Deep Security Center
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Ivanti Avalanche
1012298* - Ivanti Avalanche Authentication Bypass Vulnerability (CVE-2024-13181)
Ivanti Endpoint Manager
1012207* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50330)
Microsoft Configuration Manager
1012289* - Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)
MyQ Print Server
1012268* - MyQ Print Server Remote Code Execution Vulnerability (CVE-2024-28059)
Solr Service
1012291* - Apache Solr Directory Traversal Vulnerability (CVE-2024-52012)
Web Application Common
1011718* - ThinkPHP SQL Injection Vulnerability (CVE-2021-44350)
Web Application PHP Based
1011689* - LibreNMS Cross-Site Scripting Vulnerability (CVE-2022-4069)
1011644* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4067)
1012260* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-50352)
1011736* - OpenCATS Cross-Site Scripting Vulnerability (CVE-2023-27293)
1011772* - Pimcore SQL Injection Vulnerability (CVE-2023-1578)
1011613* - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011641* - WordPress 'Availability Calendar' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24604)
1011537* - WordPress 'BackupBuddy' Plugin Directory Traversal Vulnerability (CVE-2022-31474)
1011611* - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011629* - WordPress 'Donate With QRCode' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24618)
1011754* - WordPress 'Duplicator' Plugin Information Disclosure Vulnerability (CVE-2022-2551)
1011604* - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011605* - WordPress 'EventON Calendar' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2020-29395)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617* - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011561* - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)
1011643* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2020-35589)
1011634* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24657)
1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
1011747* - WordPress 'Metform Elementor Contact Form Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2023-0084)
1011602* - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
1011599* - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011603* - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
1011615* - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011714* - WordPress 'Paid Memberships Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2022-4830)
1011695* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2023-23488)
1011609* - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606* - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011638* - WordPress 'Responsive 3D Slider' Plugin SQL Injection Vulnerability (CVE-2021-24398)
1011528* - WordPress 'Simple File List' Plugin Directory Traversal Vulnerability (CVE-2022-1119)
1011637* - WordPress 'Simple School Staff Directory' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24663)
1011621* - WordPress 'Snap Creek Duplicator' Plugin Directory Traversal Vulnerability (CVE-2020-11738)
1011632* - WordPress 'Splash Header' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24587)
1011618* - WordPress 'Support Board' Plugin SQL Injection Vulnerability (CVE-2021-24741)
1011612* - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011636* - WordPress 'ThinkTwit' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24582)
1009644* - WordPress 'W3 Total Cache' Plugin Arbitrary File Read Vulnerability (CVE-2019-6715)
1011622* - WordPress 'WP Dialog' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24600)
1012368 - WordPress 'WP Hotel Booking' Plugin SQL Injection Vulnerability (CVE-2023-5652)
1011620* - WordPress Directory Traversal Vulnerability (CVE-2019-8943)
Web Application Tomcat
1012369 - vBulletin Remote Code Execution Vulnerability (CVE-2025-48828)
Web Server Common
1011690* - dotCMS Directory Traversal Vulnerability (CVE-2022-45783)
Web Server HTTPS
1012371 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47865)
1012372 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47867)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Ivanti Avalanche
1012298* - Ivanti Avalanche Authentication Bypass Vulnerability (CVE-2024-13181)
Ivanti Endpoint Manager
1012207* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50330)
Microsoft Configuration Manager
1012289* - Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)
MyQ Print Server
1012268* - MyQ Print Server Remote Code Execution Vulnerability (CVE-2024-28059)
Solr Service
1012291* - Apache Solr Directory Traversal Vulnerability (CVE-2024-52012)
Web Application Common
1011718* - ThinkPHP SQL Injection Vulnerability (CVE-2021-44350)
Web Application PHP Based
1011689* - LibreNMS Cross-Site Scripting Vulnerability (CVE-2022-4069)
1011644* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4067)
1012260* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-50352)
1011736* - OpenCATS Cross-Site Scripting Vulnerability (CVE-2023-27293)
1011772* - Pimcore SQL Injection Vulnerability (CVE-2023-1578)
1011613* - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011641* - WordPress 'Availability Calendar' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24604)
1011537* - WordPress 'BackupBuddy' Plugin Directory Traversal Vulnerability (CVE-2022-31474)
1011611* - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011629* - WordPress 'Donate With QRCode' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24618)
1011754* - WordPress 'Duplicator' Plugin Information Disclosure Vulnerability (CVE-2022-2551)
1011604* - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011605* - WordPress 'EventON Calendar' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2020-29395)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617* - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011561* - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)
1011643* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2020-35589)
1011634* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24657)
1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
1011747* - WordPress 'Metform Elementor Contact Form Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2023-0084)
1011602* - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
1011599* - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011603* - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
1011615* - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011714* - WordPress 'Paid Memberships Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2022-4830)
1011695* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2023-23488)
1011609* - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606* - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011638* - WordPress 'Responsive 3D Slider' Plugin SQL Injection Vulnerability (CVE-2021-24398)
1011528* - WordPress 'Simple File List' Plugin Directory Traversal Vulnerability (CVE-2022-1119)
1011637* - WordPress 'Simple School Staff Directory' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24663)
1011621* - WordPress 'Snap Creek Duplicator' Plugin Directory Traversal Vulnerability (CVE-2020-11738)
1011632* - WordPress 'Splash Header' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24587)
1011618* - WordPress 'Support Board' Plugin SQL Injection Vulnerability (CVE-2021-24741)
1011612* - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011636* - WordPress 'ThinkTwit' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24582)
1009644* - WordPress 'W3 Total Cache' Plugin Arbitrary File Read Vulnerability (CVE-2019-6715)
1011622* - WordPress 'WP Dialog' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24600)
1012368 - WordPress 'WP Hotel Booking' Plugin SQL Injection Vulnerability (CVE-2023-5652)
1011620* - WordPress Directory Traversal Vulnerability (CVE-2019-8943)
Web Application Tomcat
1012369 - vBulletin Remote Code Execution Vulnerability (CVE-2025-48828)
Web Server Common
1011690* - dotCMS Directory Traversal Vulnerability (CVE-2022-45783)
Web Server HTTPS
1012371 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47865)
1012372 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47867)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
JetBrains TeamCity
1012199* - JetBrains TeamCity Stored Cross-Site Scripting Vulnerability (CVE-2024-47950)
MLflow
1012096* - MLflow Path Traversal Vulnerabilities (CVE-2023-6909 and CVE-2024-2928)
Mail Server Common
1012185* - Roundcube Webmail Information Disclosure Vulnerability (CVE-2024-42010)
Progress WhatsUp Gold
1012184* - Progress WhatsUp Gold Information Disclosure Vulnerability (CVE-2024-5010)
Web Application Common
1011468* - Horde Groupware Webmail Insecure Deserialization Vulnerability (CVE-2022-30287)
Web Application PHP Based
1011319* - WordPress '404 to 301' Plugin Blind SQL Injection Vulnerability (CVE-2015-9323)
1011392* - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
1011439* - WordPress 'Advanced Uploader' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1103)
1011425* - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
1011416* - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
1011426* - WordPress 'Blue Admin' Plugin Cross-Site Request Forgery Vulnerability (CVE-2021-24581)
1011358* - WordPress 'CP Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0448)
1011411* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
1011419* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
1011314* - WordPress 'Contact Form Check Tester' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24247)
1011450* - WordPress 'Copy & Delete Posts' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-43408)
1011337* - WordPress 'Download Monitor' Plugin Cross-Site Scripting Vulnerability (CVE-2021-23174)
1011380* - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
1011405* - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
1011481* - WordPress 'Events Made Easy' Plugin SQL Injection Vulnerability (CVE-2022-1905)
1011465* - WordPress 'Google Tag Manager for WordPress' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1707)
1011356* - WordPress 'Header Footer Code Manager' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0710)
1011409* - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
1011431* - WordPress 'LayerSlider' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1153)
1011410* - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
1011353* - WordPress 'MasterStudy LMS' Plugin Admin Account Creation Vulnerability (CVE-2022-0441)
1011400* - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
1011388* - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
1011335* - WordPress 'Mortgage-Calculators-Wp' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24904)
1011334* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2021-25114)
1011387* - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
1011375* - WordPress 'Photoswipe Masonry Gallery' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0750)
1011320* - WordPress 'Post Grid' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24488)
1011489* - WordPress 'Random Banner' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0210)
1011467* - WordPress 'ReDi Restaurant Reservation' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24299)
1011393* - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)
1011446* - WordPress 'Responsive Menu' Plugin Authenticated Arbitrary File Upload Vulnerability (CVE-2021-24160)
1011423* - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
1011351* - WordPress 'TI WooCommerce Wishlist' Plugin SQL Injection Vulnerability (CVE-2022-0412)
1011610* - WordPress 'WP Domain Redirect' Plugin SQL Injection Vulnerability (CVE-2021-24401)
1011600* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2021-24340)
1011708* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2022-4230)
1011473* - WordPress 'WP Statistics' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-25305)
1011584* - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
1011607* - WordPress 'WP iCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24402)
1011639* - WordPress 'WP-Board' Plugin SQL Injection Vulnerability (CVE-2021-24404)
1011582* - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)
1011697* - WordPress 'Zephyr Project Manager' Plugin SQL Injection Vulnerability (CVE-2022-2840)
1011401* - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)
1011433* - WordPress 'tatsu' Plugin Remote Code Execution Vulnerability (CVE-2021-25094)
1011452* - WordPress 'turn-off-comments-for-all-posts' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1192)
1011635* - WordPress 'youForms Free For CopeCart' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24596)
Web Server Common
1011414* - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)
Web Server HTTPS
1012222* - Cacti Stored Cross-Site Scripting Vulnerability (CVE-2024-43362)
1012188* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2024-6530)
1011406* - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
1012365 - Zabbix SQL Injection Vulnerability (CVE-2024-36465)
1012221* - Zimbra Collaboration Reflected Cross-Site Scripting Vulnerability (CVE-2024-50599)
dotCMS
1011460* - dotCMS Directory Traversal Vulnerability (CVE-2022-26352)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
JetBrains TeamCity
1012199* - JetBrains TeamCity Stored Cross-Site Scripting Vulnerability (CVE-2024-47950)
MLflow
1012096* - MLflow Path Traversal Vulnerabilities (CVE-2023-6909 and CVE-2024-2928)
Mail Server Common
1012185* - Roundcube Webmail Information Disclosure Vulnerability (CVE-2024-42010)
Progress WhatsUp Gold
1012184* - Progress WhatsUp Gold Information Disclosure Vulnerability (CVE-2024-5010)
Web Application Common
1011468* - Horde Groupware Webmail Insecure Deserialization Vulnerability (CVE-2022-30287)
Web Application PHP Based
1011319* - WordPress '404 to 301' Plugin Blind SQL Injection Vulnerability (CVE-2015-9323)
1011392* - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
1011439* - WordPress 'Advanced Uploader' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1103)
1011425* - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
1011416* - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
1011426* - WordPress 'Blue Admin' Plugin Cross-Site Request Forgery Vulnerability (CVE-2021-24581)
1011358* - WordPress 'CP Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0448)
1011411* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
1011419* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
1011314* - WordPress 'Contact Form Check Tester' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24247)
1011450* - WordPress 'Copy & Delete Posts' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-43408)
1011337* - WordPress 'Download Monitor' Plugin Cross-Site Scripting Vulnerability (CVE-2021-23174)
1011380* - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
1011405* - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
1011481* - WordPress 'Events Made Easy' Plugin SQL Injection Vulnerability (CVE-2022-1905)
1011465* - WordPress 'Google Tag Manager for WordPress' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1707)
1011356* - WordPress 'Header Footer Code Manager' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0710)
1011409* - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
1011431* - WordPress 'LayerSlider' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1153)
1011410* - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
1011353* - WordPress 'MasterStudy LMS' Plugin Admin Account Creation Vulnerability (CVE-2022-0441)
1011400* - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
1011388* - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
1011335* - WordPress 'Mortgage-Calculators-Wp' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24904)
1011334* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2021-25114)
1011387* - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
1011375* - WordPress 'Photoswipe Masonry Gallery' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0750)
1011320* - WordPress 'Post Grid' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24488)
1011489* - WordPress 'Random Banner' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0210)
1011467* - WordPress 'ReDi Restaurant Reservation' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24299)
1011393* - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)
1011446* - WordPress 'Responsive Menu' Plugin Authenticated Arbitrary File Upload Vulnerability (CVE-2021-24160)
1011423* - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
1011351* - WordPress 'TI WooCommerce Wishlist' Plugin SQL Injection Vulnerability (CVE-2022-0412)
1011610* - WordPress 'WP Domain Redirect' Plugin SQL Injection Vulnerability (CVE-2021-24401)
1011600* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2021-24340)
1011708* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2022-4230)
1011473* - WordPress 'WP Statistics' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-25305)
1011584* - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
1011607* - WordPress 'WP iCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24402)
1011639* - WordPress 'WP-Board' Plugin SQL Injection Vulnerability (CVE-2021-24404)
1011582* - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)
1011697* - WordPress 'Zephyr Project Manager' Plugin SQL Injection Vulnerability (CVE-2022-2840)
1011401* - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)
1011433* - WordPress 'tatsu' Plugin Remote Code Execution Vulnerability (CVE-2021-25094)
1011452* - WordPress 'turn-off-comments-for-all-posts' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1192)
1011635* - WordPress 'youForms Free For CopeCart' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24596)
Web Server Common
1011414* - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)
Web Server HTTPS
1012222* - Cacti Stored Cross-Site Scripting Vulnerability (CVE-2024-43362)
1012188* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2024-6530)
1011406* - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
1012365 - Zabbix SQL Injection Vulnerability (CVE-2024-36465)
1012221* - Zimbra Collaboration Reflected Cross-Site Scripting Vulnerability (CVE-2024-50599)
dotCMS
1011460* - dotCMS Directory Traversal Vulnerability (CVE-2022-26352)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1012187* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2024-43642)
HP Intelligent Management Center (IMC)
1012208* - Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-45195)
IBM WebSphere Application Server
1009803* - IBM Websphere Application Server Remote Code Execution Vulnerability (CVE-2019-4279)
Ivanti Avalanche
1012169* - Ivanti Avalanche Path Traversal Vulnerability (CVE-2024-47011)
JetBrains TeamCity
1012181* - JetBrains TeamCity Directory Traversal Vulnerability (CVE-2024-47949)
Web Application Common
1011155* - FlatCore CMS Remote Code Execution Vulnerability (CVE-2021-39608)
1010899* - LightCMS Stored Cross-Site Scripting Vulnerability (CVE-2021-3355)
1011101* - MODX Revolution Remote Code Execution Vulnerability (CVE-2018-1000207)
Web Application PHP Based
1012361 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4068)
1011278* - October CMS Security Bypass Vulnerability (CVE-2021-32648)
1011266* - WordPress 'All-In-One-Seo-Pack' Plugin Remote Code Execution Vulnerability (CVE-2021-24307)
1011074* - WordPress 'Backup Guard' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24155)
1011252* - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)
1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
1011302* - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)
1011296* - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
1010993* - WordPress 'Directories Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29304)
1011305* - WordPress 'Domain Check' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24926)
1011220* - WordPress 'Download Manager' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24773)
1011299* - WordPress 'Download Monitor' Plugin SQL Injection Vulnerability (CVE-2021-24786)
1011352* - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)
1011404* - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
1011407* - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
1012339 - WordPress 'WP Shortcodes' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2025-0370)
1011341* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-0651)
1011340* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25148)
1011347* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25149)
1011333* - WordPress 'WP Statistics' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2022-0513)
1011321* - WordPress 'WooCommerce Product Slider' Plugin Reflected Cross Site Vulnerability (CVE-2021-24300)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
1011298* - WordPress Core Post Slug Stored Cross-Site Scripting Vulnerability (CVE-2022-21662)
Web Server Common
1010905* - B2evolution CMS Open Redirect Vulnerability (CVE-2020-22840)
1010892* - B2evolution CMS Reflected Cross Site Scripting Vulnerability (CVE-2020-22839)
1010985* - Subrion CMS Remote Code Execution Vulnerability (CVE-2018-19422)
1011262* - SuiteCRM Remote Code Execution Vulnerability (CVE-2021-42840)
Web Server HTTPS
1012172* - Cacti Arbitrary File Write Vulnerability (CVE-2024-43363)
1012353 - Cacti SQL Injection Vulnerability (CVE-2024-54146)
1010935* - Joomla! CMS Stored Cross-Site Scripting Vulnerability (CVE-2021-26030)
Windows Services RPC Client DCERPC
1012178* - Identified Windows DCERPC AUTH LEVEL CONNECT Windows Remote Registry Request
Zoho ManageEngine
1012179* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2024-6748)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1012187* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2024-43642)
HP Intelligent Management Center (IMC)
1012208* - Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-45195)
IBM WebSphere Application Server
1009803* - IBM Websphere Application Server Remote Code Execution Vulnerability (CVE-2019-4279)
Ivanti Avalanche
1012169* - Ivanti Avalanche Path Traversal Vulnerability (CVE-2024-47011)
JetBrains TeamCity
1012181* - JetBrains TeamCity Directory Traversal Vulnerability (CVE-2024-47949)
Web Application Common
1011155* - FlatCore CMS Remote Code Execution Vulnerability (CVE-2021-39608)
1010899* - LightCMS Stored Cross-Site Scripting Vulnerability (CVE-2021-3355)
1011101* - MODX Revolution Remote Code Execution Vulnerability (CVE-2018-1000207)
Web Application PHP Based
1012361 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4068)
1011278* - October CMS Security Bypass Vulnerability (CVE-2021-32648)
1011266* - WordPress 'All-In-One-Seo-Pack' Plugin Remote Code Execution Vulnerability (CVE-2021-24307)
1011074* - WordPress 'Backup Guard' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24155)
1011252* - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)
1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
1011302* - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)
1011296* - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
1010993* - WordPress 'Directories Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29304)
1011305* - WordPress 'Domain Check' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24926)
1011220* - WordPress 'Download Manager' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24773)
1011299* - WordPress 'Download Monitor' Plugin SQL Injection Vulnerability (CVE-2021-24786)
1011352* - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)
1011404* - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
1011407* - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
1012339 - WordPress 'WP Shortcodes' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2025-0370)
1011341* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-0651)
1011340* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25148)
1011347* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25149)
1011333* - WordPress 'WP Statistics' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2022-0513)
1011321* - WordPress 'WooCommerce Product Slider' Plugin Reflected Cross Site Vulnerability (CVE-2021-24300)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
1011298* - WordPress Core Post Slug Stored Cross-Site Scripting Vulnerability (CVE-2022-21662)
Web Server Common
1010905* - B2evolution CMS Open Redirect Vulnerability (CVE-2020-22840)
1010892* - B2evolution CMS Reflected Cross Site Scripting Vulnerability (CVE-2020-22839)
1010985* - Subrion CMS Remote Code Execution Vulnerability (CVE-2018-19422)
1011262* - SuiteCRM Remote Code Execution Vulnerability (CVE-2021-42840)
Web Server HTTPS
1012172* - Cacti Arbitrary File Write Vulnerability (CVE-2024-43363)
1012353 - Cacti SQL Injection Vulnerability (CVE-2024-54146)
1010935* - Joomla! CMS Stored Cross-Site Scripting Vulnerability (CVE-2021-26030)
Windows Services RPC Client DCERPC
1012178* - Identified Windows DCERPC AUTH LEVEL CONNECT Windows Remote Registry Request
Zoho ManageEngine
1012179* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2024-6748)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Java RMI
1009451* - Java Unserialize Remote Code Execution Vulnerability Over RMI
WSO2
1012342 - WSO2 API Manager Documentation Arbitrary File Upload Vulnerability
Web Application Common
1010750* - Zend Framework Deserialization Remote Code Execution Vulnerability (CVE-2021-3007)
Web Application PHP Based
1010886* - Batflat CMS Remote Code Execution Vulnerability (CVE-2020-35734)
1008970* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)
1009054* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7602)
1011261* - WordPress 'DZS Zoomsounds' Plugin Directory Traversal Vulnerability (CVE-2021-39316)
1011287* - WordPress 'Frontend Uploader' Plugin Cross Site Scripting Vulnerability (CVE-2021-24563)
1011060* - WordPress 'LearnPress' Plugin Blind SQL Injection Vulnerability (CVE-2020-6010)
1011209* - WordPress 'LearnPress' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-39348)
1011325* - WordPress 'Perfect Survey' Plugin SQL Injection Vulnerability (CVE-2021-24762)
1011015* - WordPress 'Poll, Survey, Questionnaire and Voting system' Plugin Blind SQL Injection Vulnerability
1011264* - WordPress 'Popular Posts' Plugin Arbitrary File Upload Vulnerability (CVE-2021-42362)
1011143* - WordPress 'ProfilePress' Plugin Privilege Escalation Vulnerability (CVE-2021-34621)
1011173* - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
1011056* - WordPress 'SP Project & Document Manager' Plugin Remote Code Execution Vulnerability (CVE-2021-24347)
1011174* - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)
1011169* - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
1011168* - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)
1011172* - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)
1011286* - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011324* - WordPress 'WP User Frontend' Plugin SQL Injection Vulnerability (CVE-2021-25076)
1011165* - WordPress 'Woo-Order-Export-Lite' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24169)
1011283* - WordPress 'Wp-Stats-Manager' Plugin SQL Injection Vulnerability (CVE-2021-24750)
1011043* - WordPress 'XCloner' Plugin Remote Code Execution Vulnerability (CVE-2020-35948)
1011193* - WordPress 'iThemes Security' Plugin SQL Injection Vulnerability (CVE-2018-12636)
1010982* - WordPress 'wpDiscuz' Plugin Remote Code Execution Vulnerability (CVE-2020-24186)
1010942* - WordPress XML External Entity Injection Vulnerability (CVE-2021-29447)
Web Server Common
1010737* - CMS Made Simple 'Showtime2' Reflected Cross Site Scripting Vulnerability (CVE-2020-20138)
1010885* - CMS Made Simple Smarty Server-side Template Injection Vulnerability (CVE-2021-26120)
1010802* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2008-6178)
Web Server HTTPS
1012354 - Craft CMS Remote Code Execution Vulnerability (CVE-2025-32432)
1010795* - Joomla CMS Cross-Site Scripting Vulnerability (CVE-2021-23124)
1012357 - SysAid Server Multiple XML External Entity Injection Vulnerabilities
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Java RMI
1009451* - Java Unserialize Remote Code Execution Vulnerability Over RMI
WSO2
1012342 - WSO2 API Manager Documentation Arbitrary File Upload Vulnerability
Web Application Common
1010750* - Zend Framework Deserialization Remote Code Execution Vulnerability (CVE-2021-3007)
Web Application PHP Based
1010886* - Batflat CMS Remote Code Execution Vulnerability (CVE-2020-35734)
1008970* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)
1009054* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7602)
1011261* - WordPress 'DZS Zoomsounds' Plugin Directory Traversal Vulnerability (CVE-2021-39316)
1011287* - WordPress 'Frontend Uploader' Plugin Cross Site Scripting Vulnerability (CVE-2021-24563)
1011060* - WordPress 'LearnPress' Plugin Blind SQL Injection Vulnerability (CVE-2020-6010)
1011209* - WordPress 'LearnPress' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-39348)
1011325* - WordPress 'Perfect Survey' Plugin SQL Injection Vulnerability (CVE-2021-24762)
1011015* - WordPress 'Poll, Survey, Questionnaire and Voting system' Plugin Blind SQL Injection Vulnerability
1011264* - WordPress 'Popular Posts' Plugin Arbitrary File Upload Vulnerability (CVE-2021-42362)
1011143* - WordPress 'ProfilePress' Plugin Privilege Escalation Vulnerability (CVE-2021-34621)
1011173* - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
1011056* - WordPress 'SP Project & Document Manager' Plugin Remote Code Execution Vulnerability (CVE-2021-24347)
1011174* - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)
1011169* - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
1011168* - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)
1011172* - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)
1011286* - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011324* - WordPress 'WP User Frontend' Plugin SQL Injection Vulnerability (CVE-2021-25076)
1011165* - WordPress 'Woo-Order-Export-Lite' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24169)
1011283* - WordPress 'Wp-Stats-Manager' Plugin SQL Injection Vulnerability (CVE-2021-24750)
1011043* - WordPress 'XCloner' Plugin Remote Code Execution Vulnerability (CVE-2020-35948)
1011193* - WordPress 'iThemes Security' Plugin SQL Injection Vulnerability (CVE-2018-12636)
1010982* - WordPress 'wpDiscuz' Plugin Remote Code Execution Vulnerability (CVE-2020-24186)
1010942* - WordPress XML External Entity Injection Vulnerability (CVE-2021-29447)
Web Server Common
1010737* - CMS Made Simple 'Showtime2' Reflected Cross Site Scripting Vulnerability (CVE-2020-20138)
1010885* - CMS Made Simple Smarty Server-side Template Injection Vulnerability (CVE-2021-26120)
1010802* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2008-6178)
Web Server HTTPS
1012354 - Craft CMS Remote Code Execution Vulnerability (CVE-2025-32432)
1010795* - Joomla CMS Cross-Site Scripting Vulnerability (CVE-2021-23124)
1012357 - SysAid Server Multiple XML External Entity Injection Vulnerabilities
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
CyberPanel
1012299* - CyberPanel Remote Code Execution Vulnerability (CVE-2024-53376)
Web Application Common
1010661* - BlackCat CMS Cross-Site Request Forgery Bypass Vulnerability (CVE-2020-25453)
1010663* - Bludit CMS Brute Force Bypass Vulnerability (CVE-2019-17240)
1010529* - CutePHP CuteNews Remote Code Execution Vulnerability (CVE-2019-11447)
1009630* - DotNetNuke Remote Code Execution Vulnerability (CVE-2017-9822)
1010668* - FUEL CMS Remote Code Execution Vulnerability (CVE-2018-16763)
1012352 - Pandora FMS Command Injection Vulnerability (CVE-2024-12971)
Web Application PHP Based
1007459* - Drupal XRDS Document Denial Of Service Vulnerability (CVE-2014-5267)
1010543* - GNUBoard 'ajax.autosave.php' SQL Injection Vulnerability (CVE-2014-2339)
1010542* - GNUBoard 'tb.php' SQL Injection Vulnerability (CVE-2011-4066)
1010545* - GNUBoard Local File Inclusion Vulnerability (EDB-ID-7927)
1010547* - GNUBoard Remote Code Execution Vulnerability (KVE-2018-0449 and KVE-2018-0441)
1010544* - GNUBoard SQL Injection Vulnerability (EDB-ID-7927)
1010931* - GetSimple CMS Cross Site Scripting Vulnerability (CVE-2020-23839)
1010564* - Joomla Arbitrary File Upload Vulnerability (CVE-2020-23972)
1010212* - LibreNMS Collectd Command Injection Vulnerability (CVE-2019-10669)
1012341* - LibreNMS Stored Cross-Site Scripting Vulnerabilities (CVE-2025-23199 and CVE-2025-23200)
1006656* - Magento Admin Authentication Bypass Vulnerability
1007641* - Magento Unauthenticated Arbitrary File Write Vulnerability (CVE-2016-4010)
1007252* - PHP jui_filter_rule Parsing Library Remote Code Execution Vulnerability
1012279* - WordPress 'WP Time Capsule' Plugin Arbitrary File Upload Vulnerability (CVE-2024-8856)
1006097* - phpMyAdmin 'server_databases.php' Remote Command Execution Vulnerability
Web Server Common
1010412* - Bolt CMS Authenticated Remote Code Execution Vulnerability
1010097* - CMS Made Simple (CMSMS) Remote Code Execution Vulnerability (CVE-2019-9692)
1010082* - CMS Made Simple Authenticated RCE Via Object Injection Vulnerability (CVE-2019-9055)
1010323* - Gila CMS Image Upload Remote Code Execution Vulnerability (CVE-2020-5514)
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)
Web Server HTTPS
1012350 - Cacti Arbitrary File Read Vulnerability (CVE-2024-45598)
1010723* - Identified Generic PHP Webshell Payload Over HTTP
1010718* - Joomla CMS 'mod_random_image' Stored Cross-Site Scripting Vulnerability (CVE-2020-15696)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
CyberPanel
1012299* - CyberPanel Remote Code Execution Vulnerability (CVE-2024-53376)
Web Application Common
1010661* - BlackCat CMS Cross-Site Request Forgery Bypass Vulnerability (CVE-2020-25453)
1010663* - Bludit CMS Brute Force Bypass Vulnerability (CVE-2019-17240)
1010529* - CutePHP CuteNews Remote Code Execution Vulnerability (CVE-2019-11447)
1009630* - DotNetNuke Remote Code Execution Vulnerability (CVE-2017-9822)
1010668* - FUEL CMS Remote Code Execution Vulnerability (CVE-2018-16763)
1012352 - Pandora FMS Command Injection Vulnerability (CVE-2024-12971)
Web Application PHP Based
1007459* - Drupal XRDS Document Denial Of Service Vulnerability (CVE-2014-5267)
1010543* - GNUBoard 'ajax.autosave.php' SQL Injection Vulnerability (CVE-2014-2339)
1010542* - GNUBoard 'tb.php' SQL Injection Vulnerability (CVE-2011-4066)
1010545* - GNUBoard Local File Inclusion Vulnerability (EDB-ID-7927)
1010547* - GNUBoard Remote Code Execution Vulnerability (KVE-2018-0449 and KVE-2018-0441)
1010544* - GNUBoard SQL Injection Vulnerability (EDB-ID-7927)
1010931* - GetSimple CMS Cross Site Scripting Vulnerability (CVE-2020-23839)
1010564* - Joomla Arbitrary File Upload Vulnerability (CVE-2020-23972)
1010212* - LibreNMS Collectd Command Injection Vulnerability (CVE-2019-10669)
1012341* - LibreNMS Stored Cross-Site Scripting Vulnerabilities (CVE-2025-23199 and CVE-2025-23200)
1006656* - Magento Admin Authentication Bypass Vulnerability
1007641* - Magento Unauthenticated Arbitrary File Write Vulnerability (CVE-2016-4010)
1007252* - PHP jui_filter_rule Parsing Library Remote Code Execution Vulnerability
1012279* - WordPress 'WP Time Capsule' Plugin Arbitrary File Upload Vulnerability (CVE-2024-8856)
1006097* - phpMyAdmin 'server_databases.php' Remote Command Execution Vulnerability
Web Server Common
1010412* - Bolt CMS Authenticated Remote Code Execution Vulnerability
1010097* - CMS Made Simple (CMSMS) Remote Code Execution Vulnerability (CVE-2019-9692)
1010082* - CMS Made Simple Authenticated RCE Via Object Injection Vulnerability (CVE-2019-9055)
1010323* - Gila CMS Image Upload Remote Code Execution Vulnerability (CVE-2020-5514)
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)
Web Server HTTPS
1012350 - Cacti Arbitrary File Read Vulnerability (CVE-2024-45598)
1010723* - Identified Generic PHP Webshell Payload Over HTTP
1010718* - Joomla CMS 'mod_random_image' Stored Cross-Site Scripting Vulnerability (CVE-2020-15696)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Ivanti Endpoint Manager
1012253* - Ivanti Endpoint Manager SQL Injection Vulnerabilities (CVE-2024-32848 and CVE-2024-13162)
1012346 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-34781)
1012345 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2025-22461)
Web Application Common
1010023* - October CMS Upload Protection Bypass Code Execution Vulnerability (CVE-2017-1000119)
1010036* - SDCMS Remote Code Execution Vulnerability (CVE-2018-19520)
1012348 - ZendTo Remote Code Execution Vulnerability (CVE-2021-47667)
Web Application PHP Based
1009720* - Drupal Core Cross-Site Scripting Vulnerability (CVE-2019-6341)
1009541* - Drupal Core Remote Code Execution Vulnerability (CVE-2019-6340)
1009157* - Joomla Component Ekrishta SQL Injection Vulnerability (CVE-2018-12254)
1009308* - Moodle PHP Unserialize Remote Code Execution Vulnerability (CVE-2018-14630)
1010338* - PHP-Fusion Administration Banner Stored Cross-Site Scripting Vulnerability (CVE-2020-12438)
1010281* - Rank Math Wordpress SEO Plugin 'updateMeta' Privilege Escalation Vulnerability (CVE-2020-11514)
1012344 - WordPress 'Beautiful Taxonomy Filters' Plugin SQL Injection Vulnerability (CVE-2024-12270)
1010705* - WordPress 'Canto' Plugin Multiple Server-Side Request Forgery Vulnerabilities
1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)
1010194* - WordPress 'GDPR Cookie Consent Plugin' Stored Cross-Site Scripting Vulnerability
1010551* - WordPress 'SupportCandy Plugin' Arbitrary File Upload Vulnerability (CVE-2019-11223)
1010683* - WordPress 'Ultimate Member' Plugin Multiple Privilege Escalation Vulnerabilities
1010499* - WordPress 'WP EasyCart Plugin' Shell Upload Vulnerability (CVE-2014-9308)
1012347 - WordPress 'WP Load Gallery' Plugin Arbitrary File Upload Vulnerability (CVE-2025-23942)
1010359* - WordPress 'bbPress' Plugin Unauthenticated Privilege Escalation Vulnerability (CVE-2020-13693)
1010375* - WordPress 10Web Photo Gallery Plugin SQL Injection Vulnerability
1009776* - WordPress Comment Field Remote Code Execution Vulnerability (CVE-2019-9787)
1009617* - WordPress Easy SMTP Plugin Unauthenticated Arbitrary 'wp_options' Import Vulnerability
1010172* - WordPress InfiniteWP And Time Capsule Plugin Client Authentication Bypass Vulnerability (CVE-2020-8771)
1008148* - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
1009751* - WordPress PayPal Checkout Payment Gateway Plugin Parameter Tampering Vulnerability (CVE-2019-7441)
1010122* - WordPress Plainview Activity Monitor Plugin Remote Code Execution Vulnerability (CVE-2018-15877)
1010341* - Wordpress Drag and Drop Multi File Uploader Remote Code Execution Vulnerability (CVE-2020-12800)
1010648* - Wordpress Woody Ad Snippets Plugin Remote Code Execution Vulnerability (CVE-2019-15858)
Web Application Tomcat
1000697* - Directory Listing in Apache Tomcat 5.x.x
Web Server Adobe ColdFusion
1012011* - Adobe ColdFusion Directory Traversal Vulnerabilities (CVE-2024-20767 and CVE-2024-53961)
Web Server HTTPS
1012314 - Cacti CRLF Injection Vulnerability (CVE-2025-24367)
Web Server Miscellaneous
1012335 - CrushFTP Authentication Bypass Vulnerability (CVE-2025-2825 and CVE-2025-31161)
pgAdmin
1012349 - pgAdmin Remote Code Execution Vulnerability (CVE-2025-2945)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Ivanti Endpoint Manager
1012253* - Ivanti Endpoint Manager SQL Injection Vulnerabilities (CVE-2024-32848 and CVE-2024-13162)
1012346 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-34781)
1012345 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2025-22461)
Web Application Common
1010023* - October CMS Upload Protection Bypass Code Execution Vulnerability (CVE-2017-1000119)
1010036* - SDCMS Remote Code Execution Vulnerability (CVE-2018-19520)
1012348 - ZendTo Remote Code Execution Vulnerability (CVE-2021-47667)
Web Application PHP Based
1009720* - Drupal Core Cross-Site Scripting Vulnerability (CVE-2019-6341)
1009541* - Drupal Core Remote Code Execution Vulnerability (CVE-2019-6340)
1009157* - Joomla Component Ekrishta SQL Injection Vulnerability (CVE-2018-12254)
1009308* - Moodle PHP Unserialize Remote Code Execution Vulnerability (CVE-2018-14630)
1010338* - PHP-Fusion Administration Banner Stored Cross-Site Scripting Vulnerability (CVE-2020-12438)
1010281* - Rank Math Wordpress SEO Plugin 'updateMeta' Privilege Escalation Vulnerability (CVE-2020-11514)
1012344 - WordPress 'Beautiful Taxonomy Filters' Plugin SQL Injection Vulnerability (CVE-2024-12270)
1010705* - WordPress 'Canto' Plugin Multiple Server-Side Request Forgery Vulnerabilities
1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)
1010194* - WordPress 'GDPR Cookie Consent Plugin' Stored Cross-Site Scripting Vulnerability
1010551* - WordPress 'SupportCandy Plugin' Arbitrary File Upload Vulnerability (CVE-2019-11223)
1010683* - WordPress 'Ultimate Member' Plugin Multiple Privilege Escalation Vulnerabilities
1010499* - WordPress 'WP EasyCart Plugin' Shell Upload Vulnerability (CVE-2014-9308)
1012347 - WordPress 'WP Load Gallery' Plugin Arbitrary File Upload Vulnerability (CVE-2025-23942)
1010359* - WordPress 'bbPress' Plugin Unauthenticated Privilege Escalation Vulnerability (CVE-2020-13693)
1010375* - WordPress 10Web Photo Gallery Plugin SQL Injection Vulnerability
1009776* - WordPress Comment Field Remote Code Execution Vulnerability (CVE-2019-9787)
1009617* - WordPress Easy SMTP Plugin Unauthenticated Arbitrary 'wp_options' Import Vulnerability
1010172* - WordPress InfiniteWP And Time Capsule Plugin Client Authentication Bypass Vulnerability (CVE-2020-8771)
1008148* - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
1009751* - WordPress PayPal Checkout Payment Gateway Plugin Parameter Tampering Vulnerability (CVE-2019-7441)
1010122* - WordPress Plainview Activity Monitor Plugin Remote Code Execution Vulnerability (CVE-2018-15877)
1010341* - Wordpress Drag and Drop Multi File Uploader Remote Code Execution Vulnerability (CVE-2020-12800)
1010648* - Wordpress Woody Ad Snippets Plugin Remote Code Execution Vulnerability (CVE-2019-15858)
Web Application Tomcat
1000697* - Directory Listing in Apache Tomcat 5.x.x
Web Server Adobe ColdFusion
1012011* - Adobe ColdFusion Directory Traversal Vulnerabilities (CVE-2024-20767 and CVE-2024-53961)
Web Server HTTPS
1012314 - Cacti CRLF Injection Vulnerability (CVE-2025-24367)
Web Server Miscellaneous
1012335 - CrushFTP Authentication Bypass Vulnerability (CVE-2025-2825 and CVE-2025-31161)
pgAdmin
1012349 - pgAdmin Remote Code Execution Vulnerability (CVE-2025-2945)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
SAP NetWeaver Visual Composer
1012351 - SAP NetWeaver Visual Composer Unrestricted File Upload Vulnerability (CVE-2025-31324)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
SAP NetWeaver Visual Composer
1012351 - SAP NetWeaver Visual Composer Unrestricted File Upload Vulnerability (CVE-2025-31324)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1009717* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability Over SMB
Gogs
1012334 - Gogs Arbitrary File Delete Vulnerability (CVE-2024-39931)
HPE Insight Remote Support Client
1012323 - HPE Insight Remote Support XML External Entity Injection Vulnerability (CVE-2024-11622)
SSL Client
1006740* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Client (ATT&CK T1573.002)
1006561* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Response (ATT&CK T1573.002)
Web Application PHP Based
1012148* - SPIP Remote Code Execution Vulnerability (CVE-2024-7954)
1012106* - WordPress 'Hash Form' Plugin Arbitrary File Upload Vulnerability (CVE-2024-5084)
1012343 - WordPress 'WP Umbrella' Plugin Local File Inclusion Vulnerability (CVE-2024-12209)
1009631* - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)
1009487* - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)
Web Application Ruby Based
1005328* - Ruby On Rails XML Processor YAML Deserialization Code Execution Vulnerability
Web Application Tomcat
1002691* - Apache Tomcat Directory Traversal Vulnerability
1000697* - Directory Listing in Apache Tomcat 5.x.x
Web Client Common
1005386* - Identified Java Exploit
1008297* - Identified Suspicious RTF File With Obfuscated PowerShell Execution (ATT&CK T1027, T1204.002, T1059.001)
1006742* - Identified Suspicious User Agent In Outgoing HTTP Request
1009714* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability
1009489* - Microsoft Windows Vcf And Contact File Insufficient UI Warning Remote Code Execution Vulnerability
Web Client Internet Explorer/Edge
1004121* - Identified Obfuscated JavaScript For Internet Explorer
1009640* - Microsoft Edge And Internet Explorer Same Origin Policy Bypass Vulnerabilities
1004328* - Windows Live MSN ActiveX Remote Code Execution
Web Client SSL
1006296* - Detected SSLv3 Response (ATT&CK T1573.002)
1004790* - Identified Diginotar Certificate
1005307* - Identified Fraudulent Digital Certificate
1006606* - Identified Fraudulent Digital Certificate - 1
1005040* - Identified Revoked Certificate Authority In SSL Traffic (ATT&CK T1573.002)
Web Server Common
1010405* - JAWS Remote Code Execution Vulnerability
1003816* - Web Services On Devices API Memory Corruption Vulnerability
Web Server HTTPS
1012255* - GFI Archiver Telerik Web UI Remote Code Execution Vulnerability (CVE-2024-11948)
1011519* - Node.js HTTP Request Smuggling Attack (CVE-2022-32214)
Web Server Miscellaneous
1010729* - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14179)
Web Server Nagios
1012329 - Nagios XI SQL Injection Vulnerability (CVE-2023-48084)
Windows Server DCERPC
1012340 - Microsoft Windows Remote Desktop Licensing Service Path Traversal Vulnerability (CVE-2024-38258)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services - Client
1009717* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability Over SMB
Gogs
1012334 - Gogs Arbitrary File Delete Vulnerability (CVE-2024-39931)
HPE Insight Remote Support Client
1012323 - HPE Insight Remote Support XML External Entity Injection Vulnerability (CVE-2024-11622)
SSL Client
1006740* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Client (ATT&CK T1573.002)
1006561* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Response (ATT&CK T1573.002)
Web Application PHP Based
1012148* - SPIP Remote Code Execution Vulnerability (CVE-2024-7954)
1012106* - WordPress 'Hash Form' Plugin Arbitrary File Upload Vulnerability (CVE-2024-5084)
1012343 - WordPress 'WP Umbrella' Plugin Local File Inclusion Vulnerability (CVE-2024-12209)
1009631* - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)
1009487* - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)
Web Application Ruby Based
1005328* - Ruby On Rails XML Processor YAML Deserialization Code Execution Vulnerability
Web Application Tomcat
1002691* - Apache Tomcat Directory Traversal Vulnerability
1000697* - Directory Listing in Apache Tomcat 5.x.x
Web Client Common
1005386* - Identified Java Exploit
1008297* - Identified Suspicious RTF File With Obfuscated PowerShell Execution (ATT&CK T1027, T1204.002, T1059.001)
1006742* - Identified Suspicious User Agent In Outgoing HTTP Request
1009714* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability
1009489* - Microsoft Windows Vcf And Contact File Insufficient UI Warning Remote Code Execution Vulnerability
Web Client Internet Explorer/Edge
1004121* - Identified Obfuscated JavaScript For Internet Explorer
1009640* - Microsoft Edge And Internet Explorer Same Origin Policy Bypass Vulnerabilities
1004328* - Windows Live MSN ActiveX Remote Code Execution
Web Client SSL
1006296* - Detected SSLv3 Response (ATT&CK T1573.002)
1004790* - Identified Diginotar Certificate
1005307* - Identified Fraudulent Digital Certificate
1006606* - Identified Fraudulent Digital Certificate - 1
1005040* - Identified Revoked Certificate Authority In SSL Traffic (ATT&CK T1573.002)
Web Server Common
1010405* - JAWS Remote Code Execution Vulnerability
1003816* - Web Services On Devices API Memory Corruption Vulnerability
Web Server HTTPS
1012255* - GFI Archiver Telerik Web UI Remote Code Execution Vulnerability (CVE-2024-11948)
1011519* - Node.js HTTP Request Smuggling Attack (CVE-2022-32214)
Web Server Miscellaneous
1010729* - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14179)
Web Server Nagios
1012329 - Nagios XI SQL Injection Vulnerability (CVE-2023-48084)
Windows Server DCERPC
1012340 - Microsoft Windows Remote Desktop Licensing Service Path Traversal Vulnerability (CVE-2024-38258)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
DCERPC Services - Client
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
DHCP Server
1001173* - ISC DHCPD Server Remote Stack Corruption Vulnerability
DNS Client
1002988* - Multiple Vendors libspf2 DNS TXT Record Parsing Buffer Overflow
Database MySQL
1005045* - MySQL Database Server Possible Login Brute Force Attempt (ATT&CK T1110)
Database Oracle
1000407* - Oracle Database Server Buffer Overflow In Interval And Timestamp Functions
1000840* - Oracle Database Server Generic SQL Injection Detection
Gogs
1012331 - Gogs Path Traversal Vulnerability (CVE-2024-55947)
SSL/TLS Server
1006293* - Detected SSLv3 Request (ATT&CK T1573.002)
1006297* - Identified CBC Based Cipher Suite In SSLv3 Response (ATT&CK T1573.002)
Suspicious Client Application Activity
1010770* - Identified UDP Trojan SSHDoor C&C Traffic
Suspicious Client Ransomware Activity
1010767* - Identified HTTP Backdoor Kobalos C&C Traffic
Wazuh
1012332 - Wazuh Insecure Deserialization Vulnerability (CVE-2025-24016)
Web Application Common
1012333 - Microsoft .NET Framework Information Disclosure Vulnerability (CVE-2024-29059)
1010344* - ThinkPHP Remote Code Execution Vulnerability (CVE-2019-9082 and CVE-2018-20062)
Web Application PHP Based
1012337 - GLPI SQL Injection Vulnerability (CVE-2025-24799)
1012341 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2025-23200)
1012265* - WordPress 'White Label CMS' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0422)
Web Application Ruby Based
1005350* - Ruby On Rails JSON Parser Remote Code Execution Vulnerability
1005331* - Ruby On Rails XML Processor YAML Deserialization DoS
Web Server Common
1009889* - Atlassian Crowd Remote Code Execution Vulnerability (CVE-2019-11580)
1006241* - Restrict Content-Length Header Value
Web Server HTTPS
1006741* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Server (ATT&CK T1573.002)
1006562* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Request (ATT&CK T1573.002)
Web Server IIS
1004409* - Microsoft .NET Framework ASP.NET 'Padding Oracle' Information Disclosure Vulnerability
Web Server IIS HTTPS
1006357* - Microsoft Schannel Remote Code Execution Vulnerability (CVE-2014-6321) - 1
Web Server Miscellaneous
1006744* - Jetty Httpd HttpParser Memory Information Disclosure Vulnerability (CVE-2015-2080)
Web Server RealVNC
1008557* - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)
Windows SMB Server
1012318 - Identified Possible Ransomware File Rename Activity Over Network Share - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
DCERPC Services - Client
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
DHCP Server
1001173* - ISC DHCPD Server Remote Stack Corruption Vulnerability
DNS Client
1002988* - Multiple Vendors libspf2 DNS TXT Record Parsing Buffer Overflow
Database MySQL
1005045* - MySQL Database Server Possible Login Brute Force Attempt (ATT&CK T1110)
Database Oracle
1000407* - Oracle Database Server Buffer Overflow In Interval And Timestamp Functions
1000840* - Oracle Database Server Generic SQL Injection Detection
Gogs
1012331 - Gogs Path Traversal Vulnerability (CVE-2024-55947)
SSL/TLS Server
1006293* - Detected SSLv3 Request (ATT&CK T1573.002)
1006297* - Identified CBC Based Cipher Suite In SSLv3 Response (ATT&CK T1573.002)
Suspicious Client Application Activity
1010770* - Identified UDP Trojan SSHDoor C&C Traffic
Suspicious Client Ransomware Activity
1010767* - Identified HTTP Backdoor Kobalos C&C Traffic
Wazuh
1012332 - Wazuh Insecure Deserialization Vulnerability (CVE-2025-24016)
Web Application Common
1012333 - Microsoft .NET Framework Information Disclosure Vulnerability (CVE-2024-29059)
1010344* - ThinkPHP Remote Code Execution Vulnerability (CVE-2019-9082 and CVE-2018-20062)
Web Application PHP Based
1012337 - GLPI SQL Injection Vulnerability (CVE-2025-24799)
1012341 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2025-23200)
1012265* - WordPress 'White Label CMS' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0422)
Web Application Ruby Based
1005350* - Ruby On Rails JSON Parser Remote Code Execution Vulnerability
1005331* - Ruby On Rails XML Processor YAML Deserialization DoS
Web Server Common
1009889* - Atlassian Crowd Remote Code Execution Vulnerability (CVE-2019-11580)
1006241* - Restrict Content-Length Header Value
Web Server HTTPS
1006741* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Server (ATT&CK T1573.002)
1006562* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Request (ATT&CK T1573.002)
Web Server IIS
1004409* - Microsoft .NET Framework ASP.NET 'Padding Oracle' Information Disclosure Vulnerability
Web Server IIS HTTPS
1006357* - Microsoft Schannel Remote Code Execution Vulnerability (CVE-2014-6321) - 1
Web Server Miscellaneous
1006744* - Jetty Httpd HttpParser Memory Information Disclosure Vulnerability (CVE-2015-2080)
Web Server RealVNC
1008557* - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)
Windows SMB Server
1012318 - Identified Possible Ransomware File Rename Activity Over Network Share - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache OpenJPA TCPRemoteCommitProvider
1012321 - Apache OpenMeetings Insecure Deserialization Vulnerability (CVE-2024-54676)
Kerberos KDC Client
1012338 - Microsoft Windows Defender Credential Guard Security Feature Bypass Vulnerability (CVE-2025-29809)
Kerberos KDC Server
1012336 - Microsoft Windows Kerberos Security Feature Bypass Vulnerability (CVE-2025-29809)
SimpleHelp Server
1012326 - SimpleHelp Directory Traversal Vulnerability (CVE-2024-57727)
WSO2
1012249* - WSO2 Multiple Products Arbitrary File Upload Vulnerability (CVE-2024-7074)
Web Client HTTPS
1012328 - Ivanti Endpoint Manager Unrestricted File Upload Vulnerability (CVE-2024-13171)
Web Server HTTPS
1012322 - Apache Camel Command Injection Vulnerabilities (CVE-2025-29891 and CVE-2025-27636)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Apache OpenJPA TCPRemoteCommitProvider
1012321 - Apache OpenMeetings Insecure Deserialization Vulnerability (CVE-2024-54676)
Kerberos KDC Client
1012338 - Microsoft Windows Defender Credential Guard Security Feature Bypass Vulnerability (CVE-2025-29809)
Kerberos KDC Server
1012336 - Microsoft Windows Kerberos Security Feature Bypass Vulnerability (CVE-2025-29809)
SimpleHelp Server
1012326 - SimpleHelp Directory Traversal Vulnerability (CVE-2024-57727)
WSO2
1012249* - WSO2 Multiple Products Arbitrary File Upload Vulnerability (CVE-2024-7074)
Web Client HTTPS
1012328 - Ivanti Endpoint Manager Unrestricted File Upload Vulnerability (CVE-2024-13171)
Web Server HTTPS
1012322 - Apache Camel Command Injection Vulnerabilities (CVE-2025-29891 and CVE-2025-27636)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.