Deep Security Center
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Oracle E-Business Suite Web Interface
1012600 - Oracle E-Business Suite Payments Authentication Bypass Vulnerability (CVE-2026-46817)
Web Server Common
1012590 - Apache Ofbiz Code Injection Vulnerability (CVE-2026-46586)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Oracle E-Business Suite Web Interface
1012600 - Oracle E-Business Suite Payments Authentication Bypass Vulnerability (CVE-2026-46817)
Web Server Common
1012590 - Apache Ofbiz Code Injection Vulnerability (CVE-2026-46586)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Server HTTPS
1012598 - ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability (CVE-2026-9775)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Web Server HTTPS
1012598 - ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability (CVE-2026-9775)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Splunk Enterprise
1012595 - Splunk Enterprise Authentication Bypass Vulnerability (CVE-2026-20253)
Web Application PHP Based
1012574* - WordPress 'StoryChief' Plugin Unauthenticated RCE (CVE-2025-7441)
Web Server HTTPS
1012597 - Allegra Directory Traversal Information Disclosure Vulnerability (CVE-2026-11442)
Web Server Miscellaneous
1012572* - Adobe Commerce Improper Input Validation (CVE-2025-54236)
1012579* - Crawl4AI Hooks Code Execution Vulnerability (CVE-2026-26216)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Splunk Enterprise
1012595 - Splunk Enterprise Authentication Bypass Vulnerability (CVE-2026-20253)
Web Application PHP Based
1012574* - WordPress 'StoryChief' Plugin Unauthenticated RCE (CVE-2025-7441)
Web Server HTTPS
1012597 - Allegra Directory Traversal Information Disclosure Vulnerability (CVE-2026-11442)
Web Server Miscellaneous
1012572* - Adobe Commerce Improper Input Validation (CVE-2025-54236)
1012579* - Crawl4AI Hooks Code Execution Vulnerability (CVE-2026-26216)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Oracle PeopleSoft PIA
1012585* - Oracle PeopleSoft Untrusted Data Deserialization Vulnerability (ZDI-CAN-31817)
Web Server Common
1012596 - Microsoft Exchange Server HTTP NTLM Password Spray
Web Server HTTPS
1012575 - WordPress 'Starter Templates' Plugin real_mimes Arbitrary File Upload (CVE-2025-13065)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Oracle PeopleSoft PIA
1012585* - Oracle PeopleSoft Untrusted Data Deserialization Vulnerability (ZDI-CAN-31817)
Web Server Common
1012596 - Microsoft Exchange Server HTTP NTLM Password Spray
Web Server HTTPS
1012575 - WordPress 'Starter Templates' Plugin real_mimes Arbitrary File Upload (CVE-2025-13065)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
OfficeScan
1012561* - Apex One Management Console Multiple Directory Traversal Vulnerabilities (CVE-2025-71210 & CVE-2025-71211)
Web Server Common
1012594 - CMS Made Simple News Module SQL Injection Vulnerability (CVE-2019-9053)
Web Server HTTPS
1012593 - Progress Software Kemp LoadMaster (CVE-2026-8037)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
OfficeScan
1012561* - Apex One Management Console Multiple Directory Traversal Vulnerabilities (CVE-2025-71210 & CVE-2025-71211)
Web Server Common
1012594 - CMS Made Simple News Module SQL Injection Vulnerability (CVE-2019-9053)
Web Server HTTPS
1012593 - Progress Software Kemp LoadMaster (CVE-2026-8037)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Server Common
1012589 - Control Web Panel Command Injection Vulnerability (CVE-2025-67888)
1012578 - Fuxa Path Traversal Vulnerability (CVE-2026-25895)
1012559* - Microsoft Windows LNK Spoofing Vulnerability (CVE-2026-32202)
Web Server HTTPS
1012592 - Allegra Cross-Site Scripting Authentication Bypass Vulnerability(CVE-2026-11443)
1012588 - Drupal Core SQL Injection Vulnerability (CVE-2026-9082)
Web Server Miscellaneous
1012398* - XWiki SQL Injection Vulnerability (CVE-2025-32969)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Web Server Common
1012589 - Control Web Panel Command Injection Vulnerability (CVE-2025-67888)
1012578 - Fuxa Path Traversal Vulnerability (CVE-2026-25895)
1012559* - Microsoft Windows LNK Spoofing Vulnerability (CVE-2026-32202)
Web Server HTTPS
1012592 - Allegra Cross-Site Scripting Authentication Bypass Vulnerability(CVE-2026-11443)
1012588 - Drupal Core SQL Injection Vulnerability (CVE-2026-9082)
Web Server Miscellaneous
1012398* - XWiki SQL Injection Vulnerability (CVE-2025-32969)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Server HTTPS
1012586 - Apache HTTP Server Remote Code Execution Vulnerability (CVE-2026-23918)
1012587 - IceWarp Path Traversal (CVE-2026-2493)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Web Server HTTPS
1012586 - Apache HTTP Server Remote Code Execution Vulnerability (CVE-2026-23918)
1012587 - IceWarp Path Traversal (CVE-2026-2493)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Git Push
1012584 - GitHub Enterprise Server Command Injection Vulnerability (CVE-2026-3854)
Oracle PeopleSoft PIA
1012580* - Oracle PeopleSoft PeopleTools SSRF Vulnerability (CVE-2026-35273)
1012585 - Oracle PeopleSoft Untrusted Data Deserialization Vulnerability (ZDI-CAN-31817)
Web Server Common
1012560* - Zhiyuan OA platform Arbitrary File Upload Vulnerability (CVE-2025-34040)
Web Server HTTPS
1012583 - Netsweeper WebAdmin Portal Remote Code Execution Vulnerability (CVE-2020-13167)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Git Push
1012584 - GitHub Enterprise Server Command Injection Vulnerability (CVE-2026-3854)
Oracle PeopleSoft PIA
1012580* - Oracle PeopleSoft PeopleTools SSRF Vulnerability (CVE-2026-35273)
1012585 - Oracle PeopleSoft Untrusted Data Deserialization Vulnerability (ZDI-CAN-31817)
Web Server Common
1012560* - Zhiyuan OA platform Arbitrary File Upload Vulnerability (CVE-2025-34040)
Web Server HTTPS
1012583 - Netsweeper WebAdmin Portal Remote Code Execution Vulnerability (CVE-2020-13167)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
ActiveMQ OpenWire
1012565 - Apache ActiveMQ Improper Input Validation Vulnerability (CVE-2026-34197)
Mail Server Common
1012562* - Microsoft Word Remote Code Execution Vulnerability (CVE-2026-40364)
Web Server Common
1012582 - Taiga Insecure Deserialization Vulnerability (CVE-2025-62368)
Web Server IIS
1012581 - HTTP.sys Denial of Service Vulnerability (CVE-2026-49160)
Web Server Miscellaneous
1012579 - Crawl4AI Hooks Code Execution Vulnerability (CVE-2026-26216)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
ActiveMQ OpenWire
1012565 - Apache ActiveMQ Improper Input Validation Vulnerability (CVE-2026-34197)
Mail Server Common
1012562* - Microsoft Word Remote Code Execution Vulnerability (CVE-2026-40364)
Web Server Common
1012582 - Taiga Insecure Deserialization Vulnerability (CVE-2025-62368)
Web Server IIS
1012581 - HTTP.sys Denial of Service Vulnerability (CVE-2026-49160)
Web Server Miscellaneous
1012579 - Crawl4AI Hooks Code Execution Vulnerability (CVE-2026-26216)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache Nifi
1012576 - Apache NiFi Remote Code Execution Vulnerability (CVE-2023-34468)
GhostCMS
1012577 - Ghost CMS SQL Injection Vulnerability (CVE-2026-26980)
Oracle PeopleSoft PIA
1012580 - Oracle PeopleSoft PeopleTools SSRF Vulnerability
Web Application Common
1012573 - Apache Nifi Missing Authorization Vulnerability (CVE-2026-39816)
Web Application PHP Based
1012574 - WordPress 'StoryChief' Plugin Unauthenticated RCE (CVE-2025-7441)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Apache Nifi
1012576 - Apache NiFi Remote Code Execution Vulnerability (CVE-2023-34468)
GhostCMS
1012577 - Ghost CMS SQL Injection Vulnerability (CVE-2026-26980)
Oracle PeopleSoft PIA
1012580 - Oracle PeopleSoft PeopleTools SSRF Vulnerability
Web Application Common
1012573 - Apache Nifi Missing Authorization Vulnerability (CVE-2026-39816)
Web Application PHP Based
1012574 - WordPress 'StoryChief' Plugin Unauthenticated RCE (CVE-2025-7441)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.