Rule Update
26-001 (2026年1月6日)
2026年1月6日
概要
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache Kylin
1012500 - Apache Kylin Arbitrary File Read Vulnerability (CVE-2025-61734)
CyberPanel
1012377* - CyberPanel Command Injection Vulnerability (CVE-2024-51568)
Ivanti Avalanche Remote Control Server
1012176* - Ivanti Avalanche Server-Side Request Forgery Vulnerability (CVE-2024-47008)
Progress WhatsUp Gold WCF service
1012117* - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-4883 & CVE-2024-46909)
Unix Samba
1012437* - Linux Kernel KSMBD NULL Pointer Dereference Vulnerability (CVE-2025-38191)
Web Application PHP Based
1012475 - WordPress 'Events Manager' Plugin SQL Injection Vulnerability (CVE-2025-6970)
1007222* - WordPress Ajax Load More Plugin File Upload Vulnerability
1009168* - WordPress Authenticated Arbitrary File Deletion Vulnerability (CVE-2018-12895)
1006390* - WordPress Denial Of Service Vulnerability (CVE-2014-9034)
1007178* - WordPress Font Plugin Path Traversal Vulnerability (CVE-2015-7683)
1009544* - WordPress Image Remote Code Execution Vulnerability (CVE-2019-8942)
1008140* - WordPress REST API Unauthenticated Content Injection Vulnerability
1008411* - WordPress Tracking Code Manager Plugin Denial Of Service Vulnerability
1006436* - WordPress WP Symposium Shell Upload Vulnerability
1006467* - Wordpress XML-RPC Pingback gethostbyname Heap-based Buffer Overflow Vulnerability
1006242* - Wordpress XML-RPC XML Denial Of Service Vulnerability
Web Server HTTPS
1012384* - Roundcube Webmail Insecure Deserialization Vulnerability (CVE-2025-49113)
1012508 - WordPress 'AI Engine' Plugin Sensitive Information Exposure Vulnerability (CVE-2025-11749)
1012502 - WordPress 'Sneeit Framework' Plugin Remote Code Execution Vulnerability (CVE-2025-6389)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Apache Kylin
1012500 - Apache Kylin Arbitrary File Read Vulnerability (CVE-2025-61734)
CyberPanel
1012377* - CyberPanel Command Injection Vulnerability (CVE-2024-51568)
Ivanti Avalanche Remote Control Server
1012176* - Ivanti Avalanche Server-Side Request Forgery Vulnerability (CVE-2024-47008)
Progress WhatsUp Gold WCF service
1012117* - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-4883 & CVE-2024-46909)
Unix Samba
1012437* - Linux Kernel KSMBD NULL Pointer Dereference Vulnerability (CVE-2025-38191)
Web Application PHP Based
1012475 - WordPress 'Events Manager' Plugin SQL Injection Vulnerability (CVE-2025-6970)
1007222* - WordPress Ajax Load More Plugin File Upload Vulnerability
1009168* - WordPress Authenticated Arbitrary File Deletion Vulnerability (CVE-2018-12895)
1006390* - WordPress Denial Of Service Vulnerability (CVE-2014-9034)
1007178* - WordPress Font Plugin Path Traversal Vulnerability (CVE-2015-7683)
1009544* - WordPress Image Remote Code Execution Vulnerability (CVE-2019-8942)
1008140* - WordPress REST API Unauthenticated Content Injection Vulnerability
1008411* - WordPress Tracking Code Manager Plugin Denial Of Service Vulnerability
1006436* - WordPress WP Symposium Shell Upload Vulnerability
1006467* - Wordpress XML-RPC Pingback gethostbyname Heap-based Buffer Overflow Vulnerability
1006242* - Wordpress XML-RPC XML Denial Of Service Vulnerability
Web Server HTTPS
1012384* - Roundcube Webmail Insecure Deserialization Vulnerability (CVE-2025-49113)
1012508 - WordPress 'AI Engine' Plugin Sensitive Information Exposure Vulnerability (CVE-2025-11749)
1012502 - WordPress 'Sneeit Framework' Plugin Remote Code Execution Vulnerability (CVE-2025-6389)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.