
1012207* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50330)
JetBrains TeamCity
1012381 - JetBrains TeamCity Cross-Site Scripting Vulnerability (CVE-2025-46618)
Kerberos KDC Client
1012338* - Microsoft Windows Defender Credential Guard Security Feature Bypass Vulnerability (CVE-2025-29809)
LDAP Client
1011269* - Identified Java Code Download Attempt Over LDAP
MS-RDPEUDP2
1009940* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1224)
1009941* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1225)
Microsoft Office
1011208* - Microsoft Access Remote Code Execution Vulnerability (CVE-2021-41368)
1011303* - Microsoft Excel Information Disclosure Vulnerability (CVE-2022-22716)
1011137* - Microsoft Office Graphics Remote Code Execution Vulnerability (CVE-2021-38658)
1011138* - Microsoft Office Remote Code Execution Vulnerability (CVE-2021-38659)
1011181* - Microsoft Office Visio Remote Code Execution Vulnerability (CVE-2021-40480)
1011182* - Microsoft Office Visio Remote Code Execution Vulnerability (CVE-2021-40481)
1011136* - Microsoft Word Remote Code Execution Vulnerability (CVE-2021-38656)
1011184* - Microsoft Word Remote Code Execution Vulnerability (CVE-2021-40486)
1011701* - Microsoft Word Remote Code Execution Vulnerability (CVE-2023-21716)
Port Mapper FTP Client
1011089* - Identified File Upload Over FTP (ATT&CK T1048.003)
Port Mapper Windows
1001033* - Windows Port Mapper Decoder
Remote Desktop Protocol Client
1009031* - Microsoft Windows CredSSP Remote Code Execution Vulnerability (CVE-2018-0886)
1010402* - Microsoft Windows Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-1374)
Remote Desktop Protocol Server
1009343* - Identified Too Many SSL Alert Messages In SSLv3 Over RDP (ATT&CK T1021.001, T1573.002)
1009958* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1181)
1009961* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1182)
1009448* - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt
1010556* - Microsoft Windows Remote Desktop Protocol Information Disclosure Vulnerability (CVE-2020-16896)
Suspicious Client Application Activity
1008946* - Heuristic Detection Of Suspicious Digital Certificate (ATT&CK T1587.003)
1008756* - Identified Potentially Malicious RAT Traffic - VII (ATT&CK T1571)
1010307* - Identified Reverse Shell Communication Over HTTPS (ATT&CK T1071.001)
1010306* - Identified Reverse Shell Communication Over HTTPS - 1 (ATT&CK T1071.001)
1010365* - Identified Reverse Shell Communication Over HTTPS - 3 (ATT&CK T1071.001)
1010370* - Identified Reverse Shell Communication Over HTTPS - 4 (ATT&CK T1071.001)
1009952* - Identified WhatsApp Communication Attempt (ATT&CK T1102.002)
1009432* - Tildeb Acknowledgment Request
TFTP Client Decoder
1003526* - Enable TFTP Decoder
Web Application PHP Based
1012193* - WordPress 'WP Brutal AI' Plugin SQL Injection Vulnerability (CVE-2023-2601)
1012194* - WordPress 'WP Brutal AI' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2023-2606)
1012226* - WordPress 'wpForo' Plugin Local File Inclusion Vulnerability (CVE-2023-2249)
Web Client Common
1010540* - Download Of A Suspicious PowerShell Script File Detected
1004715* - HTTP Web Client Decoding
1011091* - Identified Download Of Executable File Over HTTP (ATT&CK T1105)
1011500* - Identified Download of Python Reverse Shell Payload Over HTTP
1011225* - Microsoft Project MPT File Parsing Out-Of-Bounds Read Vulnerability (ZDI-CAN-14518)
1012070* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-2023-35628)
1012074* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-2024-38112)
1012141* - Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461)
1012142* - Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461) - 1
1011949* - Microsoft Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2024-21412)
Web Client HTTPS
1010130* - Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601)
1010132* - Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) - 1
1010290* - Microsoft Windows Transport Layer Security Denial Of Service Vulnerability (CVE-2020-1118) - Client
Web Server Common
1011249* - Apache Log4j Denial of Service Vulnerability (CVE-2021-45105)
1011270* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) - 1
1011265* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046)
1011279* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046) - 1
1000128* - HTTP Protocol Decoding
Web Server HTTPS
1012384 - Roundcube Webmail Insecure Deserialization Vulnerability (CVE-2025-49113)
Windows SMB Client
1011055* - Identified DCERPC OpenPrinterEx Call Over SMB Protocol
1010701* - Microsoft Windows Defender Remote Code Execution Vulnerability Over SMB (CVE-2021-1647)
Windows SMB Server
1011058* - Identified DCERPC EFSRPC Methods Call Over SMB Protocol (PetitPotam)
1011593* - Identified Executable File Upload On Network Share (ATT&CK T1570)
1012318* - Identified Possible Ransomware File Rename Activity Over Network Share - 1
1011680* - Microsoft Windows NEGOEX Remote Code Execution Vulnerability (CVE-2022-37958)
1010884* - Microsoft Windows RPC Remote Code Execution Vulnerability (CVE-2017-8461)
Windows Services RPC Client DCERPC
1012178* - Identified Windows DCERPC AUTH LEVEL CONNECT Windows Remote Registry Request
1007538* - Windows Client Port Mapper Decoder
Windows Services RPC Server DCERPC
1009892* - Identified Domain-Level Information Dumping Over DCERPC (ATT&CK T1003.006, T1018)
1010539* - Identified NTLM Brute Force Attempt (ZeroLogon) (CVE-2020-1472)
1009478* - Identified Remote Service Creation Over DCE/RPC Protocol (ATT&CK T1543.003)
1007561* - Identified Windows DCERPC AUTH LEVEL CONNECT Password Validate Request
1010519* - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Mail Server Common
1012173* - Roundcube Webmail Stored Cross-Site Scripting Vulnerability (CVE-2024-42009)
NodeBB
1012382 - NodeBB Stored Cross-Site Scripting Vulnerability (CVE-2024-57041)
1012378 - NodeBB Stored Cross-Site Scripting Vulnerability (CVE-2025-29513)
Spring Cloud Skipper Server
1012171* - VMware Spring Cloud Skipper Server Directory Traversal Vulnerability (CVE-2024-22263)
Web Application Common
1012364 - Web Application Possible Brute Force Attempt-XFF (ATT&CK T1110)
Web Application PHP Based
1012157* - SPIP 'BigUp' Plugin Remote Code Execution Vulnerability (CVE-2024-8517)
1012180* - WordPress 'Feed Them Social' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2383)
1012366 - WordPress 'OttoKit: All-in-One Automation Platform (Formerly SureTriggers)' Plugin Authentication Bypass Vulnerability (CVE-2025-3102)
1012363 - WordPress 'Return Refund and Exchange For WooCommerce' Plugin Arbitrary File Upload Vulnerability (CVE-2022-4047)
Web Application Ruby Based
1012189* - Grafana 'duckdb' Remote Code Execution Vulnerability (CVE-2024-9264)
Web Server Common
1006540* - Enable X-Forwarded-For HTTP Header Logging
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
BentoML
1012362 - BentoML's runner server Insecure Deserialization Vulnerability (CVE-2025-32375)
CyberPanel
1012377 - CyberPanel Command Injection Vulnerability (CVE-2024-51568)
Directory Client LDAP TCP
1012276* - Microsoft Windows LDAP Integer Overflow Vulnerability (CVE-2024-49112)
Ivanti Endpoint Manager
1012346* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-34781)
JetBrains TeamCity
1012297* - JetBrains TeamCity Cross-Site Scripting Vulnerability (CVE-2025-24459)
Remote Desktop Gateway
1012376 - Microsoft Windows Remote Desktop Gateway Denial Of Service Vulnerability (CVE-2025-30394)
Web Application Common
1012348* - ZendTo Remote Code Execution Vulnerability (CVE-2021-47667)
Web Application PHP Based
1012285* - Clinic's Patient Management System Remote Code Execution Vulnerability (CVE-2022-40471)
Web Client Common
1012379 - Microsoft Windows Remote Code Execution Vulnerability (CVE-2025-33053)
Web Client HTTPS
1012375 - Trend Micro Apex Central Deserialization Of Untrusted Data Vulnerability (CVE-2025-49220)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Ivanti Avalanche
1012298* - Ivanti Avalanche Authentication Bypass Vulnerability (CVE-2024-13181)
Ivanti Endpoint Manager
1012207* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50330)
Microsoft Configuration Manager
1012289* - Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)
MyQ Print Server
1012268* - MyQ Print Server Remote Code Execution Vulnerability (CVE-2024-28059)
Solr Service
1012291* - Apache Solr Directory Traversal Vulnerability (CVE-2024-52012)
Web Application Common
1011718* - ThinkPHP SQL Injection Vulnerability (CVE-2021-44350)
Web Application PHP Based
1011689* - LibreNMS Cross-Site Scripting Vulnerability (CVE-2022-4069)
1011644* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4067)
1012260* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-50352)
1011736* - OpenCATS Cross-Site Scripting Vulnerability (CVE-2023-27293)
1011772* - Pimcore SQL Injection Vulnerability (CVE-2023-1578)
1011613* - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011641* - WordPress 'Availability Calendar' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24604)
1011537* - WordPress 'BackupBuddy' Plugin Directory Traversal Vulnerability (CVE-2022-31474)
1011611* - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011629* - WordPress 'Donate With QRCode' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24618)
1011754* - WordPress 'Duplicator' Plugin Information Disclosure Vulnerability (CVE-2022-2551)
1011604* - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011605* - WordPress 'EventON Calendar' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2020-29395)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617* - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011561* - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)
1011643* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2020-35589)
1011634* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24657)
1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
1011747* - WordPress 'Metform Elementor Contact Form Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2023-0084)
1011602* - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
1011599* - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011603* - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
1011615* - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011714* - WordPress 'Paid Memberships Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2022-4830)
1011695* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2023-23488)
1011609* - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606* - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011638* - WordPress 'Responsive 3D Slider' Plugin SQL Injection Vulnerability (CVE-2021-24398)
1011528* - WordPress 'Simple File List' Plugin Directory Traversal Vulnerability (CVE-2022-1119)
1011637* - WordPress 'Simple School Staff Directory' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24663)
1011621* - WordPress 'Snap Creek Duplicator' Plugin Directory Traversal Vulnerability (CVE-2020-11738)
1011632* - WordPress 'Splash Header' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24587)
1011618* - WordPress 'Support Board' Plugin SQL Injection Vulnerability (CVE-2021-24741)
1011612* - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011636* - WordPress 'ThinkTwit' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24582)
1009644* - WordPress 'W3 Total Cache' Plugin Arbitrary File Read Vulnerability (CVE-2019-6715)
1011622* - WordPress 'WP Dialog' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24600)
1012368 - WordPress 'WP Hotel Booking' Plugin SQL Injection Vulnerability (CVE-2023-5652)
1011620* - WordPress Directory Traversal Vulnerability (CVE-2019-8943)
Web Application Tomcat
1012369 - vBulletin Remote Code Execution Vulnerability (CVE-2025-48828)
Web Server Common
1011690* - dotCMS Directory Traversal Vulnerability (CVE-2022-45783)
Web Server HTTPS
1012371 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47865)
1012372 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47867)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
JetBrains TeamCity
1012199* - JetBrains TeamCity Stored Cross-Site Scripting Vulnerability (CVE-2024-47950)
MLflow
1012096* - MLflow Path Traversal Vulnerabilities (CVE-2023-6909 and CVE-2024-2928)
Mail Server Common
1012185* - Roundcube Webmail Information Disclosure Vulnerability (CVE-2024-42010)
Progress WhatsUp Gold
1012184* - Progress WhatsUp Gold Information Disclosure Vulnerability (CVE-2024-5010)
Web Application Common
1011468* - Horde Groupware Webmail Insecure Deserialization Vulnerability (CVE-2022-30287)
Web Application PHP Based
1011319* - WordPress '404 to 301' Plugin Blind SQL Injection Vulnerability (CVE-2015-9323)
1011392* - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
1011439* - WordPress 'Advanced Uploader' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1103)
1011425* - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
1011416* - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
1011426* - WordPress 'Blue Admin' Plugin Cross-Site Request Forgery Vulnerability (CVE-2021-24581)
1011358* - WordPress 'CP Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0448)
1011411* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
1011419* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
1011314* - WordPress 'Contact Form Check Tester' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24247)
1011450* - WordPress 'Copy & Delete Posts' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-43408)
1011337* - WordPress 'Download Monitor' Plugin Cross-Site Scripting Vulnerability (CVE-2021-23174)
1011380* - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
1011405* - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
1011481* - WordPress 'Events Made Easy' Plugin SQL Injection Vulnerability (CVE-2022-1905)
1011465* - WordPress 'Google Tag Manager for WordPress' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1707)
1011356* - WordPress 'Header Footer Code Manager' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0710)
1011409* - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
1011431* - WordPress 'LayerSlider' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1153)
1011410* - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
1011353* - WordPress 'MasterStudy LMS' Plugin Admin Account Creation Vulnerability (CVE-2022-0441)
1011400* - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
1011388* - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
1011335* - WordPress 'Mortgage-Calculators-Wp' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24904)
1011334* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2021-25114)
1011387* - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
1011375* - WordPress 'Photoswipe Masonry Gallery' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0750)
1011320* - WordPress 'Post Grid' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24488)
1011489* - WordPress 'Random Banner' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0210)
1011467* - WordPress 'ReDi Restaurant Reservation' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24299)
1011393* - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)
1011446* - WordPress 'Responsive Menu' Plugin Authenticated Arbitrary File Upload Vulnerability (CVE-2021-24160)
1011423* - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
1011351* - WordPress 'TI WooCommerce Wishlist' Plugin SQL Injection Vulnerability (CVE-2022-0412)
1011610* - WordPress 'WP Domain Redirect' Plugin SQL Injection Vulnerability (CVE-2021-24401)
1011600* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2021-24340)
1011708* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2022-4230)
1011473* - WordPress 'WP Statistics' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-25305)
1011584* - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
1011607* - WordPress 'WP iCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24402)
1011639* - WordPress 'WP-Board' Plugin SQL Injection Vulnerability (CVE-2021-24404)
1011582* - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)
1011697* - WordPress 'Zephyr Project Manager' Plugin SQL Injection Vulnerability (CVE-2022-2840)
1011401* - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)
1011433* - WordPress 'tatsu' Plugin Remote Code Execution Vulnerability (CVE-2021-25094)
1011452* - WordPress 'turn-off-comments-for-all-posts' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1192)
1011635* - WordPress 'youForms Free For CopeCart' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24596)
Web Server Common
1011414* - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)
Web Server HTTPS
1012222* - Cacti Stored Cross-Site Scripting Vulnerability (CVE-2024-43362)
1012188* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2024-6530)
1011406* - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
1012365 - Zabbix SQL Injection Vulnerability (CVE-2024-36465)
1012221* - Zimbra Collaboration Reflected Cross-Site Scripting Vulnerability (CVE-2024-50599)
dotCMS
1011460* - dotCMS Directory Traversal Vulnerability (CVE-2022-26352)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1012187* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2024-43642)
HP Intelligent Management Center (IMC)
1012208* - Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-45195)
IBM WebSphere Application Server
1009803* - IBM Websphere Application Server Remote Code Execution Vulnerability (CVE-2019-4279)
Ivanti Avalanche
1012169* - Ivanti Avalanche Path Traversal Vulnerability (CVE-2024-47011)
JetBrains TeamCity
1012181* - JetBrains TeamCity Directory Traversal Vulnerability (CVE-2024-47949)
Web Application Common
1011155* - FlatCore CMS Remote Code Execution Vulnerability (CVE-2021-39608)
1010899* - LightCMS Stored Cross-Site Scripting Vulnerability (CVE-2021-3355)
1011101* - MODX Revolution Remote Code Execution Vulnerability (CVE-2018-1000207)
Web Application PHP Based
1012361 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4068)
1011278* - October CMS Security Bypass Vulnerability (CVE-2021-32648)
1011266* - WordPress 'All-In-One-Seo-Pack' Plugin Remote Code Execution Vulnerability (CVE-2021-24307)
1011074* - WordPress 'Backup Guard' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24155)
1011252* - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)
1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
1011302* - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)
1011296* - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
1010993* - WordPress 'Directories Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29304)
1011305* - WordPress 'Domain Check' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24926)
1011220* - WordPress 'Download Manager' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24773)
1011299* - WordPress 'Download Monitor' Plugin SQL Injection Vulnerability (CVE-2021-24786)
1011352* - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)
1011404* - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
1011407* - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
1012339 - WordPress 'WP Shortcodes' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2025-0370)
1011341* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-0651)
1011340* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25148)
1011347* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25149)
1011333* - WordPress 'WP Statistics' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2022-0513)
1011321* - WordPress 'WooCommerce Product Slider' Plugin Reflected Cross Site Vulnerability (CVE-2021-24300)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
1011298* - WordPress Core Post Slug Stored Cross-Site Scripting Vulnerability (CVE-2022-21662)
Web Server Common
1010905* - B2evolution CMS Open Redirect Vulnerability (CVE-2020-22840)
1010892* - B2evolution CMS Reflected Cross Site Scripting Vulnerability (CVE-2020-22839)
1010985* - Subrion CMS Remote Code Execution Vulnerability (CVE-2018-19422)
1011262* - SuiteCRM Remote Code Execution Vulnerability (CVE-2021-42840)
Web Server HTTPS
1012172* - Cacti Arbitrary File Write Vulnerability (CVE-2024-43363)
1012353 - Cacti SQL Injection Vulnerability (CVE-2024-54146)
1010935* - Joomla! CMS Stored Cross-Site Scripting Vulnerability (CVE-2021-26030)
Windows Services RPC Client DCERPC
1012178* - Identified Windows DCERPC AUTH LEVEL CONNECT Windows Remote Registry Request
Zoho ManageEngine
1012179* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2024-6748)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Java RMI
1009451* - Java Unserialize Remote Code Execution Vulnerability Over RMI
WSO2
1012342 - WSO2 API Manager Documentation Arbitrary File Upload Vulnerability
Web Application Common
1010750* - Zend Framework Deserialization Remote Code Execution Vulnerability (CVE-2021-3007)
Web Application PHP Based
1010886* - Batflat CMS Remote Code Execution Vulnerability (CVE-2020-35734)
1008970* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)
1009054* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7602)
1011261* - WordPress 'DZS Zoomsounds' Plugin Directory Traversal Vulnerability (CVE-2021-39316)
1011287* - WordPress 'Frontend Uploader' Plugin Cross Site Scripting Vulnerability (CVE-2021-24563)
1011060* - WordPress 'LearnPress' Plugin Blind SQL Injection Vulnerability (CVE-2020-6010)
1011209* - WordPress 'LearnPress' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-39348)
1011325* - WordPress 'Perfect Survey' Plugin SQL Injection Vulnerability (CVE-2021-24762)
1011015* - WordPress 'Poll, Survey, Questionnaire and Voting system' Plugin Blind SQL Injection Vulnerability
1011264* - WordPress 'Popular Posts' Plugin Arbitrary File Upload Vulnerability (CVE-2021-42362)
1011143* - WordPress 'ProfilePress' Plugin Privilege Escalation Vulnerability (CVE-2021-34621)
1011173* - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
1011056* - WordPress 'SP Project & Document Manager' Plugin Remote Code Execution Vulnerability (CVE-2021-24347)
1011174* - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)
1011169* - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
1011168* - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)
1011172* - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)
1011286* - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011324* - WordPress 'WP User Frontend' Plugin SQL Injection Vulnerability (CVE-2021-25076)
1011165* - WordPress 'Woo-Order-Export-Lite' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24169)
1011283* - WordPress 'Wp-Stats-Manager' Plugin SQL Injection Vulnerability (CVE-2021-24750)
1011043* - WordPress 'XCloner' Plugin Remote Code Execution Vulnerability (CVE-2020-35948)
1011193* - WordPress 'iThemes Security' Plugin SQL Injection Vulnerability (CVE-2018-12636)
1010982* - WordPress 'wpDiscuz' Plugin Remote Code Execution Vulnerability (CVE-2020-24186)
1010942* - WordPress XML External Entity Injection Vulnerability (CVE-2021-29447)
Web Server Common
1010737* - CMS Made Simple 'Showtime2' Reflected Cross Site Scripting Vulnerability (CVE-2020-20138)
1010885* - CMS Made Simple Smarty Server-side Template Injection Vulnerability (CVE-2021-26120)
1010802* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2008-6178)
Web Server HTTPS
1012354 - Craft CMS Remote Code Execution Vulnerability (CVE-2025-32432)
1010795* - Joomla CMS Cross-Site Scripting Vulnerability (CVE-2021-23124)
1012357 - SysAid Server Multiple XML External Entity Injection Vulnerabilities
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
CyberPanel
1012299* - CyberPanel Remote Code Execution Vulnerability (CVE-2024-53376)
Web Application Common
1010661* - BlackCat CMS Cross-Site Request Forgery Bypass Vulnerability (CVE-2020-25453)
1010663* - Bludit CMS Brute Force Bypass Vulnerability (CVE-2019-17240)
1010529* - CutePHP CuteNews Remote Code Execution Vulnerability (CVE-2019-11447)
1009630* - DotNetNuke Remote Code Execution Vulnerability (CVE-2017-9822)
1010668* - FUEL CMS Remote Code Execution Vulnerability (CVE-2018-16763)
1012352 - Pandora FMS Command Injection Vulnerability (CVE-2024-12971)
Web Application PHP Based
1007459* - Drupal XRDS Document Denial Of Service Vulnerability (CVE-2014-5267)
1010543* - GNUBoard 'ajax.autosave.php' SQL Injection Vulnerability (CVE-2014-2339)
1010542* - GNUBoard 'tb.php' SQL Injection Vulnerability (CVE-2011-4066)
1010545* - GNUBoard Local File Inclusion Vulnerability (EDB-ID-7927)
1010547* - GNUBoard Remote Code Execution Vulnerability (KVE-2018-0449 and KVE-2018-0441)
1010544* - GNUBoard SQL Injection Vulnerability (EDB-ID-7927)
1010931* - GetSimple CMS Cross Site Scripting Vulnerability (CVE-2020-23839)
1010564* - Joomla Arbitrary File Upload Vulnerability (CVE-2020-23972)
1010212* - LibreNMS Collectd Command Injection Vulnerability (CVE-2019-10669)
1012341* - LibreNMS Stored Cross-Site Scripting Vulnerabilities (CVE-2025-23199 and CVE-2025-23200)
1006656* - Magento Admin Authentication Bypass Vulnerability
1007641* - Magento Unauthenticated Arbitrary File Write Vulnerability (CVE-2016-4010)
1007252* - PHP jui_filter_rule Parsing Library Remote Code Execution Vulnerability
1012279* - WordPress 'WP Time Capsule' Plugin Arbitrary File Upload Vulnerability (CVE-2024-8856)
1006097* - phpMyAdmin 'server_databases.php' Remote Command Execution Vulnerability
Web Server Common
1010412* - Bolt CMS Authenticated Remote Code Execution Vulnerability
1010097* - CMS Made Simple (CMSMS) Remote Code Execution Vulnerability (CVE-2019-9692)
1010082* - CMS Made Simple Authenticated RCE Via Object Injection Vulnerability (CVE-2019-9055)
1010323* - Gila CMS Image Upload Remote Code Execution Vulnerability (CVE-2020-5514)
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)
Web Server HTTPS
1012350 - Cacti Arbitrary File Read Vulnerability (CVE-2024-45598)
1010723* - Identified Generic PHP Webshell Payload Over HTTP
1010718* - Joomla CMS 'mod_random_image' Stored Cross-Site Scripting Vulnerability (CVE-2020-15696)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Ivanti Endpoint Manager
1012253* - Ivanti Endpoint Manager SQL Injection Vulnerabilities (CVE-2024-32848 and CVE-2024-13162)
1012346 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-34781)
1012345 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2025-22461)
Web Application Common
1010023* - October CMS Upload Protection Bypass Code Execution Vulnerability (CVE-2017-1000119)
1010036* - SDCMS Remote Code Execution Vulnerability (CVE-2018-19520)
1012348 - ZendTo Remote Code Execution Vulnerability (CVE-2021-47667)
Web Application PHP Based
1009720* - Drupal Core Cross-Site Scripting Vulnerability (CVE-2019-6341)
1009541* - Drupal Core Remote Code Execution Vulnerability (CVE-2019-6340)
1009157* - Joomla Component Ekrishta SQL Injection Vulnerability (CVE-2018-12254)
1009308* - Moodle PHP Unserialize Remote Code Execution Vulnerability (CVE-2018-14630)
1010338* - PHP-Fusion Administration Banner Stored Cross-Site Scripting Vulnerability (CVE-2020-12438)
1010281* - Rank Math Wordpress SEO Plugin 'updateMeta' Privilege Escalation Vulnerability (CVE-2020-11514)
1012344 - WordPress 'Beautiful Taxonomy Filters' Plugin SQL Injection Vulnerability (CVE-2024-12270)
1010705* - WordPress 'Canto' Plugin Multiple Server-Side Request Forgery Vulnerabilities
1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)
1010194* - WordPress 'GDPR Cookie Consent Plugin' Stored Cross-Site Scripting Vulnerability
1010551* - WordPress 'SupportCandy Plugin' Arbitrary File Upload Vulnerability (CVE-2019-11223)
1010683* - WordPress 'Ultimate Member' Plugin Multiple Privilege Escalation Vulnerabilities
1010499* - WordPress 'WP EasyCart Plugin' Shell Upload Vulnerability (CVE-2014-9308)
1012347 - WordPress 'WP Load Gallery' Plugin Arbitrary File Upload Vulnerability (CVE-2025-23942)
1010359* - WordPress 'bbPress' Plugin Unauthenticated Privilege Escalation Vulnerability (CVE-2020-13693)
1010375* - WordPress 10Web Photo Gallery Plugin SQL Injection Vulnerability
1009776* - WordPress Comment Field Remote Code Execution Vulnerability (CVE-2019-9787)
1009617* - WordPress Easy SMTP Plugin Unauthenticated Arbitrary 'wp_options' Import Vulnerability
1010172* - WordPress InfiniteWP And Time Capsule Plugin Client Authentication Bypass Vulnerability (CVE-2020-8771)
1008148* - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
1009751* - WordPress PayPal Checkout Payment Gateway Plugin Parameter Tampering Vulnerability (CVE-2019-7441)
1010122* - WordPress Plainview Activity Monitor Plugin Remote Code Execution Vulnerability (CVE-2018-15877)
1010341* - Wordpress Drag and Drop Multi File Uploader Remote Code Execution Vulnerability (CVE-2020-12800)
1010648* - Wordpress Woody Ad Snippets Plugin Remote Code Execution Vulnerability (CVE-2019-15858)
Web Application Tomcat
1000697* - Directory Listing in Apache Tomcat 5.x.x
Web Server Adobe ColdFusion
1012011* - Adobe ColdFusion Directory Traversal Vulnerabilities (CVE-2024-20767 and CVE-2024-53961)
Web Server HTTPS
1012314 - Cacti CRLF Injection Vulnerability (CVE-2025-24367)
Web Server Miscellaneous
1012335 - CrushFTP Authentication Bypass Vulnerability (CVE-2025-2825 and CVE-2025-31161)
pgAdmin
1012349 - pgAdmin Remote Code Execution Vulnerability (CVE-2025-2945)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
SAP NetWeaver Visual Composer
1012351 - SAP NetWeaver Visual Composer Unrestricted File Upload Vulnerability (CVE-2025-31324)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.