Deep Security Center
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1012403 - Microsoft Windows SMB Client Elevation Of Privilege Vulnerability (CVE-2025-33073)
Directory Server LDAP
1012240* - Microsoft Windows Active Directory Denial of Service Vulnerability (CVE-2024-49113)
HPE Insight Remote Support
1012389 - HPE Insight Remote Support Directory Traversal Vulnerability (CVE-2025-37098)
Ivanti Avalanche
1012296* - Ivanti Avalanche Path Traversal Vulnerability (CVE-2024-13179)
Progress WhatsUp Gold
1012287* - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-12105)
1012236* - Progress WhatsUp Gold SQL Injection Vulnerability (CVE-2024-46908)
Web Application Common
1012290* - Pandora FMS Command Injection Vulnerability (CVE-2024-11320)
Web Application PHP Based
1012395 - WordPress 'HTML5 Video Player' Plugin SQL Injection Vulnerability (CVE-2024-1061)
1012400 - WordPress 'Kubio AI Page Builder' Plugin Local File Inclusion Vulnerability (CVE-2025-2294)
Web Client Common
1012379* - Microsoft Windows Remote Code Execution Vulnerability (CVE-2025-33053)
Web Server SharePoint
1012390* - Microsoft SharePoint Server Spoofing Vulnerability (CVE-2025-49706 and CVE-2025-53771)
Wing FTP Server
1012410 - Wing FTP Server Remote Code Execution Vulnerability (CVE-2025-47812)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services - Client
1012403 - Microsoft Windows SMB Client Elevation Of Privilege Vulnerability (CVE-2025-33073)
Directory Server LDAP
1012240* - Microsoft Windows Active Directory Denial of Service Vulnerability (CVE-2024-49113)
HPE Insight Remote Support
1012389 - HPE Insight Remote Support Directory Traversal Vulnerability (CVE-2025-37098)
Ivanti Avalanche
1012296* - Ivanti Avalanche Path Traversal Vulnerability (CVE-2024-13179)
Progress WhatsUp Gold
1012287* - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-12105)
1012236* - Progress WhatsUp Gold SQL Injection Vulnerability (CVE-2024-46908)
Web Application Common
1012290* - Pandora FMS Command Injection Vulnerability (CVE-2024-11320)
Web Application PHP Based
1012395 - WordPress 'HTML5 Video Player' Plugin SQL Injection Vulnerability (CVE-2024-1061)
1012400 - WordPress 'Kubio AI Page Builder' Plugin Local File Inclusion Vulnerability (CVE-2025-2294)
Web Client Common
1012379* - Microsoft Windows Remote Code Execution Vulnerability (CVE-2025-33053)
Web Server SharePoint
1012390* - Microsoft SharePoint Server Spoofing Vulnerability (CVE-2025-49706 and CVE-2025-53771)
Wing FTP Server
1012410 - Wing FTP Server Remote Code Execution Vulnerability (CVE-2025-47812)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1012075* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability Over SMB (CVE-2024-38112)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
DNS Client
1008571* - DNS Request To ShadowPad Domain Detection
Kubernetes Ingress-Nginx Controller
1012367 - Kubernetes Ingress-Nginx Multiple Code Injection Vulnerabilities
Redis Server
1012286* - Redis Use After Free Vulnerability (CVE-2024-46981)
Solr Service
1012280* - Apache Solr Authentication Bypass Vulnerability (CVE-2024-45216)
Web Application PHP Based
1012277* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-53457)
1012265* - WordPress 'White Label CMS' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0422)
Web Client HTTPS
1010132* - Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) - 1
Web Server Adobe ColdFusion
1012404 - Adobe ColdFusion Stored Cross-Site Scripting Vulnerability (CVE-2025-49540)
Web Server Adobe ColdFusion AddOns
1012402 - Adobe ColdFusion XML External Entity Injection Vulnerability (CVE-2025-49538)
Web Server HTTPS
1012284* - Apache Traffic Control SQL Injection Vulnerability (CVE-2024-45387)
Web Server Miscellaneous
1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
1012398 - XWiki SQL Injection Vulnerability (CVE-2025-32969)
Windows Services RPC Client DCERPC
1012178* - Identified Windows DCERPC AUTH LEVEL CONNECT Windows Remote Registry Request
Windows Services RPC Server DCERPC
1010519* - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)
Zoho ManageEngine ADSelfService Plus
1012393 - Zoho ManageEngine ADSelfService Plus SQL Injection Vulnerability (CVE-2025-3833)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services - Client
1012075* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability Over SMB (CVE-2024-38112)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
DNS Client
1008571* - DNS Request To ShadowPad Domain Detection
Kubernetes Ingress-Nginx Controller
1012367 - Kubernetes Ingress-Nginx Multiple Code Injection Vulnerabilities
Redis Server
1012286* - Redis Use After Free Vulnerability (CVE-2024-46981)
Solr Service
1012280* - Apache Solr Authentication Bypass Vulnerability (CVE-2024-45216)
Web Application PHP Based
1012277* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-53457)
1012265* - WordPress 'White Label CMS' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0422)
Web Client HTTPS
1010132* - Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) - 1
Web Server Adobe ColdFusion
1012404 - Adobe ColdFusion Stored Cross-Site Scripting Vulnerability (CVE-2025-49540)
Web Server Adobe ColdFusion AddOns
1012402 - Adobe ColdFusion XML External Entity Injection Vulnerability (CVE-2025-49538)
Web Server HTTPS
1012284* - Apache Traffic Control SQL Injection Vulnerability (CVE-2024-45387)
Web Server Miscellaneous
1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
1012398 - XWiki SQL Injection Vulnerability (CVE-2025-32969)
Windows Services RPC Client DCERPC
1012178* - Identified Windows DCERPC AUTH LEVEL CONNECT Windows Remote Registry Request
Windows Services RPC Server DCERPC
1010519* - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)
Zoho ManageEngine ADSelfService Plus
1012393 - Zoho ManageEngine ADSelfService Plus SQL Injection Vulnerability (CVE-2025-3833)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1009490* - Block Administrative Share - 1 (ATT&CK T1021.002)
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1007598* - Identified Possible Ransomware File Rename Activity Over Network Share
1006906* - Identified Usage Of PsExec Command Line Tool (ATT&CK T1569.002)
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1008227* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0147)
1008432* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0267)
1008660* - Microsoft Windows SMB Out-Of-Bounds Read Denial Of Service Vulnerability (CVE-2017-11781)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
1008306* - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)
1008713* - Microsoft Windows SMB Server SMBv1 Information Disclosure Vulnerability (CVE-2017-11815)
1008468* - Microsoft Windows SMBv1 Information Disclosure Vulnerability (CVE-2017-0271)
1008305* - Microsoft Windows SMBv1 Remote Code Execution Vulnerability
1008445* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)
1008560* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8620)
1007432* - Microsoft Windows Server Message Block Memory Corruption Vulnerability (CVE-2015-2474)
1005293* - Prevent Windows Administrator User Login Over SMB (ATT&CK T1078.002,T1078.001,T1021.002)
1007021* - Remote Registry Access Through SMBv2 Protocol Detected (ATT&CK T1012)
1007033* - Remote Scheduled Task Access Through SMBv1 Protocol Detected
1001839* - Restrict Attempt To Enumerate Windows User Accounts (ATT&CK T1087)
1008179* - Restrict File Extensions For Rename Activity Over Network Share
1003984* - SMB NTLM Authentication Lack Of Entropy Vulnerability
1005448* - SMB Null Session Detected - 1
1005447* - SMB Null Session Detected - 2
1003761* - SMBv2 Infinite Loop Vulnerability
1003712* - Windows Vista SMB2.0 Negotiate Protocol Request Remote Code Execution
DCERPC Services - Client
1004373* - Identified DLL Side Loading Attempt Over Network Share (ATT&CK T1574.002)
1010106* - Identified Downloading Of PowerShell Scripts Through SMB Share (ATT&CK T1059.001)
1004293* - Identified Microsoft Windows Shortcut File Over Network Share
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
1007912* - Identified Possible Ransomware File Rename Activity Over Network Share - Client
1007592* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
1007381* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS15-132)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007426* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)
1008177* - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2017-0039)
1008585* - Microsoft Windows LNK Remote Code Execution Over SMB (CVE-2017-8464)
1010394* - Microsoft Windows LNK Remote Code Execution Vulnerability Over SMB (CVE-2020-1421)
1010553* - Microsoft Windows Media Foundation Memory Corruption Vulnerability Over SMB (CVE-2020-16915)
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
DHCP Client
1000861* - Microsoft Windows DHCP Client Service Remote Code Execution
DNS Client
1010352* - Data Exfiltration Over DNS (Response) Protocol (T1048)
1003328* - Disallow Intra-Site Automatic Tunnel Addressing Protocol
1008666* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2017-11779)
Database Microsoft SQL
1012391 - Microsoft SQL Server Information Disclosure Vulnerability (CVE-2025-49718)
Ivanti Endpoint Manager
1012396 - Ivanti Endpoint Manager Credential Coercion Vulnerability (CVE-2024-13159)
MSMQ Service
1012227* - Microsoft Windows Message Queuing Service Remote Code Execution Vulnerability (CVE-2024-49122)
Mail Server Common
1012143* - Roundcube Webmail Stored Cross-Site Scripting Vulnerability (CVE-2024-37383)
NTP Client
1008004* - NTP 'ntpq atoascii' Memory Corruption Vulnerability (CVE-2015-7852)
Port Mapper FTP Client
1009558* - Remote File Copy Over FTP (ATT&CK T1544, T1071.002)
Ray Framework
1012153* - Ray Remote Code Execution Vulnerability (CVE-2023-48022)
Remote Desktop Protocol Server
1009562* - Identified Remote Desktop Protocol (RDP) Brute Force Attempt (ATT&CK T1110)
1007969* - Identified Suspicious Remote Desktop Protocol (RDP) Brute Force Attempt (ATT&CK T1110, T1021.001)
1008307* - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176)
1009749* - Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708)
Suspicious Client Application Activity
1010364* - Identified Reverse Shell Communication Over HTTPS - 2 (ATT&CK T1071.001)
1007197* - TMTR-0005: GHOST RAT TCP Connection Detected (ATT&CK T1571)
1007186* - TMTR-0007: STRAT HTTP Request
1007199* - TMTR-0008: STRAT HTTP Request
1007198* - TMTR-0009: STRAT HTTP Request
1007200* - TMTR-0010: FAKEM RAT TCP Connection (ATT&CK T1571)
1007201* - TMTR-0011: FAKEM RAT TCP Request (ATT&CK T1571)
1007205* - TMTR-0012: FAKEM RAT TCP Connection (ATT&CK T1571)
1007206* - TMTR-0013: FAKEMRAT HTTP Request
1007207* - TMTR-0014: NJRAT TCP Connection (ATT&CK T1571)
1007202* - TMTR-0015: PSYRAT HTTP Request
1007208* - TMTR-0016: SPLINTER RAT TCP Connection (ATT&CK T1571)
1007209* - TMTR-0017: ZIYAZO RAT BKDR Connection (ATT&CK T1571)
Suspicious Server Application Activity
1009549* - Detected Terminal Services (RDP) Server Traffic - 1 (ATT&CK T1021.001)
WSO2
1012249* - WSO2 Multiple Products Arbitrary File Upload Vulnerability (CVE-2024-7074)
Web Application Common
1012397 - Liferay Multiple Products Reflected Cross-Site Scripting Vulnerability (CVE-2025-4388)
Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Web Server Oracle
1012244* - Oracle WebLogic Server Insecure Deserialization Vulnerability (CVE-2024-21182)
Web Server SharePoint
1012390 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2025-49704)
Windows Remote Management
1009894* - Powershell Remote Command Execution Via WinRM - HTTP (Request) (ATT&CK T1021.006, T1059.001)
1010048* - WinRM Service Detected & Powershell RCE Over HTTP (ATT&CK T1021.006, T1059.001)
Windows Remote Management Client
1010073* - WinRM Service Detected & Powershell RCE Over HTTP - Client (ATT&CK T1021.006, T1059.001)
Windows SMB Client
1006994* - Executable File Download On Network Share Detected
Windows SMB Server
1007065* - Executable File Uploaded On Network Share (ATT&CK T1570)
1011018* - Identified DCERPC AddPrinterDriverEx Call Over SMB Protocol
1012394 - Microsoft Windows NEGOEX Remote Code Execution Vulnerability (CVE-2025-47981)
1009511* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2019-0630)
Windows Server DCERPC
1011016* - Identified DCERPC AddPrinterDriverEx Call Over TCP Protocol
Windows Services RPC Client DCERPC
1008477* - Identified Usage Of WMI Execute Methods - Client (ATT&CK T1047)
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
Windows Services RPC Server DCERPC
1009615* - Identified Initialization Of WMI - Server (ATT&CK T1047)
1009604* - Identified Usage Of WMI Execute Methods - Server - 1 (ATT&CK T1047)
1009480* - Identified WMI Query Over DCE/RPC Protocol (ATT&CK T1047)
1003766* - Local Security Authority Subsystem Service Integer Overflow Vulnerability
1007068* - Remote Service Execution Through SMBv2 Protocol Detected
Integrity Monitoring Rules:
1002770* - Linux/Unix - File attributes in the /usr/bin and /usr/sbin directories modified
1010812* - Linux/Unix - Name resolver configuration files modified (ATT&CK T1071.004, T1583.002)
1010373* - Linux/Unix - Systemd service modified (ATT&CK T1543.002)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1009490* - Block Administrative Share - 1 (ATT&CK T1021.002)
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1007598* - Identified Possible Ransomware File Rename Activity Over Network Share
1006906* - Identified Usage Of PsExec Command Line Tool (ATT&CK T1569.002)
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1008227* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0147)
1008432* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2017-0267)
1008660* - Microsoft Windows SMB Out-Of-Bounds Read Denial Of Service Vulnerability (CVE-2017-11781)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)
1008306* - Microsoft Windows SMB Remote Code Execution Vulnerability (MS17-010)
1008713* - Microsoft Windows SMB Server SMBv1 Information Disclosure Vulnerability (CVE-2017-11815)
1008468* - Microsoft Windows SMBv1 Information Disclosure Vulnerability (CVE-2017-0271)
1008305* - Microsoft Windows SMBv1 Remote Code Execution Vulnerability
1008445* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)
1008560* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8620)
1007432* - Microsoft Windows Server Message Block Memory Corruption Vulnerability (CVE-2015-2474)
1005293* - Prevent Windows Administrator User Login Over SMB (ATT&CK T1078.002,T1078.001,T1021.002)
1007021* - Remote Registry Access Through SMBv2 Protocol Detected (ATT&CK T1012)
1007033* - Remote Scheduled Task Access Through SMBv1 Protocol Detected
1001839* - Restrict Attempt To Enumerate Windows User Accounts (ATT&CK T1087)
1008179* - Restrict File Extensions For Rename Activity Over Network Share
1003984* - SMB NTLM Authentication Lack Of Entropy Vulnerability
1005448* - SMB Null Session Detected - 1
1005447* - SMB Null Session Detected - 2
1003761* - SMBv2 Infinite Loop Vulnerability
1003712* - Windows Vista SMB2.0 Negotiate Protocol Request Remote Code Execution
DCERPC Services - Client
1004373* - Identified DLL Side Loading Attempt Over Network Share (ATT&CK T1574.002)
1010106* - Identified Downloading Of PowerShell Scripts Through SMB Share (ATT&CK T1059.001)
1004293* - Identified Microsoft Windows Shortcut File Over Network Share
1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client
1007912* - Identified Possible Ransomware File Rename Activity Over Network Share - Client
1007592* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (CVE-2016-0160 and CVE-2016-0148)
1007381* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS15-132)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007426* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)
1008177* - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2017-0039)
1008585* - Microsoft Windows LNK Remote Code Execution Over SMB (CVE-2017-8464)
1010394* - Microsoft Windows LNK Remote Code Execution Vulnerability Over SMB (CVE-2020-1421)
1010553* - Microsoft Windows Media Foundation Memory Corruption Vulnerability Over SMB (CVE-2020-16915)
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1008138* - Microsoft Windows SMB Tree Connect Response Denial Of Service Vulnerability (CVE-2017-0016)
DHCP Client
1000861* - Microsoft Windows DHCP Client Service Remote Code Execution
DNS Client
1010352* - Data Exfiltration Over DNS (Response) Protocol (T1048)
1003328* - Disallow Intra-Site Automatic Tunnel Addressing Protocol
1008666* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2017-11779)
Database Microsoft SQL
1012391 - Microsoft SQL Server Information Disclosure Vulnerability (CVE-2025-49718)
Ivanti Endpoint Manager
1012396 - Ivanti Endpoint Manager Credential Coercion Vulnerability (CVE-2024-13159)
MSMQ Service
1012227* - Microsoft Windows Message Queuing Service Remote Code Execution Vulnerability (CVE-2024-49122)
Mail Server Common
1012143* - Roundcube Webmail Stored Cross-Site Scripting Vulnerability (CVE-2024-37383)
NTP Client
1008004* - NTP 'ntpq atoascii' Memory Corruption Vulnerability (CVE-2015-7852)
Port Mapper FTP Client
1009558* - Remote File Copy Over FTP (ATT&CK T1544, T1071.002)
Ray Framework
1012153* - Ray Remote Code Execution Vulnerability (CVE-2023-48022)
Remote Desktop Protocol Server
1009562* - Identified Remote Desktop Protocol (RDP) Brute Force Attempt (ATT&CK T1110)
1007969* - Identified Suspicious Remote Desktop Protocol (RDP) Brute Force Attempt (ATT&CK T1110, T1021.001)
1008307* - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176)
1009749* - Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708)
Suspicious Client Application Activity
1010364* - Identified Reverse Shell Communication Over HTTPS - 2 (ATT&CK T1071.001)
1007197* - TMTR-0005: GHOST RAT TCP Connection Detected (ATT&CK T1571)
1007186* - TMTR-0007: STRAT HTTP Request
1007199* - TMTR-0008: STRAT HTTP Request
1007198* - TMTR-0009: STRAT HTTP Request
1007200* - TMTR-0010: FAKEM RAT TCP Connection (ATT&CK T1571)
1007201* - TMTR-0011: FAKEM RAT TCP Request (ATT&CK T1571)
1007205* - TMTR-0012: FAKEM RAT TCP Connection (ATT&CK T1571)
1007206* - TMTR-0013: FAKEMRAT HTTP Request
1007207* - TMTR-0014: NJRAT TCP Connection (ATT&CK T1571)
1007202* - TMTR-0015: PSYRAT HTTP Request
1007208* - TMTR-0016: SPLINTER RAT TCP Connection (ATT&CK T1571)
1007209* - TMTR-0017: ZIYAZO RAT BKDR Connection (ATT&CK T1571)
Suspicious Server Application Activity
1009549* - Detected Terminal Services (RDP) Server Traffic - 1 (ATT&CK T1021.001)
WSO2
1012249* - WSO2 Multiple Products Arbitrary File Upload Vulnerability (CVE-2024-7074)
Web Application Common
1012397 - Liferay Multiple Products Reflected Cross-Site Scripting Vulnerability (CVE-2025-4388)
Web Server Common
1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Web Server Oracle
1012244* - Oracle WebLogic Server Insecure Deserialization Vulnerability (CVE-2024-21182)
Web Server SharePoint
1012390 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2025-49704)
Windows Remote Management
1009894* - Powershell Remote Command Execution Via WinRM - HTTP (Request) (ATT&CK T1021.006, T1059.001)
1010048* - WinRM Service Detected & Powershell RCE Over HTTP (ATT&CK T1021.006, T1059.001)
Windows Remote Management Client
1010073* - WinRM Service Detected & Powershell RCE Over HTTP - Client (ATT&CK T1021.006, T1059.001)
Windows SMB Client
1006994* - Executable File Download On Network Share Detected
Windows SMB Server
1007065* - Executable File Uploaded On Network Share (ATT&CK T1570)
1011018* - Identified DCERPC AddPrinterDriverEx Call Over SMB Protocol
1012394 - Microsoft Windows NEGOEX Remote Code Execution Vulnerability (CVE-2025-47981)
1009511* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2019-0630)
Windows Server DCERPC
1011016* - Identified DCERPC AddPrinterDriverEx Call Over TCP Protocol
Windows Services RPC Client DCERPC
1008477* - Identified Usage Of WMI Execute Methods - Client (ATT&CK T1047)
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
Windows Services RPC Server DCERPC
1009615* - Identified Initialization Of WMI - Server (ATT&CK T1047)
1009604* - Identified Usage Of WMI Execute Methods - Server - 1 (ATT&CK T1047)
1009480* - Identified WMI Query Over DCE/RPC Protocol (ATT&CK T1047)
1003766* - Local Security Authority Subsystem Service Integer Overflow Vulnerability
1007068* - Remote Service Execution Through SMBv2 Protocol Detected
Integrity Monitoring Rules:
1002770* - Linux/Unix - File attributes in the /usr/bin and /usr/sbin directories modified
1010812* - Linux/Unix - Name resolver configuration files modified (ATT&CK T1071.004, T1583.002)
1010373* - Linux/Unix - Systemd service modified (ATT&CK T1543.002)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007134* - Batch File Uploaded On Network Share (ATT&CK T1021.002, T1204.002)
1007064* - Executable File Uploaded On System32 Folder Through SMB Share (ATT&CK T1021.002, T1204.002)
1001852* - Identified Attempt To Brute Force Windows Login Credentials (ATT&CK T1110)
1004808* - Identified Big-Endian Byte Order
1005889* - Identified POSWDS Malware Connection Over SMB
1002937* - Integer Overflow In IPP Service Vulnerability
1003824* - License Logging Server Heap Overflow Vulnerability
1004600* - Microsoft Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability
1003015* - Microsoft SMB Credential Reflection Vulnerability
1006579* - Microsoft Windows NETLOGON Spoofing Vulnerability (CVE-2015-0005)
1002931* - Microsoft Windows SMB Buffer Underflow Vulnerability
1000972* - Microsoft Windows svcctl ChangeServiceConfig2A() Memory Corruption Vulnerability
1007114* - Portable Executable File Uploaded On SMB Share (ATT&CK T1021.002, T1204.002)
1003564* - Print Spooler Load Library Vulnerability
1005140* - Print Spooler Service Format String Vulnerability (CVE-2012-1851)
1004401* - Print Spooler Service Impersonation Vulnerability
1007125* - Remote Access Event Through SMBv1 Protocol Detected
1007121* - Remote Access Event Through SMBv2 Protocol Detected
1006995* - Remote Add Job Through SMBv1 Protocol Detected
1007037* - Remote Add Job Through SMBv2 Protocol Detected
1007020* - Remote CreateService Request Detected Through SMBv1 Protocol (ATT&CK T1543.003)
1007066* - Remote Delete Job Through SMBv1 Protocol Detected
1007038* - Remote Delete Job Through SMBv2 Protocol Detected
1007035* - Remote DeleteService Request Through SMBv1 Detected (ATT&CK T1543.003)
1007070* - Remote PWDUMP Through SMBv1 Protocol Detected
1007057* - Remote Registry Access Through SMBv1 Protocol Detected (ATT&CK T1012)
1007032* - Remote Schedule Task Create Through SMBv1 Protocol Detected
1007069* - Remote Service Execution Through SMBv1 Detected (ATT&CK T1569.002)
1003985* - SMB Memory Corruption Vulnerability
1003979* - SMB Null Pointer Vulnerability
1003978* - SMB Pathname Overflow Vulnerability
1004346* - SMB Pool Overflow Vulnerability
1004355* - SMB Stack Exhaustion Vulnerability
1004641* - SMB Transaction Parsing Vulnerability (CVE-2011-0661)
1004348* - SMB Variable Validation Vulnerability
1002975* - Server Service Vulnerability (wkssvc)
1004542* - Windows Netlogon Service Denial Of Service (CVE-2010-2742)
1003676* - Workstation Service Memory Corruption Vulnerability
DCERPC Services - Client
1004821* - Active Accessibility Insecure Library Loading Vulnerability (CVE-2011-1247)
1004924* - Color Control Panel Insecure Library Loading Vulnerability Over Network Share (CVE-2010-5082)
1004700* - DFS Memory Corruption Vulnerability (CVE-2011-1868)
1004762* - Data Access Components Insecure Library Loading Vulnerability Over Network Share (CVE-2011-1975)
1004304* - Identified Suspicious Microsoft Windows Shortcut File Over Network Share (ATT&CK T1080)
1004926* - Indeo Codec Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3138)
1004563* - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability Over Network Share
1003832* - Microsoft Windows 'KeAccumulateTicks()' SMB2 Packet Remote Denial Of Service Vulnerability
1005281* - Microsoft Windows Briefcase Integer Overflow Vulnerability Over Network Share (CVE-2012-1528)
1005280* - Microsoft Windows Briefcase Integer Underflow Vulnerability Over Network Share (CVE-2012-1527)
1004053* - Microsoft Windows CHM Notepad Remote Code Execution
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
1006013* - Microsoft Windows Insecure Binary Loading Vulnerability Over Network Share (CVE-2014-0315)
1006292* - Microsoft Windows OLE Remote Code Execution Vulnerability Over SMB
1004697* - OLE Automation Underflow Vulnerability ( CVE-2011-0658 )
1004897* - Object Packager Insecure Executable Launching Vulnerability Over Network Share (CVE-2012-0009)
1004877* - PowerPoint Insecure Library Loading Vulnerability Over Network Share (CVE-2011-3396)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
1005139* - Remote Administration Protocol Denial Of Service Vulnerability (CVE-2012-1850)
1005142* - Remote Administration Protocol Stack Overflow Vulnerability
1004094* - SMB Client Memory Allocation Vulnerability
1004100* - SMB Client Message Size Vulnerability
1003973* - SMB Client Pool Corruption Vulnerability
1003980* - SMB Client Race Condition Vulnerability
1004096* - SMB Client Response Parsing Vulnerability
1004637* - SMB Client Response Parsing Vulnerability (CVE-2011-0660)
1004095* - SMB Client Transaction Vulnerability
1003014* - SMB Credential Reflection Vulnerability
1004692* - SMB Response Parsing Vulnerability (CVE-2011-1268)
1004775* - Telnet Handler Remote Code Execution Vulnerability Over Network Share (CVE-2011-1961)
1012387 - Trend Micro Apex One Client Remote Code Execution Vulnerability Over SMB (CVE-2025-49155)
1005081* - Vulnerability In Windows Shell Could Allow Remote Code Execution (CVE-2012-0175)
1004797* - Windows Components Insecure Library Loading Vulnerability Over Network Share (CVE-2011-1991)
1004843* - Windows Mail Insecure Library Loading Vulnerability Over Network Share (CVE-2011-2016)
DNS Client
1003189* - Malware AGENT.BTZ Domain Blocker
1000468* - Microsoft Word Malformed Object Pointer Remote Code Execution
1003133* - Pointer Reference Memory Corruption Vulnerability Domain Blocker
HP Intelligent Management Center (IMC)
1012392 - Apache OFBiz Stored Cross-Site Scripting Vulnerability (CVE-2025-30676)
Ivanti Endpoint Manager
1012204* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50328)
1012283* - Ivanti Endpoint Manager Untrusted Search Path Vulnerability (CVE-2024-13158)
JetBrains TeamCity
1012238* - JetBrains TeamCity Stored Cross-Site Scripting Vulnerability (CVE-2024-47951)
Link-Local Multicast Name Resolution
1004645* - DNS Query Vulnerability (CVE-2011-0657)
NTP Client
1006630* - NTP MAC Security Bypass Vulnerability (CVE-2015-1798)
Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)
1005138* - Remote Desktop Protocol Vulnerability (CVE-2012-2526)
Shellcode
1005428* - Identified Suspicious Shellcode Over Network Traffic
1001183* - Identified Suspicious Usage Of Shellcode
1001202* - Identified Suspicious Usage Of Shellcode Encoders
1002359* - Identified Suspicious Usage Of Shellcode In Network Traffic
Suspicious Client Application Activity
1007113* - HTRANS Response Detected
1005067* - Identified Potentially Harmful Client Traffic
1005283* - Identified Potentially Malicious RAT Traffic - I (ATT&CK T1571)
1005299* - Identified Potentially Malicious RAT Traffic - III (ATT&CK T1571, T1219)
1005300* - Identified Potentially Malicious RAT Traffic - IV (ATT&CK T1571)
1005473* - Identified Potentially Malicious RAT Traffic - V (ATT&CK T1571)
1006247* - Identified Potentially Malicious RAT Traffic - VI (ATT&CK T1571)
1005401* - Identified Suspicious HTTP Traffic (ATT&CK T1071.001)
1007181* - TMTR-0001: PRORAT HTTP Request
1007182* - TMTR-0003: PRORAT HTTP Request
1005294* - TMTR-0004: GHOST RAT HTTP Request
1007184* - TMTR-0006: BUTERAT HTTP Request
Suspicious Server Application Activity
1001164* - Detected Terminal Services (RDP) Server Traffic
1005090* - Identified Potentially Harmful Server Traffic
TFTP Client
1003527* - Allow TFTP Client Traffic
Telnet Client
1003687* - Telnet Credential Reflection Vulnerability
Web Application PHP Based
1012281* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-49754)
Web Client Common
1005924* - Restrict Download Of EICAR Test File Over HTTP
Web Server Miscellaneous
1012248* - Jenkins 'Simple Queue' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2024-54003)
Web Server Nagios
1012385 - Nagios XI Arbitrary File Write Vulnerability
Windows Services RPC Server DCERPC
1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected (ATT&CK T1053.005)
1007053* - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected (ATT&CK T1053.005)
1007017* - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected (ATT&CK T1053.005)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007134* - Batch File Uploaded On Network Share (ATT&CK T1021.002, T1204.002)
1007064* - Executable File Uploaded On System32 Folder Through SMB Share (ATT&CK T1021.002, T1204.002)
1001852* - Identified Attempt To Brute Force Windows Login Credentials (ATT&CK T1110)
1004808* - Identified Big-Endian Byte Order
1005889* - Identified POSWDS Malware Connection Over SMB
1002937* - Integer Overflow In IPP Service Vulnerability
1003824* - License Logging Server Heap Overflow Vulnerability
1004600* - Microsoft Active Directory 'BROWSER ELECTION' Buffer Overflow Vulnerability
1003015* - Microsoft SMB Credential Reflection Vulnerability
1006579* - Microsoft Windows NETLOGON Spoofing Vulnerability (CVE-2015-0005)
1002931* - Microsoft Windows SMB Buffer Underflow Vulnerability
1000972* - Microsoft Windows svcctl ChangeServiceConfig2A() Memory Corruption Vulnerability
1007114* - Portable Executable File Uploaded On SMB Share (ATT&CK T1021.002, T1204.002)
1003564* - Print Spooler Load Library Vulnerability
1005140* - Print Spooler Service Format String Vulnerability (CVE-2012-1851)
1004401* - Print Spooler Service Impersonation Vulnerability
1007125* - Remote Access Event Through SMBv1 Protocol Detected
1007121* - Remote Access Event Through SMBv2 Protocol Detected
1006995* - Remote Add Job Through SMBv1 Protocol Detected
1007037* - Remote Add Job Through SMBv2 Protocol Detected
1007020* - Remote CreateService Request Detected Through SMBv1 Protocol (ATT&CK T1543.003)
1007066* - Remote Delete Job Through SMBv1 Protocol Detected
1007038* - Remote Delete Job Through SMBv2 Protocol Detected
1007035* - Remote DeleteService Request Through SMBv1 Detected (ATT&CK T1543.003)
1007070* - Remote PWDUMP Through SMBv1 Protocol Detected
1007057* - Remote Registry Access Through SMBv1 Protocol Detected (ATT&CK T1012)
1007032* - Remote Schedule Task Create Through SMBv1 Protocol Detected
1007069* - Remote Service Execution Through SMBv1 Detected (ATT&CK T1569.002)
1003985* - SMB Memory Corruption Vulnerability
1003979* - SMB Null Pointer Vulnerability
1003978* - SMB Pathname Overflow Vulnerability
1004346* - SMB Pool Overflow Vulnerability
1004355* - SMB Stack Exhaustion Vulnerability
1004641* - SMB Transaction Parsing Vulnerability (CVE-2011-0661)
1004348* - SMB Variable Validation Vulnerability
1002975* - Server Service Vulnerability (wkssvc)
1004542* - Windows Netlogon Service Denial Of Service (CVE-2010-2742)
1003676* - Workstation Service Memory Corruption Vulnerability
DCERPC Services - Client
1004821* - Active Accessibility Insecure Library Loading Vulnerability (CVE-2011-1247)
1004924* - Color Control Panel Insecure Library Loading Vulnerability Over Network Share (CVE-2010-5082)
1004700* - DFS Memory Corruption Vulnerability (CVE-2011-1868)
1004762* - Data Access Components Insecure Library Loading Vulnerability Over Network Share (CVE-2011-1975)
1004304* - Identified Suspicious Microsoft Windows Shortcut File Over Network Share (ATT&CK T1080)
1004926* - Indeo Codec Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3138)
1004563* - Microsoft Windows 'CreateSizedDIBSECTION()' Thumbnail View Stack Buffer Overflow Vulnerability Over Network Share
1003832* - Microsoft Windows 'KeAccumulateTicks()' SMB2 Packet Remote Denial Of Service Vulnerability
1005281* - Microsoft Windows Briefcase Integer Overflow Vulnerability Over Network Share (CVE-2012-1528)
1005280* - Microsoft Windows Briefcase Integer Underflow Vulnerability Over Network Share (CVE-2012-1527)
1004053* - Microsoft Windows CHM Notepad Remote Code Execution
1006554* - Microsoft Windows DLL Planting Remote Code Execution Vulnerability (CVE-2015-0096)
1006013* - Microsoft Windows Insecure Binary Loading Vulnerability Over Network Share (CVE-2014-0315)
1006292* - Microsoft Windows OLE Remote Code Execution Vulnerability Over SMB
1004697* - OLE Automation Underflow Vulnerability ( CVE-2011-0658 )
1004897* - Object Packager Insecure Executable Launching Vulnerability Over Network Share (CVE-2012-0009)
1004877* - PowerPoint Insecure Library Loading Vulnerability Over Network Share (CVE-2011-3396)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
1005139* - Remote Administration Protocol Denial Of Service Vulnerability (CVE-2012-1850)
1005142* - Remote Administration Protocol Stack Overflow Vulnerability
1004094* - SMB Client Memory Allocation Vulnerability
1004100* - SMB Client Message Size Vulnerability
1003973* - SMB Client Pool Corruption Vulnerability
1003980* - SMB Client Race Condition Vulnerability
1004096* - SMB Client Response Parsing Vulnerability
1004637* - SMB Client Response Parsing Vulnerability (CVE-2011-0660)
1004095* - SMB Client Transaction Vulnerability
1003014* - SMB Credential Reflection Vulnerability
1004692* - SMB Response Parsing Vulnerability (CVE-2011-1268)
1004775* - Telnet Handler Remote Code Execution Vulnerability Over Network Share (CVE-2011-1961)
1012387 - Trend Micro Apex One Client Remote Code Execution Vulnerability Over SMB (CVE-2025-49155)
1005081* - Vulnerability In Windows Shell Could Allow Remote Code Execution (CVE-2012-0175)
1004797* - Windows Components Insecure Library Loading Vulnerability Over Network Share (CVE-2011-1991)
1004843* - Windows Mail Insecure Library Loading Vulnerability Over Network Share (CVE-2011-2016)
DNS Client
1003189* - Malware AGENT.BTZ Domain Blocker
1000468* - Microsoft Word Malformed Object Pointer Remote Code Execution
1003133* - Pointer Reference Memory Corruption Vulnerability Domain Blocker
HP Intelligent Management Center (IMC)
1012392 - Apache OFBiz Stored Cross-Site Scripting Vulnerability (CVE-2025-30676)
Ivanti Endpoint Manager
1012204* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50328)
1012283* - Ivanti Endpoint Manager Untrusted Search Path Vulnerability (CVE-2024-13158)
JetBrains TeamCity
1012238* - JetBrains TeamCity Stored Cross-Site Scripting Vulnerability (CVE-2024-47951)
Link-Local Multicast Name Resolution
1004645* - DNS Query Vulnerability (CVE-2011-0657)
NTP Client
1006630* - NTP MAC Security Bypass Vulnerability (CVE-2015-1798)
Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)
1005138* - Remote Desktop Protocol Vulnerability (CVE-2012-2526)
Shellcode
1005428* - Identified Suspicious Shellcode Over Network Traffic
1001183* - Identified Suspicious Usage Of Shellcode
1001202* - Identified Suspicious Usage Of Shellcode Encoders
1002359* - Identified Suspicious Usage Of Shellcode In Network Traffic
Suspicious Client Application Activity
1007113* - HTRANS Response Detected
1005067* - Identified Potentially Harmful Client Traffic
1005283* - Identified Potentially Malicious RAT Traffic - I (ATT&CK T1571)
1005299* - Identified Potentially Malicious RAT Traffic - III (ATT&CK T1571, T1219)
1005300* - Identified Potentially Malicious RAT Traffic - IV (ATT&CK T1571)
1005473* - Identified Potentially Malicious RAT Traffic - V (ATT&CK T1571)
1006247* - Identified Potentially Malicious RAT Traffic - VI (ATT&CK T1571)
1005401* - Identified Suspicious HTTP Traffic (ATT&CK T1071.001)
1007181* - TMTR-0001: PRORAT HTTP Request
1007182* - TMTR-0003: PRORAT HTTP Request
1005294* - TMTR-0004: GHOST RAT HTTP Request
1007184* - TMTR-0006: BUTERAT HTTP Request
Suspicious Server Application Activity
1001164* - Detected Terminal Services (RDP) Server Traffic
1005090* - Identified Potentially Harmful Server Traffic
TFTP Client
1003527* - Allow TFTP Client Traffic
Telnet Client
1003687* - Telnet Credential Reflection Vulnerability
Web Application PHP Based
1012281* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-49754)
Web Client Common
1005924* - Restrict Download Of EICAR Test File Over HTTP
Web Server Miscellaneous
1012248* - Jenkins 'Simple Queue' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2024-54003)
Web Server Nagios
1012385 - Nagios XI Arbitrary File Write Vulnerability
Windows Services RPC Server DCERPC
1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected (ATT&CK T1053.005)
1007053* - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected (ATT&CK T1053.005)
1007017* - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected (ATT&CK T1053.005)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008679* - Identified BADRABBIT Ransomware Propagation Over SMB
1008327* - Identified Server Suspicious SMB Session
1010214* - Identified Trend Micro ApexOne Backup Folder Access
1010101* - Identified Usage Of PAExec Command Line Tool (ATT&CK T1569.002)
1009801* - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040)
1010025* - Microsoft Windows NTLM Tampering Vulnerability (CVE-2019-1166)
1012187* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2024-43642)
1010900* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)
1010317* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2020-1301)
1010652* - Microsoft Windows SMB2 Server Information Disclosure Vulnerability (CVE-2020-17140)
1010653* - Microsoft Windows SMB2 Server Remote Code Execution Vulnerability (CVE-2020-17096)
1010192* - Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)
1008717* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-11771)
1011587* - Microsoft Windows Server Service Tampering Vulnerability (CVE-2022-30216)
1010521* - Netlogon Elevation Of Privilege Vulnerability Over SMB (Zerologon) (CVE-2020-1472)
DCERPC Services - Client
1008328* - Identified Client Suspicious SMB Session
1010585* - Identified Possible Ransomware File Extension Create Activity Over Network Share - Client (ATT&CK T1486, T1080)
1004566* - Identified Suspicious Microsoft DLL File Over Network Share
1009331* - Microsoft Filter Manager Elevation Of Privilege Vulnerability (CVE-2018-8333)
1012183* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over SMB (ZDI-25-148)
1010201* - Microsoft Windows LNK Remote Code Execution Vulnerability Over SMB (CVE-2020-0729)
1012075* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability Over SMB (CVE-2024-38112)
1009717* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability Over SMB
1011436* - Microsoft Windows RPC Remote Code Execution Vulnerability Over SMB (CVE-2022-26809)
1011459* - Microsoft Windows RPC Remote Code Execution Vulnerability Over TCP (CVE-2022-26809)
1010319* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2020-1284)
1008915* - Microsoft Windows SMBv3 Denial Of Service Vulnerability (CVE-2018-0833)
1011950* - Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Over SMB (CVE-2024-21412)
1007120* - SMB DLL Injection Exploit Detected (ATT&CK T1055.001)
DNS Client
1007456* - DNS Malformed Response Detected
1008571* - DNS Request To ShadowPad Domain Detection
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
1008204* - DNSMessenger Malware Domain Blocker
1009135* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225)
IPSec-IKE
1011669* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Denial Of Service Vulnerability (CVE-2023-21547)
1011801* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Denial Of Service Vulnerability (CVE-2023-21758)
1011536* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability (CVE-2022-34721)
Ivanti Endpoint Manager
1012205* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50326)
1012207* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50330)
JetBrains TeamCity
1012381 - JetBrains TeamCity Cross-Site Scripting Vulnerability (CVE-2025-46618)
Kerberos KDC Client
1012338* - Microsoft Windows Defender Credential Guard Security Feature Bypass Vulnerability (CVE-2025-29809)
LDAP Client
1011269* - Identified Java Code Download Attempt Over LDAP
MS-RDPEUDP2
1009940* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1224)
1009941* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1225)
Microsoft Office
1011208* - Microsoft Access Remote Code Execution Vulnerability (CVE-2021-41368)
1011303* - Microsoft Excel Information Disclosure Vulnerability (CVE-2022-22716)
1011137* - Microsoft Office Graphics Remote Code Execution Vulnerability (CVE-2021-38658)
1011138* - Microsoft Office Remote Code Execution Vulnerability (CVE-2021-38659)
1011181* - Microsoft Office Visio Remote Code Execution Vulnerability (CVE-2021-40480)
1011182* - Microsoft Office Visio Remote Code Execution Vulnerability (CVE-2021-40481)
1011136* - Microsoft Word Remote Code Execution Vulnerability (CVE-2021-38656)
1011184* - Microsoft Word Remote Code Execution Vulnerability (CVE-2021-40486)
1011701* - Microsoft Word Remote Code Execution Vulnerability (CVE-2023-21716)
Port Mapper FTP Client
1011089* - Identified File Upload Over FTP (ATT&CK T1048.003)
Port Mapper Windows
1001033* - Windows Port Mapper Decoder
Remote Desktop Protocol Client
1009031* - Microsoft Windows CredSSP Remote Code Execution Vulnerability (CVE-2018-0886)
1010402* - Microsoft Windows Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-1374)
Remote Desktop Protocol Server
1009343* - Identified Too Many SSL Alert Messages In SSLv3 Over RDP (ATT&CK T1021.001, T1573.002)
1009958* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1181)
1009961* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1182)
1009448* - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt
1010556* - Microsoft Windows Remote Desktop Protocol Information Disclosure Vulnerability (CVE-2020-16896)
Suspicious Client Application Activity
1008946* - Heuristic Detection Of Suspicious Digital Certificate (ATT&CK T1587.003)
1008756* - Identified Potentially Malicious RAT Traffic - VII (ATT&CK T1571)
1010307* - Identified Reverse Shell Communication Over HTTPS (ATT&CK T1071.001)
1010306* - Identified Reverse Shell Communication Over HTTPS - 1 (ATT&CK T1071.001)
1010365* - Identified Reverse Shell Communication Over HTTPS - 3 (ATT&CK T1071.001)
1010370* - Identified Reverse Shell Communication Over HTTPS - 4 (ATT&CK T1071.001)
1009952* - Identified WhatsApp Communication Attempt (ATT&CK T1102.002)
1009432* - Tildeb Acknowledgment Request
TFTP Client Decoder
1003526* - Enable TFTP Decoder
Web Application PHP Based
1012193* - WordPress 'WP Brutal AI' Plugin SQL Injection Vulnerability (CVE-2023-2601)
1012194* - WordPress 'WP Brutal AI' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2023-2606)
1012226* - WordPress 'wpForo' Plugin Local File Inclusion Vulnerability (CVE-2023-2249)
Web Client Common
1010540* - Download Of A Suspicious PowerShell Script File Detected
1004715* - HTTP Web Client Decoding
1011091* - Identified Download Of Executable File Over HTTP (ATT&CK T1105)
1011500* - Identified Download of Python Reverse Shell Payload Over HTTP
1011225* - Microsoft Project MPT File Parsing Out-Of-Bounds Read Vulnerability (ZDI-CAN-14518)
1012070* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-2023-35628)
1012074* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-2024-38112)
1012141* - Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461)
1012142* - Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461) - 1
1011949* - Microsoft Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2024-21412)
Web Client HTTPS
1010130* - Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601)
1010132* - Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) - 1
1010290* - Microsoft Windows Transport Layer Security Denial Of Service Vulnerability (CVE-2020-1118) - Client
Web Server Common
1011249* - Apache Log4j Denial of Service Vulnerability (CVE-2021-45105)
1011270* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) - 1
1011265* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046)
1011279* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046) - 1
1000128* - HTTP Protocol Decoding
Web Server HTTPS
1012384 - Roundcube Webmail Insecure Deserialization Vulnerability (CVE-2025-49113)
Windows SMB Client
1011055* - Identified DCERPC OpenPrinterEx Call Over SMB Protocol
1010701* - Microsoft Windows Defender Remote Code Execution Vulnerability Over SMB (CVE-2021-1647)
Windows SMB Server
1011058* - Identified DCERPC EFSRPC Methods Call Over SMB Protocol (PetitPotam)
1011593* - Identified Executable File Upload On Network Share (ATT&CK T1570)
1012318* - Identified Possible Ransomware File Rename Activity Over Network Share - 1
1011680* - Microsoft Windows NEGOEX Remote Code Execution Vulnerability (CVE-2022-37958)
1010884* - Microsoft Windows RPC Remote Code Execution Vulnerability (CVE-2017-8461)
Windows Services RPC Client DCERPC
1012178* - Identified Windows DCERPC AUTH LEVEL CONNECT Windows Remote Registry Request
1007538* - Windows Client Port Mapper Decoder
Windows Services RPC Server DCERPC
1009892* - Identified Domain-Level Information Dumping Over DCERPC (ATT&CK T1003.006, T1018)
1010539* - Identified NTLM Brute Force Attempt (ZeroLogon) (CVE-2020-1472)
1009478* - Identified Remote Service Creation Over DCE/RPC Protocol (ATT&CK T1543.003)
1007561* - Identified Windows DCERPC AUTH LEVEL CONNECT Password Validate Request
1010519* - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1008679* - Identified BADRABBIT Ransomware Propagation Over SMB
1008327* - Identified Server Suspicious SMB Session
1010214* - Identified Trend Micro ApexOne Backup Folder Access
1010101* - Identified Usage Of PAExec Command Line Tool (ATT&CK T1569.002)
1009801* - Microsoft Windows NTLM Elevation Of Privilege Vulnerability (CVE-2019-1040)
1010025* - Microsoft Windows NTLM Tampering Vulnerability (CVE-2019-1166)
1012187* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2024-43642)
1010900* - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2021-28325)
1010317* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2020-1301)
1010652* - Microsoft Windows SMB2 Server Information Disclosure Vulnerability (CVE-2020-17140)
1010653* - Microsoft Windows SMB2 Server Remote Code Execution Vulnerability (CVE-2020-17096)
1010192* - Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)
1008717* - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-11771)
1011587* - Microsoft Windows Server Service Tampering Vulnerability (CVE-2022-30216)
1010521* - Netlogon Elevation Of Privilege Vulnerability Over SMB (Zerologon) (CVE-2020-1472)
DCERPC Services - Client
1008328* - Identified Client Suspicious SMB Session
1010585* - Identified Possible Ransomware File Extension Create Activity Over Network Share - Client (ATT&CK T1486, T1080)
1004566* - Identified Suspicious Microsoft DLL File Over Network Share
1009331* - Microsoft Filter Manager Elevation Of Privilege Vulnerability (CVE-2018-8333)
1012183* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over SMB (ZDI-25-148)
1010201* - Microsoft Windows LNK Remote Code Execution Vulnerability Over SMB (CVE-2020-0729)
1012075* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability Over SMB (CVE-2024-38112)
1009717* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability Over SMB
1011436* - Microsoft Windows RPC Remote Code Execution Vulnerability Over SMB (CVE-2022-26809)
1011459* - Microsoft Windows RPC Remote Code Execution Vulnerability Over TCP (CVE-2022-26809)
1010319* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2020-1284)
1008915* - Microsoft Windows SMBv3 Denial Of Service Vulnerability (CVE-2018-0833)
1011950* - Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Over SMB (CVE-2024-21412)
1007120* - SMB DLL Injection Exploit Detected (ATT&CK T1055.001)
DNS Client
1007456* - DNS Malformed Response Detected
1008571* - DNS Request To ShadowPad Domain Detection
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
1008204* - DNSMessenger Malware Domain Blocker
1009135* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225)
IPSec-IKE
1011669* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Denial Of Service Vulnerability (CVE-2023-21547)
1011801* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Denial Of Service Vulnerability (CVE-2023-21758)
1011536* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability (CVE-2022-34721)
Ivanti Endpoint Manager
1012205* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50326)
1012207* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50330)
JetBrains TeamCity
1012381 - JetBrains TeamCity Cross-Site Scripting Vulnerability (CVE-2025-46618)
Kerberos KDC Client
1012338* - Microsoft Windows Defender Credential Guard Security Feature Bypass Vulnerability (CVE-2025-29809)
LDAP Client
1011269* - Identified Java Code Download Attempt Over LDAP
MS-RDPEUDP2
1009940* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1224)
1009941* - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1225)
Microsoft Office
1011208* - Microsoft Access Remote Code Execution Vulnerability (CVE-2021-41368)
1011303* - Microsoft Excel Information Disclosure Vulnerability (CVE-2022-22716)
1011137* - Microsoft Office Graphics Remote Code Execution Vulnerability (CVE-2021-38658)
1011138* - Microsoft Office Remote Code Execution Vulnerability (CVE-2021-38659)
1011181* - Microsoft Office Visio Remote Code Execution Vulnerability (CVE-2021-40480)
1011182* - Microsoft Office Visio Remote Code Execution Vulnerability (CVE-2021-40481)
1011136* - Microsoft Word Remote Code Execution Vulnerability (CVE-2021-38656)
1011184* - Microsoft Word Remote Code Execution Vulnerability (CVE-2021-40486)
1011701* - Microsoft Word Remote Code Execution Vulnerability (CVE-2023-21716)
Port Mapper FTP Client
1011089* - Identified File Upload Over FTP (ATT&CK T1048.003)
Port Mapper Windows
1001033* - Windows Port Mapper Decoder
Remote Desktop Protocol Client
1009031* - Microsoft Windows CredSSP Remote Code Execution Vulnerability (CVE-2018-0886)
1010402* - Microsoft Windows Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-1374)
Remote Desktop Protocol Server
1009343* - Identified Too Many SSL Alert Messages In SSLv3 Over RDP (ATT&CK T1021.001, T1573.002)
1009958* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1181)
1009961* - Microsoft Windows RDP Remote Code Execution Vulnerability (CVE-2019-1182)
1009448* - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt
1010556* - Microsoft Windows Remote Desktop Protocol Information Disclosure Vulnerability (CVE-2020-16896)
Suspicious Client Application Activity
1008946* - Heuristic Detection Of Suspicious Digital Certificate (ATT&CK T1587.003)
1008756* - Identified Potentially Malicious RAT Traffic - VII (ATT&CK T1571)
1010307* - Identified Reverse Shell Communication Over HTTPS (ATT&CK T1071.001)
1010306* - Identified Reverse Shell Communication Over HTTPS - 1 (ATT&CK T1071.001)
1010365* - Identified Reverse Shell Communication Over HTTPS - 3 (ATT&CK T1071.001)
1010370* - Identified Reverse Shell Communication Over HTTPS - 4 (ATT&CK T1071.001)
1009952* - Identified WhatsApp Communication Attempt (ATT&CK T1102.002)
1009432* - Tildeb Acknowledgment Request
TFTP Client Decoder
1003526* - Enable TFTP Decoder
Web Application PHP Based
1012193* - WordPress 'WP Brutal AI' Plugin SQL Injection Vulnerability (CVE-2023-2601)
1012194* - WordPress 'WP Brutal AI' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2023-2606)
1012226* - WordPress 'wpForo' Plugin Local File Inclusion Vulnerability (CVE-2023-2249)
Web Client Common
1010540* - Download Of A Suspicious PowerShell Script File Detected
1004715* - HTTP Web Client Decoding
1011091* - Identified Download Of Executable File Over HTTP (ATT&CK T1105)
1011500* - Identified Download of Python Reverse Shell Payload Over HTTP
1011225* - Microsoft Project MPT File Parsing Out-Of-Bounds Read Vulnerability (ZDI-CAN-14518)
1012070* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-2023-35628)
1012074* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-2024-38112)
1012141* - Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461)
1012142* - Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461) - 1
1011949* - Microsoft Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2024-21412)
Web Client HTTPS
1010130* - Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601)
1010132* - Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) - 1
1010290* - Microsoft Windows Transport Layer Security Denial Of Service Vulnerability (CVE-2020-1118) - Client
Web Server Common
1011249* - Apache Log4j Denial of Service Vulnerability (CVE-2021-45105)
1011270* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) - 1
1011265* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046)
1011279* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046) - 1
1000128* - HTTP Protocol Decoding
Web Server HTTPS
1012384 - Roundcube Webmail Insecure Deserialization Vulnerability (CVE-2025-49113)
Windows SMB Client
1011055* - Identified DCERPC OpenPrinterEx Call Over SMB Protocol
1010701* - Microsoft Windows Defender Remote Code Execution Vulnerability Over SMB (CVE-2021-1647)
Windows SMB Server
1011058* - Identified DCERPC EFSRPC Methods Call Over SMB Protocol (PetitPotam)
1011593* - Identified Executable File Upload On Network Share (ATT&CK T1570)
1012318* - Identified Possible Ransomware File Rename Activity Over Network Share - 1
1011680* - Microsoft Windows NEGOEX Remote Code Execution Vulnerability (CVE-2022-37958)
1010884* - Microsoft Windows RPC Remote Code Execution Vulnerability (CVE-2017-8461)
Windows Services RPC Client DCERPC
1012178* - Identified Windows DCERPC AUTH LEVEL CONNECT Windows Remote Registry Request
1007538* - Windows Client Port Mapper Decoder
Windows Services RPC Server DCERPC
1009892* - Identified Domain-Level Information Dumping Over DCERPC (ATT&CK T1003.006, T1018)
1010539* - Identified NTLM Brute Force Attempt (ZeroLogon) (CVE-2020-1472)
1009478* - Identified Remote Service Creation Over DCE/RPC Protocol (ATT&CK T1543.003)
1007561* - Identified Windows DCERPC AUTH LEVEL CONNECT Password Validate Request
1010519* - Netlogon Elevation Of Privilege Vulnerability (Zerologon) (CVE-2020-1472)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Mail Server Common
1012173* - Roundcube Webmail Stored Cross-Site Scripting Vulnerability (CVE-2024-42009)
NodeBB
1012382 - NodeBB Stored Cross-Site Scripting Vulnerability (CVE-2024-57041)
1012378 - NodeBB Stored Cross-Site Scripting Vulnerability (CVE-2025-29513)
Spring Cloud Skipper Server
1012171* - VMware Spring Cloud Skipper Server Directory Traversal Vulnerability (CVE-2024-22263)
Web Application Common
1012364 - Web Application Possible Brute Force Attempt-XFF (ATT&CK T1110)
Web Application PHP Based
1012157* - SPIP 'BigUp' Plugin Remote Code Execution Vulnerability (CVE-2024-8517)
1012180* - WordPress 'Feed Them Social' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2383)
1012366 - WordPress 'OttoKit: All-in-One Automation Platform (Formerly SureTriggers)' Plugin Authentication Bypass Vulnerability (CVE-2025-3102)
1012363 - WordPress 'Return Refund and Exchange For WooCommerce' Plugin Arbitrary File Upload Vulnerability (CVE-2022-4047)
Web Application Ruby Based
1012189* - Grafana 'duckdb' Remote Code Execution Vulnerability (CVE-2024-9264)
Web Server Common
1006540* - Enable X-Forwarded-For HTTP Header Logging
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Mail Server Common
1012173* - Roundcube Webmail Stored Cross-Site Scripting Vulnerability (CVE-2024-42009)
NodeBB
1012382 - NodeBB Stored Cross-Site Scripting Vulnerability (CVE-2024-57041)
1012378 - NodeBB Stored Cross-Site Scripting Vulnerability (CVE-2025-29513)
Spring Cloud Skipper Server
1012171* - VMware Spring Cloud Skipper Server Directory Traversal Vulnerability (CVE-2024-22263)
Web Application Common
1012364 - Web Application Possible Brute Force Attempt-XFF (ATT&CK T1110)
Web Application PHP Based
1012157* - SPIP 'BigUp' Plugin Remote Code Execution Vulnerability (CVE-2024-8517)
1012180* - WordPress 'Feed Them Social' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2383)
1012366 - WordPress 'OttoKit: All-in-One Automation Platform (Formerly SureTriggers)' Plugin Authentication Bypass Vulnerability (CVE-2025-3102)
1012363 - WordPress 'Return Refund and Exchange For WooCommerce' Plugin Arbitrary File Upload Vulnerability (CVE-2022-4047)
Web Application Ruby Based
1012189* - Grafana 'duckdb' Remote Code Execution Vulnerability (CVE-2024-9264)
Web Server Common
1006540* - Enable X-Forwarded-For HTTP Header Logging
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
BentoML
1012362 - BentoML's runner server Insecure Deserialization Vulnerability (CVE-2025-32375)
CyberPanel
1012377 - CyberPanel Command Injection Vulnerability (CVE-2024-51568)
Directory Client LDAP TCP
1012276* - Microsoft Windows LDAP Integer Overflow Vulnerability (CVE-2024-49112)
Ivanti Endpoint Manager
1012346* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-34781)
JetBrains TeamCity
1012297* - JetBrains TeamCity Cross-Site Scripting Vulnerability (CVE-2025-24459)
Remote Desktop Gateway
1012376 - Microsoft Windows Remote Desktop Gateway Denial Of Service Vulnerability (CVE-2025-30394)
Web Application Common
1012348* - ZendTo Remote Code Execution Vulnerability (CVE-2021-47667)
Web Application PHP Based
1012285* - Clinic's Patient Management System Remote Code Execution Vulnerability (CVE-2022-40471)
Web Client Common
1012379 - Microsoft Windows Remote Code Execution Vulnerability (CVE-2025-33053)
Web Client HTTPS
1012375 - Trend Micro Apex Central Deserialization Of Untrusted Data Vulnerability (CVE-2025-49220)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
BentoML
1012362 - BentoML's runner server Insecure Deserialization Vulnerability (CVE-2025-32375)
CyberPanel
1012377 - CyberPanel Command Injection Vulnerability (CVE-2024-51568)
Directory Client LDAP TCP
1012276* - Microsoft Windows LDAP Integer Overflow Vulnerability (CVE-2024-49112)
Ivanti Endpoint Manager
1012346* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-34781)
JetBrains TeamCity
1012297* - JetBrains TeamCity Cross-Site Scripting Vulnerability (CVE-2025-24459)
Remote Desktop Gateway
1012376 - Microsoft Windows Remote Desktop Gateway Denial Of Service Vulnerability (CVE-2025-30394)
Web Application Common
1012348* - ZendTo Remote Code Execution Vulnerability (CVE-2021-47667)
Web Application PHP Based
1012285* - Clinic's Patient Management System Remote Code Execution Vulnerability (CVE-2022-40471)
Web Client Common
1012379 - Microsoft Windows Remote Code Execution Vulnerability (CVE-2025-33053)
Web Client HTTPS
1012375 - Trend Micro Apex Central Deserialization Of Untrusted Data Vulnerability (CVE-2025-49220)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Ivanti Avalanche
1012298* - Ivanti Avalanche Authentication Bypass Vulnerability (CVE-2024-13181)
Ivanti Endpoint Manager
1012207* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50330)
Microsoft Configuration Manager
1012289* - Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)
MyQ Print Server
1012268* - MyQ Print Server Remote Code Execution Vulnerability (CVE-2024-28059)
Solr Service
1012291* - Apache Solr Directory Traversal Vulnerability (CVE-2024-52012)
Web Application Common
1011718* - ThinkPHP SQL Injection Vulnerability (CVE-2021-44350)
Web Application PHP Based
1011689* - LibreNMS Cross-Site Scripting Vulnerability (CVE-2022-4069)
1011644* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4067)
1012260* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-50352)
1011736* - OpenCATS Cross-Site Scripting Vulnerability (CVE-2023-27293)
1011772* - Pimcore SQL Injection Vulnerability (CVE-2023-1578)
1011613* - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011641* - WordPress 'Availability Calendar' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24604)
1011537* - WordPress 'BackupBuddy' Plugin Directory Traversal Vulnerability (CVE-2022-31474)
1011611* - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011629* - WordPress 'Donate With QRCode' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24618)
1011754* - WordPress 'Duplicator' Plugin Information Disclosure Vulnerability (CVE-2022-2551)
1011604* - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011605* - WordPress 'EventON Calendar' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2020-29395)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617* - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011561* - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)
1011643* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2020-35589)
1011634* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24657)
1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
1011747* - WordPress 'Metform Elementor Contact Form Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2023-0084)
1011602* - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
1011599* - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011603* - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
1011615* - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011714* - WordPress 'Paid Memberships Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2022-4830)
1011695* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2023-23488)
1011609* - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606* - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011638* - WordPress 'Responsive 3D Slider' Plugin SQL Injection Vulnerability (CVE-2021-24398)
1011528* - WordPress 'Simple File List' Plugin Directory Traversal Vulnerability (CVE-2022-1119)
1011637* - WordPress 'Simple School Staff Directory' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24663)
1011621* - WordPress 'Snap Creek Duplicator' Plugin Directory Traversal Vulnerability (CVE-2020-11738)
1011632* - WordPress 'Splash Header' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24587)
1011618* - WordPress 'Support Board' Plugin SQL Injection Vulnerability (CVE-2021-24741)
1011612* - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011636* - WordPress 'ThinkTwit' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24582)
1009644* - WordPress 'W3 Total Cache' Plugin Arbitrary File Read Vulnerability (CVE-2019-6715)
1011622* - WordPress 'WP Dialog' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24600)
1012368 - WordPress 'WP Hotel Booking' Plugin SQL Injection Vulnerability (CVE-2023-5652)
1011620* - WordPress Directory Traversal Vulnerability (CVE-2019-8943)
Web Application Tomcat
1012369 - vBulletin Remote Code Execution Vulnerability (CVE-2025-48828)
Web Server Common
1011690* - dotCMS Directory Traversal Vulnerability (CVE-2022-45783)
Web Server HTTPS
1012371 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47865)
1012372 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47867)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Ivanti Avalanche
1012298* - Ivanti Avalanche Authentication Bypass Vulnerability (CVE-2024-13181)
Ivanti Endpoint Manager
1012207* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50330)
Microsoft Configuration Manager
1012289* - Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)
MyQ Print Server
1012268* - MyQ Print Server Remote Code Execution Vulnerability (CVE-2024-28059)
Solr Service
1012291* - Apache Solr Directory Traversal Vulnerability (CVE-2024-52012)
Web Application Common
1011718* - ThinkPHP SQL Injection Vulnerability (CVE-2021-44350)
Web Application PHP Based
1011689* - LibreNMS Cross-Site Scripting Vulnerability (CVE-2022-4069)
1011644* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4067)
1012260* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-50352)
1011736* - OpenCATS Cross-Site Scripting Vulnerability (CVE-2023-27293)
1011772* - Pimcore SQL Injection Vulnerability (CVE-2023-1578)
1011613* - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011641* - WordPress 'Availability Calendar' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24604)
1011537* - WordPress 'BackupBuddy' Plugin Directory Traversal Vulnerability (CVE-2022-31474)
1011611* - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011629* - WordPress 'Donate With QRCode' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24618)
1011754* - WordPress 'Duplicator' Plugin Information Disclosure Vulnerability (CVE-2022-2551)
1011604* - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011605* - WordPress 'EventON Calendar' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2020-29395)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617* - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011561* - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)
1011643* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2020-35589)
1011634* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24657)
1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
1011747* - WordPress 'Metform Elementor Contact Form Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2023-0084)
1011602* - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
1011599* - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011603* - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
1011615* - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011714* - WordPress 'Paid Memberships Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2022-4830)
1011695* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2023-23488)
1011609* - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606* - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011638* - WordPress 'Responsive 3D Slider' Plugin SQL Injection Vulnerability (CVE-2021-24398)
1011528* - WordPress 'Simple File List' Plugin Directory Traversal Vulnerability (CVE-2022-1119)
1011637* - WordPress 'Simple School Staff Directory' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24663)
1011621* - WordPress 'Snap Creek Duplicator' Plugin Directory Traversal Vulnerability (CVE-2020-11738)
1011632* - WordPress 'Splash Header' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24587)
1011618* - WordPress 'Support Board' Plugin SQL Injection Vulnerability (CVE-2021-24741)
1011612* - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011636* - WordPress 'ThinkTwit' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24582)
1009644* - WordPress 'W3 Total Cache' Plugin Arbitrary File Read Vulnerability (CVE-2019-6715)
1011622* - WordPress 'WP Dialog' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24600)
1012368 - WordPress 'WP Hotel Booking' Plugin SQL Injection Vulnerability (CVE-2023-5652)
1011620* - WordPress Directory Traversal Vulnerability (CVE-2019-8943)
Web Application Tomcat
1012369 - vBulletin Remote Code Execution Vulnerability (CVE-2025-48828)
Web Server Common
1011690* - dotCMS Directory Traversal Vulnerability (CVE-2022-45783)
Web Server HTTPS
1012371 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47865)
1012372 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47867)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
JetBrains TeamCity
1012199* - JetBrains TeamCity Stored Cross-Site Scripting Vulnerability (CVE-2024-47950)
MLflow
1012096* - MLflow Path Traversal Vulnerabilities (CVE-2023-6909 and CVE-2024-2928)
Mail Server Common
1012185* - Roundcube Webmail Information Disclosure Vulnerability (CVE-2024-42010)
Progress WhatsUp Gold
1012184* - Progress WhatsUp Gold Information Disclosure Vulnerability (CVE-2024-5010)
Web Application Common
1011468* - Horde Groupware Webmail Insecure Deserialization Vulnerability (CVE-2022-30287)
Web Application PHP Based
1011319* - WordPress '404 to 301' Plugin Blind SQL Injection Vulnerability (CVE-2015-9323)
1011392* - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
1011439* - WordPress 'Advanced Uploader' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1103)
1011425* - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
1011416* - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
1011426* - WordPress 'Blue Admin' Plugin Cross-Site Request Forgery Vulnerability (CVE-2021-24581)
1011358* - WordPress 'CP Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0448)
1011411* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
1011419* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
1011314* - WordPress 'Contact Form Check Tester' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24247)
1011450* - WordPress 'Copy & Delete Posts' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-43408)
1011337* - WordPress 'Download Monitor' Plugin Cross-Site Scripting Vulnerability (CVE-2021-23174)
1011380* - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
1011405* - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
1011481* - WordPress 'Events Made Easy' Plugin SQL Injection Vulnerability (CVE-2022-1905)
1011465* - WordPress 'Google Tag Manager for WordPress' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1707)
1011356* - WordPress 'Header Footer Code Manager' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0710)
1011409* - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
1011431* - WordPress 'LayerSlider' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1153)
1011410* - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
1011353* - WordPress 'MasterStudy LMS' Plugin Admin Account Creation Vulnerability (CVE-2022-0441)
1011400* - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
1011388* - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
1011335* - WordPress 'Mortgage-Calculators-Wp' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24904)
1011334* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2021-25114)
1011387* - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
1011375* - WordPress 'Photoswipe Masonry Gallery' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0750)
1011320* - WordPress 'Post Grid' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24488)
1011489* - WordPress 'Random Banner' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0210)
1011467* - WordPress 'ReDi Restaurant Reservation' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24299)
1011393* - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)
1011446* - WordPress 'Responsive Menu' Plugin Authenticated Arbitrary File Upload Vulnerability (CVE-2021-24160)
1011423* - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
1011351* - WordPress 'TI WooCommerce Wishlist' Plugin SQL Injection Vulnerability (CVE-2022-0412)
1011610* - WordPress 'WP Domain Redirect' Plugin SQL Injection Vulnerability (CVE-2021-24401)
1011600* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2021-24340)
1011708* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2022-4230)
1011473* - WordPress 'WP Statistics' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-25305)
1011584* - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
1011607* - WordPress 'WP iCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24402)
1011639* - WordPress 'WP-Board' Plugin SQL Injection Vulnerability (CVE-2021-24404)
1011582* - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)
1011697* - WordPress 'Zephyr Project Manager' Plugin SQL Injection Vulnerability (CVE-2022-2840)
1011401* - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)
1011433* - WordPress 'tatsu' Plugin Remote Code Execution Vulnerability (CVE-2021-25094)
1011452* - WordPress 'turn-off-comments-for-all-posts' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1192)
1011635* - WordPress 'youForms Free For CopeCart' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24596)
Web Server Common
1011414* - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)
Web Server HTTPS
1012222* - Cacti Stored Cross-Site Scripting Vulnerability (CVE-2024-43362)
1012188* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2024-6530)
1011406* - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
1012365 - Zabbix SQL Injection Vulnerability (CVE-2024-36465)
1012221* - Zimbra Collaboration Reflected Cross-Site Scripting Vulnerability (CVE-2024-50599)
dotCMS
1011460* - dotCMS Directory Traversal Vulnerability (CVE-2022-26352)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
JetBrains TeamCity
1012199* - JetBrains TeamCity Stored Cross-Site Scripting Vulnerability (CVE-2024-47950)
MLflow
1012096* - MLflow Path Traversal Vulnerabilities (CVE-2023-6909 and CVE-2024-2928)
Mail Server Common
1012185* - Roundcube Webmail Information Disclosure Vulnerability (CVE-2024-42010)
Progress WhatsUp Gold
1012184* - Progress WhatsUp Gold Information Disclosure Vulnerability (CVE-2024-5010)
Web Application Common
1011468* - Horde Groupware Webmail Insecure Deserialization Vulnerability (CVE-2022-30287)
Web Application PHP Based
1011319* - WordPress '404 to 301' Plugin Blind SQL Injection Vulnerability (CVE-2015-9323)
1011392* - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
1011439* - WordPress 'Advanced Uploader' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1103)
1011425* - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
1011416* - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
1011426* - WordPress 'Blue Admin' Plugin Cross-Site Request Forgery Vulnerability (CVE-2021-24581)
1011358* - WordPress 'CP Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0448)
1011411* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
1011419* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
1011314* - WordPress 'Contact Form Check Tester' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24247)
1011450* - WordPress 'Copy & Delete Posts' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-43408)
1011337* - WordPress 'Download Monitor' Plugin Cross-Site Scripting Vulnerability (CVE-2021-23174)
1011380* - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
1011405* - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
1011481* - WordPress 'Events Made Easy' Plugin SQL Injection Vulnerability (CVE-2022-1905)
1011465* - WordPress 'Google Tag Manager for WordPress' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1707)
1011356* - WordPress 'Header Footer Code Manager' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0710)
1011409* - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
1011431* - WordPress 'LayerSlider' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1153)
1011410* - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
1011353* - WordPress 'MasterStudy LMS' Plugin Admin Account Creation Vulnerability (CVE-2022-0441)
1011400* - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
1011388* - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
1011335* - WordPress 'Mortgage-Calculators-Wp' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24904)
1011334* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2021-25114)
1011387* - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
1011375* - WordPress 'Photoswipe Masonry Gallery' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0750)
1011320* - WordPress 'Post Grid' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24488)
1011489* - WordPress 'Random Banner' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0210)
1011467* - WordPress 'ReDi Restaurant Reservation' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24299)
1011393* - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)
1011446* - WordPress 'Responsive Menu' Plugin Authenticated Arbitrary File Upload Vulnerability (CVE-2021-24160)
1011423* - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
1011351* - WordPress 'TI WooCommerce Wishlist' Plugin SQL Injection Vulnerability (CVE-2022-0412)
1011610* - WordPress 'WP Domain Redirect' Plugin SQL Injection Vulnerability (CVE-2021-24401)
1011600* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2021-24340)
1011708* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2022-4230)
1011473* - WordPress 'WP Statistics' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-25305)
1011584* - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
1011607* - WordPress 'WP iCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24402)
1011639* - WordPress 'WP-Board' Plugin SQL Injection Vulnerability (CVE-2021-24404)
1011582* - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)
1011697* - WordPress 'Zephyr Project Manager' Plugin SQL Injection Vulnerability (CVE-2022-2840)
1011401* - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)
1011433* - WordPress 'tatsu' Plugin Remote Code Execution Vulnerability (CVE-2021-25094)
1011452* - WordPress 'turn-off-comments-for-all-posts' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1192)
1011635* - WordPress 'youForms Free For CopeCart' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24596)
Web Server Common
1011414* - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)
Web Server HTTPS
1012222* - Cacti Stored Cross-Site Scripting Vulnerability (CVE-2024-43362)
1012188* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2024-6530)
1011406* - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
1012365 - Zabbix SQL Injection Vulnerability (CVE-2024-36465)
1012221* - Zimbra Collaboration Reflected Cross-Site Scripting Vulnerability (CVE-2024-50599)
dotCMS
1011460* - dotCMS Directory Traversal Vulnerability (CVE-2022-26352)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1012187* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2024-43642)
HP Intelligent Management Center (IMC)
1012208* - Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-45195)
IBM WebSphere Application Server
1009803* - IBM Websphere Application Server Remote Code Execution Vulnerability (CVE-2019-4279)
Ivanti Avalanche
1012169* - Ivanti Avalanche Path Traversal Vulnerability (CVE-2024-47011)
JetBrains TeamCity
1012181* - JetBrains TeamCity Directory Traversal Vulnerability (CVE-2024-47949)
Web Application Common
1011155* - FlatCore CMS Remote Code Execution Vulnerability (CVE-2021-39608)
1010899* - LightCMS Stored Cross-Site Scripting Vulnerability (CVE-2021-3355)
1011101* - MODX Revolution Remote Code Execution Vulnerability (CVE-2018-1000207)
Web Application PHP Based
1012361 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4068)
1011278* - October CMS Security Bypass Vulnerability (CVE-2021-32648)
1011266* - WordPress 'All-In-One-Seo-Pack' Plugin Remote Code Execution Vulnerability (CVE-2021-24307)
1011074* - WordPress 'Backup Guard' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24155)
1011252* - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)
1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
1011302* - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)
1011296* - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
1010993* - WordPress 'Directories Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29304)
1011305* - WordPress 'Domain Check' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24926)
1011220* - WordPress 'Download Manager' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24773)
1011299* - WordPress 'Download Monitor' Plugin SQL Injection Vulnerability (CVE-2021-24786)
1011352* - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)
1011404* - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
1011407* - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
1012339 - WordPress 'WP Shortcodes' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2025-0370)
1011341* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-0651)
1011340* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25148)
1011347* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25149)
1011333* - WordPress 'WP Statistics' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2022-0513)
1011321* - WordPress 'WooCommerce Product Slider' Plugin Reflected Cross Site Vulnerability (CVE-2021-24300)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
1011298* - WordPress Core Post Slug Stored Cross-Site Scripting Vulnerability (CVE-2022-21662)
Web Server Common
1010905* - B2evolution CMS Open Redirect Vulnerability (CVE-2020-22840)
1010892* - B2evolution CMS Reflected Cross Site Scripting Vulnerability (CVE-2020-22839)
1010985* - Subrion CMS Remote Code Execution Vulnerability (CVE-2018-19422)
1011262* - SuiteCRM Remote Code Execution Vulnerability (CVE-2021-42840)
Web Server HTTPS
1012172* - Cacti Arbitrary File Write Vulnerability (CVE-2024-43363)
1012353 - Cacti SQL Injection Vulnerability (CVE-2024-54146)
1010935* - Joomla! CMS Stored Cross-Site Scripting Vulnerability (CVE-2021-26030)
Windows Services RPC Client DCERPC
1012178* - Identified Windows DCERPC AUTH LEVEL CONNECT Windows Remote Registry Request
Zoho ManageEngine
1012179* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2024-6748)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1012187* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2024-43642)
HP Intelligent Management Center (IMC)
1012208* - Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-45195)
IBM WebSphere Application Server
1009803* - IBM Websphere Application Server Remote Code Execution Vulnerability (CVE-2019-4279)
Ivanti Avalanche
1012169* - Ivanti Avalanche Path Traversal Vulnerability (CVE-2024-47011)
JetBrains TeamCity
1012181* - JetBrains TeamCity Directory Traversal Vulnerability (CVE-2024-47949)
Web Application Common
1011155* - FlatCore CMS Remote Code Execution Vulnerability (CVE-2021-39608)
1010899* - LightCMS Stored Cross-Site Scripting Vulnerability (CVE-2021-3355)
1011101* - MODX Revolution Remote Code Execution Vulnerability (CVE-2018-1000207)
Web Application PHP Based
1012361 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4068)
1011278* - October CMS Security Bypass Vulnerability (CVE-2021-32648)
1011266* - WordPress 'All-In-One-Seo-Pack' Plugin Remote Code Execution Vulnerability (CVE-2021-24307)
1011074* - WordPress 'Backup Guard' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24155)
1011252* - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)
1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
1011302* - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)
1011296* - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
1010993* - WordPress 'Directories Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29304)
1011305* - WordPress 'Domain Check' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24926)
1011220* - WordPress 'Download Manager' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24773)
1011299* - WordPress 'Download Monitor' Plugin SQL Injection Vulnerability (CVE-2021-24786)
1011352* - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)
1011404* - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
1011407* - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
1012339 - WordPress 'WP Shortcodes' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2025-0370)
1011341* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-0651)
1011340* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25148)
1011347* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25149)
1011333* - WordPress 'WP Statistics' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2022-0513)
1011321* - WordPress 'WooCommerce Product Slider' Plugin Reflected Cross Site Vulnerability (CVE-2021-24300)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
1011298* - WordPress Core Post Slug Stored Cross-Site Scripting Vulnerability (CVE-2022-21662)
Web Server Common
1010905* - B2evolution CMS Open Redirect Vulnerability (CVE-2020-22840)
1010892* - B2evolution CMS Reflected Cross Site Scripting Vulnerability (CVE-2020-22839)
1010985* - Subrion CMS Remote Code Execution Vulnerability (CVE-2018-19422)
1011262* - SuiteCRM Remote Code Execution Vulnerability (CVE-2021-42840)
Web Server HTTPS
1012172* - Cacti Arbitrary File Write Vulnerability (CVE-2024-43363)
1012353 - Cacti SQL Injection Vulnerability (CVE-2024-54146)
1010935* - Joomla! CMS Stored Cross-Site Scripting Vulnerability (CVE-2021-26030)
Windows Services RPC Client DCERPC
1012178* - Identified Windows DCERPC AUTH LEVEL CONNECT Windows Remote Registry Request
Zoho ManageEngine
1012179* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2024-6748)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.