Cloud One Workload Security and Deep Security Updates

  • RULE UPDATE: 25-026 (June 24, 2025)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008679* - Identified BADRABBIT Ransomware Propagation Over SMB
    1008327* - Identified Server Suspicious SMB Session
    1010214* - Identified Trend Micro ApexOne Backup Folder Access
    1010101* - Identified Usage Of PAExec Command Line Tool (ATT&CK T1569.002)
    1009801* - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040)
    1010025* - Microsoft Windows NTLM Tampering Vulnerability (CVE-2019-1166)
    1012187* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2024-43642)
    1010900* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)
    1010317* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2020-1301)
    1010652* - Microsoft Windows SMB2 Server Information Disclosure Vulnerability (CVE-2020-17140)
    1010653* - Microsoft Windows SMB2 Server Remote Code Execution Vulnerability (CVE-2020-17096)
    1010192* - Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)
    1008717* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-11771)
    1011587* - Microsoft Windows Server Service Tampering Vulnerability (CVE-2022-30216)
    1010521* - Netlogon Elevation Of Privilege Vulnerability Over SMB (Zerologon) (CVE-2020-1472)


    DCERPC Services - Client
    1008328* - Identified Client Suspicious SMB Session
    1010585* - Identified Possible Ransomware File Extension Create Activity Over Network Share - Client (ATT&CK T1486, T1080)
    1004566* - Identified Suspicious Microsoft DLL File Over Network Share
    1009331* - Microsoft Filter Manager Elevation Of Privilege Vulnerability (CVE-2018-8333)
    1012183* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over SMB (ZDI-25-148)
    1010201* - Microsoft Windows LNK Remote Code Execution Vulnerability Over SMB (CVE-2020-0729)
    1012075* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability Over SMB (CVE-2024-38112)
    1009717* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability Over SMB
    1011436* - Microsoft Windows RPC Remote Code Execution Vulnerability Over SMB (CVE-2022-26809)
    1011459* - Microsoft Windows RPC Remote Code Execution Vulnerability Over TCP (CVE-2022-26809)
    1010319* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2020-1284)
    1008915* - Microsoft Windows SMBv3 Denial Of Service Vulnerability (CVE-2018-0833)
    1011950* - Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Over SMB (CVE-2024-21412)
    1007120* - SMB DLL Injection Exploit Detected (ATT&CK T1055.001)


    DNS Client
    1007456* - DNS Malformed Response Detected
    1008571* - DNS Request To ShadowPad Domain Detection
    1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
    1008204* - DNSMessenger Malware Domain Blocker
    1009135* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225)


    IPSec-IKE
    1011669* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Denial Of Service Vulnerability (CVE-2023-21547)
    1011801* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Denial Of Service Vulnerability (CVE-2023-21758)
    1011536* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability (CVE-2022-34721)


    Ivanti Endpoint Manager
    1012205* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50326)
    1012207* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50330)


    JetBrains TeamCity
    1012381 - JetBrains TeamCity Cross-Site Scripting Vulnerability (CVE-2025-46618)


    Kerberos KDC Client
    1012338* - Microsoft Windows Defender Credential Guard Security Feature Bypass Vulnerability (CVE-2025-29809)


    LDAP Client
    1011269* - Identified Java Code Download Attempt Over LDAP


    MS-RDPEUDP2
    1009940* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1224)
    1009941* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1225)


    Microsoft Office
    1011208* - Microsoft Access Remote Code Execution Vulnerability (CVE-2021-41368)
    1011303* - Microsoft Excel Information Disclosure Vulnerability (CVE-2022-22716)
    1011137* - Microsoft Office Graphics Remote Code Execution Vulnerability (CVE-2021-38658)
    1011138* - Microsoft Office Remote Code Execution Vulnerability (CVE-2021-38659)
    1011181* - Microsoft Office Visio Remote Code Execution Vulnerability (CVE-2021-40480)
    1011182* - Microsoft Office Visio Remote Code Execution Vulnerability (CVE-2021-40481)
    1011136* - Microsoft Word Remote Code Execution Vulnerability (CVE-2021-38656)
    1011184* - Microsoft Word Remote Code Execution Vulnerability (CVE-2021-40486)
    1011701* - Microsoft Word Remote Code Execution Vulnerability (CVE-2023-21716)


    Port Mapper FTP Client
    1011089* - Identified File Upload Over FTP (ATT&CK T1048.003)


    Port Mapper Windows
    1001033* - Windows Port Mapper Decoder


    Remote Desktop Protocol Client
    1009031* - Microsoft Windows CredSSP Remote Code Execution Vulnerability (CVE-2018-0886)
    1010402* - Microsoft Windows Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-1374)


    Remote Desktop Protocol Server
    1009343* - Identified Too Many SSL Alert Messages In SSLv3 Over RDP (ATT&CK T1021.001, T1573.002)
    1009958* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1181)
    1009961* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1182)
    1009448* - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt
    1010556* - Microsoft Windows Remote Desktop Protocol Information Disclosure Vulnerability (CVE-2020-16896)


    Suspicious Client Application Activity
    1008946* - Heuristic Detection Of Suspicious Digital Certificate (ATT&CK T1587.003)
    1008756* - Identified Potentially Malicious RAT Traffic - VII (ATT&CK T1571)
    1010307* - Identified Reverse Shell Communication Over HTTPS (ATT&CK T1071.001)
    1010306* - Identified Reverse Shell Communication Over HTTPS - 1 (ATT&CK T1071.001)
    1010365* - Identified Reverse Shell Communication Over HTTPS - 3 (ATT&CK T1071.001)
    1010370* - Identified Reverse Shell Communication Over HTTPS - 4 (ATT&CK T1071.001)
    1009952* - Identified WhatsApp Communication Attempt (ATT&CK T1102.002)
    1009432* - Tildeb Acknowledgment Request


    TFTP Client Decoder
    1003526* - Enable TFTP Decoder


    Web Application PHP Based
    1012193* - WordPress 'WP Brutal AI' Plugin SQL Injection Vulnerability (CVE-2023-2601)
    1012194* - WordPress 'WP Brutal AI' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2023-2606)
    1012226* - WordPress 'wpForo' Plugin Local File Inclusion Vulnerability (CVE-2023-2249)


    Web Client Common
    1010540* - Download Of A Suspicious PowerShell Script File Detected
    1004715* - HTTP Web Client Decoding
    1011091* - Identified Download Of Executable File Over HTTP (ATT&CK T1105)
    1011500* - Identified Download of Python Reverse Shell Payload Over HTTP
    1011225* - Microsoft Project MPT File Parsing Out-Of-Bounds Read Vulnerability (ZDI-CAN-14518)
    1012070* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-2023-35628)
    1012074* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-2024-38112)
    1012141* - Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461)
    1012142* - Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461) - 1
    1011949* - Microsoft Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2024-21412)


    Web Client HTTPS
    1010130* - Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601)
    1010132* - Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) - 1
    1010290* - Microsoft Windows Transport Layer Security Denial Of Service Vulnerability (CVE-2020-1118) - Client


    Web Server Common
    1011249* - Apache Log4j Denial of Service Vulnerability (CVE-2021-45105)
    1011270* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) - 1
    1011265* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046)
    1011279* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046) - 1
    1000128* - HTTP Protocol Decoding


    Web Server HTTPS
    1012384 - Roundcube Webmail Insecure Deserialization Vulnerability (CVE-2025-49113)


    Windows SMB Client
    1011055* - Identified DCERPC OpenPrinterEx Call Over SMB Protocol
    1010701* - Microsoft Windows Defender Remote Code Execution Vulnerability Over SMB (CVE-2021-1647)


    Windows SMB Server
    1011058* - Identified DCERPC EFSRPC Methods Call Over SMB Protocol (PetitPotam)
    1011593* - Identified Executable File Upload On Network Share (ATT&CK T1570)
    1012318* - Identified Possible Ransomware File Rename Activity Over Network Share - 1
    1011680* - Microsoft Windows NEGOEX Remote Code Execution Vulnerability (CVE-2022-37958)
    1010884* - Microsoft Windows RPC Remote Code Execution Vulnerability (CVE-2017-8461)


    Windows Services RPC Client DCERPC
    1012178* - Identified Windows DCERPC AUTH LEVEL CONNECT Windows Remote Registry Request
    1007538* - Windows Client Port Mapper Decoder


    Windows Services RPC Server DCERPC
    1009892* - Identified Domain-Level Information Dumping Over DCERPC (ATT&CK T1003.006, T1018)
    1010539* - Identified NTLM Brute Force Attempt (ZeroLogon) (CVE-2020-1472)
    1009478* - Identified Remote Service Creation Over DCE/RPC Protocol (ATT&CK T1543.003)
    1007561* - Identified Windows DCERPC AUTH LEVEL CONNECT Password Validate Request
    1010519* - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • RULE UPDATE: 25-025 (June 17, 2025)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Mail Server Common
    1012173* - Roundcube Webmail Stored Cross-Site Scripting Vulnerability (CVE-2024-42009)


    NodeBB
    1012382 - NodeBB Stored Cross-Site Scripting Vulnerability (CVE-2024-57041)
    1012378 - NodeBB Stored Cross-Site Scripting Vulnerability (CVE-2025-29513)


    Spring Cloud Skipper Server
    1012171* - VMware Spring Cloud Skipper Server Directory Traversal Vulnerability (CVE-2024-22263)


    Web Application Common
    1012364 - Web Application Possible Brute Force Attempt-XFF (ATT&CK T1110)


    Web Application PHP Based
    1012157* - SPIP 'BigUp' Plugin Remote Code Execution Vulnerability (CVE-2024-8517)
    1012180* - WordPress 'Feed Them Social' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2383)
    1012366 - WordPress 'OttoKit: All-in-One Automation Platform (Formerly SureTriggers)' Plugin Authentication Bypass Vulnerability (CVE-2025-3102)
    1012363 - WordPress 'Return Refund and Exchange For WooCommerce' Plugin Arbitrary File Upload Vulnerability (CVE-2022-4047)


    Web Application Ruby Based
    1012189* - Grafana 'duckdb' Remote Code Execution Vulnerability (CVE-2024-9264)


    Web Server Common
    1006540* - Enable X-Forwarded-For HTTP Header Logging


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • RULE UPDATE: 25-024 (June 10, 2025)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    BentoML
    1012362 - BentoML's runner server Insecure Deserialization Vulnerability (CVE-2025-32375)


    CyberPanel
    1012377 - CyberPanel Command Injection Vulnerability (CVE-2024-51568)


    Directory Client LDAP TCP
    1012276* - Microsoft Windows LDAP Integer Overflow Vulnerability (CVE-2024-49112)


    Ivanti Endpoint Manager
    1012346* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-34781)


    JetBrains TeamCity
    1012297* - JetBrains TeamCity Cross-Site Scripting Vulnerability (CVE-2025-24459)


    Remote Desktop Gateway
    1012376 - Microsoft Windows Remote Desktop Gateway Denial Of Service Vulnerability (CVE-2025-30394)


    Web Application Common
    1012348* - ZendTo Remote Code Execution Vulnerability (CVE-2021-47667)


    Web Application PHP Based
    1012285* - Clinic's Patient Management System Remote Code Execution Vulnerability (CVE-2022-40471)


    Web Client Common
    1012379 - Microsoft Windows Remote Code Execution Vulnerability (CVE-2025-33053)


    Web Client HTTPS
    1012375 - Trend Micro Apex Central Deserialization Of Untrusted Data Vulnerability (CVE-2025-49220)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • RULE UPDATE: 25-023 (June 3, 2025)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Ivanti Avalanche
    1012298* - Ivanti Avalanche Authentication Bypass Vulnerability (CVE-2024-13181)


    Ivanti Endpoint Manager
    1012207* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50330)


    Microsoft Configuration Manager
    1012289* - Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)


    MyQ Print Server
    1012268* - MyQ Print Server Remote Code Execution Vulnerability (CVE-2024-28059)


    Solr Service
    1012291* - Apache Solr Directory Traversal Vulnerability (CVE-2024-52012)


    Web Application Common
    1011718* - ThinkPHP SQL Injection Vulnerability (CVE-2021-44350)


    Web Application PHP Based
    1011689* - LibreNMS Cross-Site Scripting Vulnerability (CVE-2022-4069)
    1011644* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4067)
    1012260* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-50352)
    1011736* - OpenCATS Cross-Site Scripting Vulnerability (CVE-2023-27293)
    1011772* - Pimcore SQL Injection Vulnerability (CVE-2023-1578)
    1011613* - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
    1011641* - WordPress 'Availability Calendar' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24604)
    1011537* - WordPress 'BackupBuddy' Plugin Directory Traversal Vulnerability (CVE-2022-31474)
    1011611* - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
    1011629* - WordPress 'Donate With QRCode' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24618)
    1011754* - WordPress 'Duplicator' Plugin Information Disclosure Vulnerability (CVE-2022-2551)
    1011604* - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
    1011605* - WordPress 'EventON Calendar' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2020-29395)
    1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
    1011617* - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
    1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
    1011561* - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)
    1011643* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2020-35589)
    1011634* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24657)
    1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
    1011747* - WordPress 'Metform Elementor Contact Form Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2023-0084)
    1011602* - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
    1011599* - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
    1011603* - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
    1011615* - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
    1011714* - WordPress 'Paid Memberships Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2022-4830)
    1011695* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2023-23488)
    1011609* - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
    1011606* - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
    1011638* - WordPress 'Responsive 3D Slider' Plugin SQL Injection Vulnerability (CVE-2021-24398)
    1011528* - WordPress 'Simple File List' Plugin Directory Traversal Vulnerability (CVE-2022-1119)
    1011637* - WordPress 'Simple School Staff Directory' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24663)
    1011621* - WordPress 'Snap Creek Duplicator' Plugin Directory Traversal Vulnerability (CVE-2020-11738)
    1011632* - WordPress 'Splash Header' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24587)
    1011618* - WordPress 'Support Board' Plugin SQL Injection Vulnerability (CVE-2021-24741)
    1011612* - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
    1011636* - WordPress 'ThinkTwit' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24582)
    1009644* - WordPress 'W3 Total Cache' Plugin Arbitrary File Read Vulnerability (CVE-2019-6715)
    1011622* - WordPress 'WP Dialog' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24600)
    1012368 - WordPress 'WP Hotel Booking' Plugin SQL Injection Vulnerability (CVE-2023-5652)
    1011620* - WordPress Directory Traversal Vulnerability (CVE-2019-8943)


    Web Application Tomcat
    1012369 - vBulletin Remote Code Execution Vulnerability (CVE-2025-48828)


    Web Server Common
    1011690* - dotCMS Directory Traversal Vulnerability (CVE-2022-45783)


    Web Server HTTPS
    1012371 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47865)
    1012372 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47867)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • RULE UPDATE: 25-022 (May 27, 2025)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share


    JetBrains TeamCity
    1012199* - JetBrains TeamCity Stored Cross-Site Scripting Vulnerability (CVE-2024-47950)


    MLflow
    1012096* - MLflow Path Traversal Vulnerabilities (CVE-2023-6909 and CVE-2024-2928)


    Mail Server Common
    1012185* - Roundcube Webmail Information Disclosure Vulnerability (CVE-2024-42010)


    Progress WhatsUp Gold
    1012184* - Progress WhatsUp Gold Information Disclosure Vulnerability (CVE-2024-5010)


    Web Application Common
    1011468* - Horde Groupware Webmail Insecure Deserialization Vulnerability (CVE-2022-30287)


    Web Application PHP Based
    1011319* - WordPress '404 to 301' Plugin Blind SQL Injection Vulnerability (CVE-2015-9323)
    1011392* - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
    1011439* - WordPress 'Advanced Uploader' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1103)
    1011425* - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
    1011416* - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
    1011426* - WordPress 'Blue Admin' Plugin Cross-Site Request Forgery Vulnerability (CVE-2021-24581)
    1011358* - WordPress 'CP Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0448)
    1011411* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
    1011419* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
    1011314* - WordPress 'Contact Form Check Tester' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24247)
    1011450* - WordPress 'Copy & Delete Posts' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-43408)
    1011337* - WordPress 'Download Monitor' Plugin Cross-Site Scripting Vulnerability (CVE-2021-23174)
    1011380* - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
    1011405* - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
    1011481* - WordPress 'Events Made Easy' Plugin SQL Injection Vulnerability (CVE-2022-1905)
    1011465* - WordPress 'Google Tag Manager for WordPress' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1707)
    1011356* - WordPress 'Header Footer Code Manager' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0710)
    1011409* - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
    1011431* - WordPress 'LayerSlider' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1153)
    1011410* - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
    1011353* - WordPress 'MasterStudy LMS' Plugin Admin Account Creation Vulnerability (CVE-2022-0441)
    1011400* - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
    1011388* - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
    1011335* - WordPress 'Mortgage-Calculators-Wp' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24904)
    1011334* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2021-25114)
    1011387* - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
    1011375* - WordPress 'Photoswipe Masonry Gallery' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0750)
    1011320* - WordPress 'Post Grid' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24488)
    1011489* - WordPress 'Random Banner' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0210)
    1011467* - WordPress 'ReDi Restaurant Reservation' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24299)
    1011393* - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)
    1011446* - WordPress 'Responsive Menu' Plugin Authenticated Arbitrary File Upload Vulnerability (CVE-2021-24160)
    1011423* - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
    1011351* - WordPress 'TI WooCommerce Wishlist' Plugin SQL Injection Vulnerability (CVE-2022-0412)
    1011610* - WordPress 'WP Domain Redirect' Plugin SQL Injection Vulnerability (CVE-2021-24401)
    1011600* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2021-24340)
    1011708* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2022-4230)
    1011473* - WordPress 'WP Statistics' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-25305)
    1011584* - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
    1011607* - WordPress 'WP iCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24402)
    1011639* - WordPress 'WP-Board' Plugin SQL Injection Vulnerability (CVE-2021-24404)
    1011582* - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)
    1011697* - WordPress 'Zephyr Project Manager' Plugin SQL Injection Vulnerability (CVE-2022-2840)
    1011401* - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)
    1011433* - WordPress 'tatsu' Plugin Remote Code Execution Vulnerability (CVE-2021-25094)
    1011452* - WordPress 'turn-off-comments-for-all-posts' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1192)
    1011635* - WordPress 'youForms Free For CopeCart' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24596)


    Web Server Common
    1011414* - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)


    Web Server HTTPS
    1012222* - Cacti Stored Cross-Site Scripting Vulnerability (CVE-2024-43362)
    1012188* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2024-6530)
    1011406* - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
    1012365 - Zabbix SQL Injection Vulnerability (CVE-2024-36465)
    1012221* - Zimbra Collaboration Reflected Cross-Site Scripting Vulnerability (CVE-2024-50599)


    dotCMS
    1011460* - dotCMS Directory Traversal Vulnerability (CVE-2022-26352)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • RULE UPDATE: 25-021 (May 20, 2025)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1012187* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2024-43642)


    HP Intelligent Management Center (IMC)
    1012208* - Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-45195)


    IBM WebSphere Application Server
    1009803* - IBM Websphere Application Server Remote Code Execution Vulnerability (CVE-2019-4279)


    Ivanti Avalanche
    1012169* - Ivanti Avalanche Path Traversal Vulnerability (CVE-2024-47011)


    JetBrains TeamCity
    1012181* - JetBrains TeamCity Directory Traversal Vulnerability (CVE-2024-47949)


    Web Application Common
    1011155* - FlatCore CMS Remote Code Execution Vulnerability (CVE-2021-39608)
    1010899* - LightCMS Stored Cross-Site Scripting Vulnerability (CVE-2021-3355)
    1011101* - MODX Revolution Remote Code Execution Vulnerability (CVE-2018-1000207)


    Web Application PHP Based
    1012361 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4068)
    1011278* - October CMS Security Bypass Vulnerability (CVE-2021-32648)
    1011266* - WordPress 'All-In-One-Seo-Pack' Plugin Remote Code Execution Vulnerability (CVE-2021-24307)
    1011074* - WordPress 'Backup Guard' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24155)
    1011252* - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)
    1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
    1011302* - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)
    1011296* - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
    1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
    1010993* - WordPress 'Directories Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29304)
    1011305* - WordPress 'Domain Check' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24926)
    1011220* - WordPress 'Download Manager' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24773)
    1011299* - WordPress 'Download Monitor' Plugin SQL Injection Vulnerability (CVE-2021-24786)
    1011352* - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)
    1011404* - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
    1011407* - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
    1012339 - WordPress 'WP Shortcodes' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2025-0370)
    1011341* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-0651)
    1011340* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25148)
    1011347* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25149)
    1011333* - WordPress 'WP Statistics' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2022-0513)
    1011321* - WordPress 'WooCommerce Product Slider' Plugin Reflected Cross Site Vulnerability (CVE-2021-24300)
    1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
    1011298* - WordPress Core Post Slug Stored Cross-Site Scripting Vulnerability (CVE-2022-21662)


    Web Server Common
    1010905* - B2evolution CMS Open Redirect Vulnerability (CVE-2020-22840)
    1010892* - B2evolution CMS Reflected Cross Site Scripting Vulnerability (CVE-2020-22839)
    1010985* - Subrion CMS Remote Code Execution Vulnerability (CVE-2018-19422)
    1011262* - SuiteCRM Remote Code Execution Vulnerability (CVE-2021-42840)


    Web Server HTTPS
    1012172* - Cacti Arbitrary File Write Vulnerability (CVE-2024-43363)
    1012353 - Cacti SQL Injection Vulnerability (CVE-2024-54146)
    1010935* - Joomla! CMS Stored Cross-Site Scripting Vulnerability (CVE-2021-26030)


    Windows Services RPC Client DCERPC
    1012178* - Identified Windows DCERPC AUTH LEVEL CONNECT Windows Remote Registry Request


    Zoho ManageEngine
    1012179* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2024-6748)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • RULE UPDATE: 25-020 (May 13, 2025)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Java RMI
    1009451* - Java Unserialize Remote Code Execution Vulnerability Over RMI


    WSO2
    1012342 - WSO2 API Manager Documentation Arbitrary File Upload Vulnerability


    Web Application Common
    1010750* - Zend Framework Deserialization Remote Code Execution Vulnerability (CVE-2021-3007)


    Web Application PHP Based
    1010886* - Batflat CMS Remote Code Execution Vulnerability (CVE-2020-35734)
    1008970* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)
    1009054* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7602)
    1011261* - WordPress 'DZS Zoomsounds' Plugin Directory Traversal Vulnerability (CVE-2021-39316)
    1011287* - WordPress 'Frontend Uploader' Plugin Cross Site Scripting Vulnerability (CVE-2021-24563)
    1011060* - WordPress 'LearnPress' Plugin Blind SQL Injection Vulnerability (CVE-2020-6010)
    1011209* - WordPress 'LearnPress' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-39348)
    1011325* - WordPress 'Perfect Survey' Plugin SQL Injection Vulnerability (CVE-2021-24762)
    1011015* - WordPress 'Poll, Survey, Questionnaire and Voting system' Plugin Blind SQL Injection Vulnerability
    1011264* - WordPress 'Popular Posts' Plugin Arbitrary File Upload Vulnerability (CVE-2021-42362)
    1011143* - WordPress 'ProfilePress' Plugin Privilege Escalation Vulnerability (CVE-2021-34621)
    1011173* - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
    1011056* - WordPress 'SP Project & Document Manager' Plugin Remote Code Execution Vulnerability (CVE-2021-24347)
    1011174* - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)
    1011169* - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
    1011168* - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)
    1011172* - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)
    1011286* - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
    1011324* - WordPress 'WP User Frontend' Plugin SQL Injection Vulnerability (CVE-2021-25076)
    1011165* - WordPress 'Woo-Order-Export-Lite' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24169)
    1011283* - WordPress 'Wp-Stats-Manager' Plugin SQL Injection Vulnerability (CVE-2021-24750)
    1011043* - WordPress 'XCloner' Plugin Remote Code Execution Vulnerability (CVE-2020-35948)
    1011193* - WordPress 'iThemes Security' Plugin SQL Injection Vulnerability (CVE-2018-12636)
    1010982* - WordPress 'wpDiscuz' Plugin Remote Code Execution Vulnerability (CVE-2020-24186)
    1010942* - WordPress XML External Entity Injection Vulnerability (CVE-2021-29447)


    Web Server Common
    1010737* - CMS Made Simple 'Showtime2' Reflected Cross Site Scripting Vulnerability (CVE-2020-20138)
    1010885* - CMS Made Simple Smarty Server-side Template Injection Vulnerability (CVE-2021-26120)
    1010802* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2008-6178)


    Web Server HTTPS
    1012354 - Craft CMS Remote Code Execution Vulnerability (CVE-2025-32432)
    1010795* - Joomla CMS Cross-Site Scripting Vulnerability (CVE-2021-23124)
    1012357 - SysAid Server Multiple XML External Entity Injection Vulnerabilities


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • RULE UPDATE: 25-019 (May 6, 2025)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    CyberPanel
    1012299* - CyberPanel Remote Code Execution Vulnerability (CVE-2024-53376)


    Web Application Common
    1010661* - BlackCat CMS Cross-Site Request Forgery Bypass Vulnerability (CVE-2020-25453)
    1010663* - Bludit CMS Brute Force Bypass Vulnerability (CVE-2019-17240)
    1010529* - CutePHP CuteNews Remote Code Execution Vulnerability (CVE-2019-11447)
    1009630* - DotNetNuke Remote Code Execution Vulnerability (CVE-2017-9822)
    1010668* - FUEL CMS Remote Code Execution Vulnerability (CVE-2018-16763)
    1012352 - Pandora FMS Command Injection Vulnerability (CVE-2024-12971)


    Web Application PHP Based
    1007459* - Drupal XRDS Document Denial Of Service Vulnerability (CVE-2014-5267)
    1010543* - GNUBoard 'ajax.autosave.php' SQL Injection Vulnerability (CVE-2014-2339)
    1010542* - GNUBoard 'tb.php' SQL Injection Vulnerability (CVE-2011-4066)
    1010545* - GNUBoard Local File Inclusion Vulnerability (EDB-ID-7927)
    1010547* - GNUBoard Remote Code Execution Vulnerability (KVE-2018-0449 and KVE-2018-0441)
    1010544* - GNUBoard SQL Injection Vulnerability (EDB-ID-7927)
    1010931* - GetSimple CMS Cross Site Scripting Vulnerability (CVE-2020-23839)
    1010564* - Joomla Arbitrary File Upload Vulnerability (CVE-2020-23972)
    1010212* - LibreNMS Collectd Command Injection Vulnerability (CVE-2019-10669)
    1012341* - LibreNMS Stored Cross-Site Scripting Vulnerabilities (CVE-2025-23199 and CVE-2025-23200)
    1006656* - Magento Admin Authentication Bypass Vulnerability
    1007641* - Magento Unauthenticated Arbitrary File Write Vulnerability (CVE-2016-4010)
    1007252* - PHP jui_filter_rule Parsing Library Remote Code Execution Vulnerability
    1012279* - WordPress 'WP Time Capsule' Plugin Arbitrary File Upload Vulnerability (CVE-2024-8856)
    1006097* - phpMyAdmin 'server_databases.php' Remote Command Execution Vulnerability


    Web Server Common
    1010412* - Bolt CMS Authenticated Remote Code Execution Vulnerability
    1010097* - CMS Made Simple (CMSMS) Remote Code Execution Vulnerability (CVE-2019-9692)
    1010082* - CMS Made Simple Authenticated RCE Via Object Injection Vulnerability (CVE-2019-9055)
    1010323* - Gila CMS Image Upload Remote Code Execution Vulnerability (CVE-2020-5514)
    1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)


    Web Server HTTPS
    1012350 - Cacti Arbitrary File Read Vulnerability (CVE-2024-45598)
    1010723* - Identified Generic PHP Webshell Payload Over HTTP
    1010718* - Joomla CMS 'mod_random_image' Stored Cross-Site Scripting Vulnerability (CVE-2020-15696)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • RULE UPDATE: 25-018 (April 29, 2025)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Ivanti Endpoint Manager
    1012253* - Ivanti Endpoint Manager SQL Injection Vulnerabilities (CVE-2024-32848 and CVE-2024-13162)
    1012346 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-34781)
    1012345 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2025-22461)


    Web Application Common
    1010023* - October CMS Upload Protection Bypass Code Execution Vulnerability (CVE-2017-1000119)
    1010036* - SDCMS Remote Code Execution Vulnerability (CVE-2018-19520)
    1012348 - ZendTo Remote Code Execution Vulnerability (CVE-2021-47667)


    Web Application PHP Based
    1009720* - Drupal Core Cross-Site Scripting Vulnerability (CVE-2019-6341)
    1009541* - Drupal Core Remote Code Execution Vulnerability (CVE-2019-6340)
    1009157* - Joomla Component Ekrishta SQL Injection Vulnerability (CVE-2018-12254)
    1009308* - Moodle PHP Unserialize Remote Code Execution Vulnerability (CVE-2018-14630)
    1010338* - PHP-Fusion Administration Banner Stored Cross-Site Scripting Vulnerability (CVE-2020-12438)
    1010281* - Rank Math Wordpress SEO Plugin 'updateMeta' Privilege Escalation Vulnerability (CVE-2020-11514)
    1012344 - WordPress 'Beautiful Taxonomy Filters' Plugin SQL Injection Vulnerability (CVE-2024-12270)
    1010705* - WordPress 'Canto' Plugin Multiple Server-Side Request Forgery Vulnerabilities
    1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
    1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)
    1010194* - WordPress 'GDPR Cookie Consent Plugin' Stored Cross-Site Scripting Vulnerability
    1010551* - WordPress 'SupportCandy Plugin' Arbitrary File Upload Vulnerability (CVE-2019-11223)
    1010683* - WordPress 'Ultimate Member' Plugin Multiple Privilege Escalation Vulnerabilities
    1010499* - WordPress 'WP EasyCart Plugin' Shell Upload Vulnerability (CVE-2014-9308)
    1012347 - WordPress 'WP Load Gallery' Plugin Arbitrary File Upload Vulnerability (CVE-2025-23942)
    1010359* - WordPress 'bbPress' Plugin Unauthenticated Privilege Escalation Vulnerability (CVE-2020-13693)
    1010375* - WordPress 10Web Photo Gallery Plugin SQL Injection Vulnerability
    1009776* - WordPress Comment Field Remote Code Execution Vulnerability (CVE-2019-9787)
    1009617* - WordPress Easy SMTP Plugin Unauthenticated Arbitrary 'wp_options' Import Vulnerability
    1010172* - WordPress InfiniteWP And Time Capsule Plugin Client Authentication Bypass Vulnerability (CVE-2020-8771)
    1008148* - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
    1009751* - WordPress PayPal Checkout Payment Gateway Plugin Parameter Tampering Vulnerability (CVE-2019-7441)
    1010122* - WordPress Plainview Activity Monitor Plugin Remote Code Execution Vulnerability (CVE-2018-15877)
    1010341* - Wordpress Drag and Drop Multi File Uploader Remote Code Execution Vulnerability (CVE-2020-12800)
    1010648* - Wordpress Woody Ad Snippets Plugin Remote Code Execution Vulnerability (CVE-2019-15858)


    Web Application Tomcat
    1000697* - Directory Listing in Apache Tomcat 5.x.x


    Web Server Adobe ColdFusion
    1012011* - Adobe ColdFusion Directory Traversal Vulnerabilities (CVE-2024-20767 and CVE-2024-53961)


    Web Server HTTPS
    1012314 - Cacti CRLF Injection Vulnerability (CVE-2025-24367)


    Web Server Miscellaneous
    1012335 - CrushFTP Authentication Bypass Vulnerability (CVE-2025-2825 and CVE-2025-31161)


    pgAdmin
    1012349 - pgAdmin Remote Code Execution Vulnerability (CVE-2025-2945)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • RULE UPDATE: 25-017 (April 26, 2025)
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    SAP NetWeaver Visual Composer
    1012351 - SAP NetWeaver Visual Composer Unrestricted File Upload Vulnerability (CVE-2025-31324)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.