26-001 (January 6, 2026)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Apache Kylin
1012500 - Apache Kylin Arbitrary File Read Vulnerability (CVE-2025-61734)


CyberPanel
1012377* - CyberPanel Command Injection Vulnerability (CVE-2024-51568)


Ivanti Avalanche Remote Control Server
1012176* - Ivanti Avalanche Server-Side Request Forgery Vulnerability (CVE-2024-47008)


Progress WhatsUp Gold WCF service
1012117* - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-4883 & CVE-2024-46909)


Unix Samba
1012437* - Linux Kernel KSMBD NULL Pointer Dereference Vulnerability (CVE-2025-38191)


Web Application PHP Based
1012475 - WordPress 'Events Manager' Plugin SQL Injection Vulnerability (CVE-2025-6970)
1007222* - WordPress Ajax Load More Plugin File Upload Vulnerability
1009168* - WordPress Authenticated Arbitrary File Deletion Vulnerability (CVE-2018-12895)
1006390* - WordPress Denial Of Service Vulnerability (CVE-2014-9034)
1007178* - WordPress Font Plugin Path Traversal Vulnerability (CVE-2015-7683)
1009544* - WordPress Image Remote Code Execution Vulnerability (CVE-2019-8942)
1008140* - WordPress REST API Unauthenticated Content Injection Vulnerability
1008411* - WordPress Tracking Code Manager Plugin Denial Of Service Vulnerability
1006436* - WordPress WP Symposium Shell Upload Vulnerability
1006467* - Wordpress XML-RPC Pingback gethostbyname Heap-based Buffer Overflow Vulnerability
1006242* - Wordpress XML-RPC XML Denial Of Service Vulnerability


Web Server HTTPS
1012384* - Roundcube Webmail Insecure Deserialization Vulnerability (CVE-2025-49113)
1012508 - WordPress 'AI Engine' Plugin Sensitive Information Exposure Vulnerability (CVE-2025-11749)
1012502 - WordPress 'Sneeit Framework' Plugin Remote Code Execution Vulnerability (CVE-2025-6389)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.