Deep Security Center
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Ivanti Avalanche
1012298* - Ivanti Avalanche Authentication Bypass Vulnerability (CVE-2024-13181)
Ivanti Endpoint Manager
1012207* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50330)
Microsoft Configuration Manager
1012289* - Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)
MyQ Print Server
1012268* - MyQ Print Server Remote Code Execution Vulnerability (CVE-2024-28059)
Solr Service
1012291* - Apache Solr Directory Traversal Vulnerability (CVE-2024-52012)
Web Application Common
1011718* - ThinkPHP SQL Injection Vulnerability (CVE-2021-44350)
Web Application PHP Based
1011689* - LibreNMS Cross-Site Scripting Vulnerability (CVE-2022-4069)
1011644* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4067)
1012260* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-50352)
1011736* - OpenCATS Cross-Site Scripting Vulnerability (CVE-2023-27293)
1011772* - Pimcore SQL Injection Vulnerability (CVE-2023-1578)
1011613* - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011641* - WordPress 'Availability Calendar' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24604)
1011537* - WordPress 'BackupBuddy' Plugin Directory Traversal Vulnerability (CVE-2022-31474)
1011611* - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011629* - WordPress 'Donate With QRCode' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24618)
1011754* - WordPress 'Duplicator' Plugin Information Disclosure Vulnerability (CVE-2022-2551)
1011604* - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011605* - WordPress 'EventON Calendar' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2020-29395)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617* - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011561* - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)
1011643* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2020-35589)
1011634* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24657)
1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
1011747* - WordPress 'Metform Elementor Contact Form Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2023-0084)
1011602* - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
1011599* - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011603* - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
1011615* - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011714* - WordPress 'Paid Memberships Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2022-4830)
1011695* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2023-23488)
1011609* - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606* - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011638* - WordPress 'Responsive 3D Slider' Plugin SQL Injection Vulnerability (CVE-2021-24398)
1011528* - WordPress 'Simple File List' Plugin Directory Traversal Vulnerability (CVE-2022-1119)
1011637* - WordPress 'Simple School Staff Directory' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24663)
1011621* - WordPress 'Snap Creek Duplicator' Plugin Directory Traversal Vulnerability (CVE-2020-11738)
1011632* - WordPress 'Splash Header' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24587)
1011618* - WordPress 'Support Board' Plugin SQL Injection Vulnerability (CVE-2021-24741)
1011612* - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011636* - WordPress 'ThinkTwit' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24582)
1009644* - WordPress 'W3 Total Cache' Plugin Arbitrary File Read Vulnerability (CVE-2019-6715)
1011622* - WordPress 'WP Dialog' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24600)
1012368 - WordPress 'WP Hotel Booking' Plugin SQL Injection Vulnerability (CVE-2023-5652)
1011620* - WordPress Directory Traversal Vulnerability (CVE-2019-8943)
Web Application Tomcat
1012369 - vBulletin Remote Code Execution Vulnerability (CVE-2025-48828)
Web Server Common
1011690* - dotCMS Directory Traversal Vulnerability (CVE-2022-45783)
Web Server HTTPS
1012371 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47865)
1012372 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47867)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Ivanti Avalanche
1012298* - Ivanti Avalanche Authentication Bypass Vulnerability (CVE-2024-13181)
Ivanti Endpoint Manager
1012207* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50330)
Microsoft Configuration Manager
1012289* - Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)
MyQ Print Server
1012268* - MyQ Print Server Remote Code Execution Vulnerability (CVE-2024-28059)
Solr Service
1012291* - Apache Solr Directory Traversal Vulnerability (CVE-2024-52012)
Web Application Common
1011718* - ThinkPHP SQL Injection Vulnerability (CVE-2021-44350)
Web Application PHP Based
1011689* - LibreNMS Cross-Site Scripting Vulnerability (CVE-2022-4069)
1011644* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4067)
1012260* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-50352)
1011736* - OpenCATS Cross-Site Scripting Vulnerability (CVE-2023-27293)
1011772* - Pimcore SQL Injection Vulnerability (CVE-2023-1578)
1011613* - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011641* - WordPress 'Availability Calendar' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24604)
1011537* - WordPress 'BackupBuddy' Plugin Directory Traversal Vulnerability (CVE-2022-31474)
1011611* - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011629* - WordPress 'Donate With QRCode' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24618)
1011754* - WordPress 'Duplicator' Plugin Information Disclosure Vulnerability (CVE-2022-2551)
1011604* - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011605* - WordPress 'EventON Calendar' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2020-29395)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617* - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011561* - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)
1011643* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2020-35589)
1011634* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24657)
1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
1011747* - WordPress 'Metform Elementor Contact Form Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2023-0084)
1011602* - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
1011599* - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011603* - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
1011615* - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011714* - WordPress 'Paid Memberships Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2022-4830)
1011695* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2023-23488)
1011609* - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606* - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011638* - WordPress 'Responsive 3D Slider' Plugin SQL Injection Vulnerability (CVE-2021-24398)
1011528* - WordPress 'Simple File List' Plugin Directory Traversal Vulnerability (CVE-2022-1119)
1011637* - WordPress 'Simple School Staff Directory' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24663)
1011621* - WordPress 'Snap Creek Duplicator' Plugin Directory Traversal Vulnerability (CVE-2020-11738)
1011632* - WordPress 'Splash Header' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24587)
1011618* - WordPress 'Support Board' Plugin SQL Injection Vulnerability (CVE-2021-24741)
1011612* - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011636* - WordPress 'ThinkTwit' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24582)
1009644* - WordPress 'W3 Total Cache' Plugin Arbitrary File Read Vulnerability (CVE-2019-6715)
1011622* - WordPress 'WP Dialog' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24600)
1012368 - WordPress 'WP Hotel Booking' Plugin SQL Injection Vulnerability (CVE-2023-5652)
1011620* - WordPress Directory Traversal Vulnerability (CVE-2019-8943)
Web Application Tomcat
1012369 - vBulletin Remote Code Execution Vulnerability (CVE-2025-48828)
Web Server Common
1011690* - dotCMS Directory Traversal Vulnerability (CVE-2022-45783)
Web Server HTTPS
1012371 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47865)
1012372 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47867)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
JetBrains TeamCity
1012199* - JetBrains TeamCity Stored Cross-Site Scripting Vulnerability (CVE-2024-47950)
MLflow
1012096* - MLflow Path Traversal Vulnerabilities (CVE-2023-6909 and CVE-2024-2928)
Mail Server Common
1012185* - Roundcube Webmail Information Disclosure Vulnerability (CVE-2024-42010)
Progress WhatsUp Gold
1012184* - Progress WhatsUp Gold Information Disclosure Vulnerability (CVE-2024-5010)
Web Application Common
1011468* - Horde Groupware Webmail Insecure Deserialization Vulnerability (CVE-2022-30287)
Web Application PHP Based
1011319* - WordPress '404 to 301' Plugin Blind SQL Injection Vulnerability (CVE-2015-9323)
1011392* - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
1011439* - WordPress 'Advanced Uploader' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1103)
1011425* - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
1011416* - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
1011426* - WordPress 'Blue Admin' Plugin Cross-Site Request Forgery Vulnerability (CVE-2021-24581)
1011358* - WordPress 'CP Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0448)
1011411* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
1011419* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
1011314* - WordPress 'Contact Form Check Tester' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24247)
1011450* - WordPress 'Copy & Delete Posts' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-43408)
1011337* - WordPress 'Download Monitor' Plugin Cross-Site Scripting Vulnerability (CVE-2021-23174)
1011380* - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
1011405* - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
1011481* - WordPress 'Events Made Easy' Plugin SQL Injection Vulnerability (CVE-2022-1905)
1011465* - WordPress 'Google Tag Manager for WordPress' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1707)
1011356* - WordPress 'Header Footer Code Manager' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0710)
1011409* - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
1011431* - WordPress 'LayerSlider' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1153)
1011410* - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
1011353* - WordPress 'MasterStudy LMS' Plugin Admin Account Creation Vulnerability (CVE-2022-0441)
1011400* - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
1011388* - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
1011335* - WordPress 'Mortgage-Calculators-Wp' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24904)
1011334* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2021-25114)
1011387* - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
1011375* - WordPress 'Photoswipe Masonry Gallery' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0750)
1011320* - WordPress 'Post Grid' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24488)
1011489* - WordPress 'Random Banner' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0210)
1011467* - WordPress 'ReDi Restaurant Reservation' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24299)
1011393* - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)
1011446* - WordPress 'Responsive Menu' Plugin Authenticated Arbitrary File Upload Vulnerability (CVE-2021-24160)
1011423* - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
1011351* - WordPress 'TI WooCommerce Wishlist' Plugin SQL Injection Vulnerability (CVE-2022-0412)
1011610* - WordPress 'WP Domain Redirect' Plugin SQL Injection Vulnerability (CVE-2021-24401)
1011600* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2021-24340)
1011708* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2022-4230)
1011473* - WordPress 'WP Statistics' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-25305)
1011584* - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
1011607* - WordPress 'WP iCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24402)
1011639* - WordPress 'WP-Board' Plugin SQL Injection Vulnerability (CVE-2021-24404)
1011582* - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)
1011697* - WordPress 'Zephyr Project Manager' Plugin SQL Injection Vulnerability (CVE-2022-2840)
1011401* - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)
1011433* - WordPress 'tatsu' Plugin Remote Code Execution Vulnerability (CVE-2021-25094)
1011452* - WordPress 'turn-off-comments-for-all-posts' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1192)
1011635* - WordPress 'youForms Free For CopeCart' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24596)
Web Server Common
1011414* - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)
Web Server HTTPS
1012222* - Cacti Stored Cross-Site Scripting Vulnerability (CVE-2024-43362)
1012188* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2024-6530)
1011406* - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
1012365 - Zabbix SQL Injection Vulnerability (CVE-2024-36465)
1012221* - Zimbra Collaboration Reflected Cross-Site Scripting Vulnerability (CVE-2024-50599)
dotCMS
1011460* - dotCMS Directory Traversal Vulnerability (CVE-2022-26352)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
JetBrains TeamCity
1012199* - JetBrains TeamCity Stored Cross-Site Scripting Vulnerability (CVE-2024-47950)
MLflow
1012096* - MLflow Path Traversal Vulnerabilities (CVE-2023-6909 and CVE-2024-2928)
Mail Server Common
1012185* - Roundcube Webmail Information Disclosure Vulnerability (CVE-2024-42010)
Progress WhatsUp Gold
1012184* - Progress WhatsUp Gold Information Disclosure Vulnerability (CVE-2024-5010)
Web Application Common
1011468* - Horde Groupware Webmail Insecure Deserialization Vulnerability (CVE-2022-30287)
Web Application PHP Based
1011319* - WordPress '404 to 301' Plugin Blind SQL Injection Vulnerability (CVE-2015-9323)
1011392* - WordPress 'Ad Inserter' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0901)
1011439* - WordPress 'Advanced Uploader' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1103)
1011425* - WordPress 'Anti-Malware Security And Brute-Force Firewall' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0953)
1011416* - WordPress 'Astro Pro Addon' Plugin Unauthenticated SQL Injection Vulnerability (CVE-2021-24507)
1011426* - WordPress 'Blue Admin' Plugin Cross-Site Request Forgery Vulnerability (CVE-2021-24581)
1011358* - WordPress 'CP Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0448)
1011411* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28221)
1011419* - WordPress 'CleanTalk AntiSpam' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-28222)
1011314* - WordPress 'Contact Form Check Tester' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24247)
1011450* - WordPress 'Copy & Delete Posts' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-43408)
1011337* - WordPress 'Download Monitor' Plugin Cross-Site Scripting Vulnerability (CVE-2021-23174)
1011380* - WordPress 'Easy Cookies Policy' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24405)
1011405* - WordPress 'Elementor Website Builder' Plugin Arbitrary File Upload Vulnerability (CVE-2022-1329)
1011481* - WordPress 'Events Made Easy' Plugin SQL Injection Vulnerability (CVE-2022-1905)
1011465* - WordPress 'Google Tag Manager for WordPress' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1707)
1011356* - WordPress 'Header Footer Code Manager' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0710)
1011409* - WordPress 'Hummingbird' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0994)
1011431* - WordPress 'LayerSlider' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1153)
1011410* - WordPress 'Loco Translate' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0765)
1011353* - WordPress 'MasterStudy LMS' Plugin Admin Account Creation Vulnerability (CVE-2022-0441)
1011400* - WordPress 'Modern Events Calendar Lite' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0364)
1011388* - WordPress 'Modern Events Calendar Lite' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2021-24946)
1011335* - WordPress 'Mortgage-Calculators-Wp' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24904)
1011334* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2021-25114)
1011387* - WordPress 'Photo Gallery' Plugin SQL Injection Vulnerability (CVE-2022-0169)
1011375* - WordPress 'Photoswipe Masonry Gallery' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0750)
1011320* - WordPress 'Post Grid' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24488)
1011489* - WordPress 'Random Banner' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-0210)
1011467* - WordPress 'ReDi Restaurant Reservation' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24299)
1011393* - WordPress 'RegistrationMagic' Plugin Authenticated SQL Injection Vulnerability (CVE-2021-24862)
1011446* - WordPress 'Responsive Menu' Plugin Authenticated Arbitrary File Upload Vulnerability (CVE-2021-24160)
1011423* - WordPress 'SiteGround Security' Plugin Authentication Bypass Vulnerability (CVE-2022-0993)
1011351* - WordPress 'TI WooCommerce Wishlist' Plugin SQL Injection Vulnerability (CVE-2022-0412)
1011610* - WordPress 'WP Domain Redirect' Plugin SQL Injection Vulnerability (CVE-2021-24401)
1011600* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2021-24340)
1011708* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2022-4230)
1011473* - WordPress 'WP Statistics' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2022-25305)
1011584* - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
1011607* - WordPress 'WP iCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24402)
1011639* - WordPress 'WP-Board' Plugin SQL Injection Vulnerability (CVE-2021-24404)
1011582* - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)
1011697* - WordPress 'Zephyr Project Manager' Plugin SQL Injection Vulnerability (CVE-2022-2840)
1011401* - WordPress 'iQ Block Country' Plugin Arbitrary File Deletion Vulnerability (CVE-2022-0246)
1011433* - WordPress 'tatsu' Plugin Remote Code Execution Vulnerability (CVE-2021-25094)
1011452* - WordPress 'turn-off-comments-for-all-posts' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-1192)
1011635* - WordPress 'youForms Free For CopeCart' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24596)
Web Server Common
1011414* - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)
Web Server HTTPS
1012222* - Cacti Stored Cross-Site Scripting Vulnerability (CVE-2024-43362)
1012188* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2024-6530)
1011406* - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
1012365 - Zabbix SQL Injection Vulnerability (CVE-2024-36465)
1012221* - Zimbra Collaboration Reflected Cross-Site Scripting Vulnerability (CVE-2024-50599)
dotCMS
1011460* - dotCMS Directory Traversal Vulnerability (CVE-2022-26352)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1012187* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2024-43642)
HP Intelligent Management Center (IMC)
1012208* - Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-45195)
IBM WebSphere Application Server
1009803* - IBM Websphere Application Server Remote Code Execution Vulnerability (CVE-2019-4279)
Ivanti Avalanche
1012169* - Ivanti Avalanche Path Traversal Vulnerability (CVE-2024-47011)
JetBrains TeamCity
1012181* - JetBrains TeamCity Directory Traversal Vulnerability (CVE-2024-47949)
Web Application Common
1011155* - FlatCore CMS Remote Code Execution Vulnerability (CVE-2021-39608)
1010899* - LightCMS Stored Cross-Site Scripting Vulnerability (CVE-2021-3355)
1011101* - MODX Revolution Remote Code Execution Vulnerability (CVE-2018-1000207)
Web Application PHP Based
1012361 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4068)
1011278* - October CMS Security Bypass Vulnerability (CVE-2021-32648)
1011266* - WordPress 'All-In-One-Seo-Pack' Plugin Remote Code Execution Vulnerability (CVE-2021-24307)
1011074* - WordPress 'Backup Guard' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24155)
1011252* - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)
1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
1011302* - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)
1011296* - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
1010993* - WordPress 'Directories Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29304)
1011305* - WordPress 'Domain Check' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24926)
1011220* - WordPress 'Download Manager' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24773)
1011299* - WordPress 'Download Monitor' Plugin SQL Injection Vulnerability (CVE-2021-24786)
1011352* - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)
1011404* - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
1011407* - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
1012339 - WordPress 'WP Shortcodes' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2025-0370)
1011341* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-0651)
1011340* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25148)
1011347* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25149)
1011333* - WordPress 'WP Statistics' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2022-0513)
1011321* - WordPress 'WooCommerce Product Slider' Plugin Reflected Cross Site Vulnerability (CVE-2021-24300)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
1011298* - WordPress Core Post Slug Stored Cross-Site Scripting Vulnerability (CVE-2022-21662)
Web Server Common
1010905* - B2evolution CMS Open Redirect Vulnerability (CVE-2020-22840)
1010892* - B2evolution CMS Reflected Cross Site Scripting Vulnerability (CVE-2020-22839)
1010985* - Subrion CMS Remote Code Execution Vulnerability (CVE-2018-19422)
1011262* - SuiteCRM Remote Code Execution Vulnerability (CVE-2021-42840)
Web Server HTTPS
1012172* - Cacti Arbitrary File Write Vulnerability (CVE-2024-43363)
1012353 - Cacti SQL Injection Vulnerability (CVE-2024-54146)
1010935* - Joomla! CMS Stored Cross-Site Scripting Vulnerability (CVE-2021-26030)
Windows Services RPC Client DCERPC
1012178* - Identified Windows DCERPC AUTH LEVEL CONNECT Windows Remote Registry Request
Zoho ManageEngine
1012179* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2024-6748)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1012187* - Microsoft Windows SMB Denial of Service Vulnerability (CVE-2024-43642)
HP Intelligent Management Center (IMC)
1012208* - Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-45195)
IBM WebSphere Application Server
1009803* - IBM Websphere Application Server Remote Code Execution Vulnerability (CVE-2019-4279)
Ivanti Avalanche
1012169* - Ivanti Avalanche Path Traversal Vulnerability (CVE-2024-47011)
JetBrains TeamCity
1012181* - JetBrains TeamCity Directory Traversal Vulnerability (CVE-2024-47949)
Web Application Common
1011155* - FlatCore CMS Remote Code Execution Vulnerability (CVE-2021-39608)
1010899* - LightCMS Stored Cross-Site Scripting Vulnerability (CVE-2021-3355)
1011101* - MODX Revolution Remote Code Execution Vulnerability (CVE-2018-1000207)
Web Application PHP Based
1012361 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4068)
1011278* - October CMS Security Bypass Vulnerability (CVE-2021-32648)
1011266* - WordPress 'All-In-One-Seo-Pack' Plugin Remote Code Execution Vulnerability (CVE-2021-24307)
1011074* - WordPress 'Backup Guard' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24155)
1011252* - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)
1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
1011302* - WordPress 'Contact Form 7' plugin Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2021-25080)
1011296* - WordPress 'Contact Form Entries' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-25079)
1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
1010993* - WordPress 'Directories Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29304)
1011305* - WordPress 'Domain Check' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24926)
1011220* - WordPress 'Download Manager' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24773)
1011299* - WordPress 'Download Monitor' Plugin SQL Injection Vulnerability (CVE-2021-24786)
1011352* - WordPress 'Titan Labs Security Audit' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24901)
1011404* - WordPress 'UpdraftPlus' Plugin Cross-Site Scripting Vulnerability (CVE-2022-0864)
1011407* - WordPress 'WP Downgrade' Plugin Cross-Site Scripting Vulnerability (CVE-2022-1001)
1012339 - WordPress 'WP Shortcodes' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2025-0370)
1011341* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-0651)
1011340* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25148)
1011347* - WordPress 'WP Statistics' Plugin Blind SQL Injection Vulnerability (CVE-2022-25149)
1011333* - WordPress 'WP Statistics' Plugin Unauthenticated Blind SQL Injection Vulnerability (CVE-2022-0513)
1011321* - WordPress 'WooCommerce Product Slider' Plugin Reflected Cross Site Vulnerability (CVE-2021-24300)
1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)
1011298* - WordPress Core Post Slug Stored Cross-Site Scripting Vulnerability (CVE-2022-21662)
Web Server Common
1010905* - B2evolution CMS Open Redirect Vulnerability (CVE-2020-22840)
1010892* - B2evolution CMS Reflected Cross Site Scripting Vulnerability (CVE-2020-22839)
1010985* - Subrion CMS Remote Code Execution Vulnerability (CVE-2018-19422)
1011262* - SuiteCRM Remote Code Execution Vulnerability (CVE-2021-42840)
Web Server HTTPS
1012172* - Cacti Arbitrary File Write Vulnerability (CVE-2024-43363)
1012353 - Cacti SQL Injection Vulnerability (CVE-2024-54146)
1010935* - Joomla! CMS Stored Cross-Site Scripting Vulnerability (CVE-2021-26030)
Windows Services RPC Client DCERPC
1012178* - Identified Windows DCERPC AUTH LEVEL CONNECT Windows Remote Registry Request
Zoho ManageEngine
1012179* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2024-6748)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Java RMI
1009451* - Java Unserialize Remote Code Execution Vulnerability Over RMI
WSO2
1012342 - WSO2 API Manager Documentation Arbitrary File Upload Vulnerability
Web Application Common
1010750* - Zend Framework Deserialization Remote Code Execution Vulnerability (CVE-2021-3007)
Web Application PHP Based
1010886* - Batflat CMS Remote Code Execution Vulnerability (CVE-2020-35734)
1008970* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)
1009054* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7602)
1011261* - WordPress 'DZS Zoomsounds' Plugin Directory Traversal Vulnerability (CVE-2021-39316)
1011287* - WordPress 'Frontend Uploader' Plugin Cross Site Scripting Vulnerability (CVE-2021-24563)
1011060* - WordPress 'LearnPress' Plugin Blind SQL Injection Vulnerability (CVE-2020-6010)
1011209* - WordPress 'LearnPress' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-39348)
1011325* - WordPress 'Perfect Survey' Plugin SQL Injection Vulnerability (CVE-2021-24762)
1011015* - WordPress 'Poll, Survey, Questionnaire and Voting system' Plugin Blind SQL Injection Vulnerability
1011264* - WordPress 'Popular Posts' Plugin Arbitrary File Upload Vulnerability (CVE-2021-42362)
1011143* - WordPress 'ProfilePress' Plugin Privilege Escalation Vulnerability (CVE-2021-34621)
1011173* - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
1011056* - WordPress 'SP Project & Document Manager' Plugin Remote Code Execution Vulnerability (CVE-2021-24347)
1011174* - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)
1011169* - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
1011168* - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)
1011172* - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)
1011286* - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011324* - WordPress 'WP User Frontend' Plugin SQL Injection Vulnerability (CVE-2021-25076)
1011165* - WordPress 'Woo-Order-Export-Lite' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24169)
1011283* - WordPress 'Wp-Stats-Manager' Plugin SQL Injection Vulnerability (CVE-2021-24750)
1011043* - WordPress 'XCloner' Plugin Remote Code Execution Vulnerability (CVE-2020-35948)
1011193* - WordPress 'iThemes Security' Plugin SQL Injection Vulnerability (CVE-2018-12636)
1010982* - WordPress 'wpDiscuz' Plugin Remote Code Execution Vulnerability (CVE-2020-24186)
1010942* - WordPress XML External Entity Injection Vulnerability (CVE-2021-29447)
Web Server Common
1010737* - CMS Made Simple 'Showtime2' Reflected Cross Site Scripting Vulnerability (CVE-2020-20138)
1010885* - CMS Made Simple Smarty Server-side Template Injection Vulnerability (CVE-2021-26120)
1010802* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2008-6178)
Web Server HTTPS
1012354 - Craft CMS Remote Code Execution Vulnerability (CVE-2025-32432)
1010795* - Joomla CMS Cross-Site Scripting Vulnerability (CVE-2021-23124)
1012357 - SysAid Server Multiple XML External Entity Injection Vulnerabilities
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Java RMI
1009451* - Java Unserialize Remote Code Execution Vulnerability Over RMI
WSO2
1012342 - WSO2 API Manager Documentation Arbitrary File Upload Vulnerability
Web Application Common
1010750* - Zend Framework Deserialization Remote Code Execution Vulnerability (CVE-2021-3007)
Web Application PHP Based
1010886* - Batflat CMS Remote Code Execution Vulnerability (CVE-2020-35734)
1008970* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)
1009054* - Drupal Core Remote Code Execution Vulnerability (CVE-2018-7602)
1011261* - WordPress 'DZS Zoomsounds' Plugin Directory Traversal Vulnerability (CVE-2021-39316)
1011287* - WordPress 'Frontend Uploader' Plugin Cross Site Scripting Vulnerability (CVE-2021-24563)
1011060* - WordPress 'LearnPress' Plugin Blind SQL Injection Vulnerability (CVE-2020-6010)
1011209* - WordPress 'LearnPress' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-39348)
1011325* - WordPress 'Perfect Survey' Plugin SQL Injection Vulnerability (CVE-2021-24762)
1011015* - WordPress 'Poll, Survey, Questionnaire and Voting system' Plugin Blind SQL Injection Vulnerability
1011264* - WordPress 'Popular Posts' Plugin Arbitrary File Upload Vulnerability (CVE-2021-42362)
1011143* - WordPress 'ProfilePress' Plugin Privilege Escalation Vulnerability (CVE-2021-34621)
1011173* - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
1011056* - WordPress 'SP Project & Document Manager' Plugin Remote Code Execution Vulnerability (CVE-2021-24347)
1011174* - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)
1011169* - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
1011168* - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)
1011172* - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)
1011286* - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
1011324* - WordPress 'WP User Frontend' Plugin SQL Injection Vulnerability (CVE-2021-25076)
1011165* - WordPress 'Woo-Order-Export-Lite' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24169)
1011283* - WordPress 'Wp-Stats-Manager' Plugin SQL Injection Vulnerability (CVE-2021-24750)
1011043* - WordPress 'XCloner' Plugin Remote Code Execution Vulnerability (CVE-2020-35948)
1011193* - WordPress 'iThemes Security' Plugin SQL Injection Vulnerability (CVE-2018-12636)
1010982* - WordPress 'wpDiscuz' Plugin Remote Code Execution Vulnerability (CVE-2020-24186)
1010942* - WordPress XML External Entity Injection Vulnerability (CVE-2021-29447)
Web Server Common
1010737* - CMS Made Simple 'Showtime2' Reflected Cross Site Scripting Vulnerability (CVE-2020-20138)
1010885* - CMS Made Simple Smarty Server-side Template Injection Vulnerability (CVE-2021-26120)
1010802* - FCKeditor Plugin Arbitrary File Upload Vulnerability (CVE-2008-6178)
Web Server HTTPS
1012354 - Craft CMS Remote Code Execution Vulnerability (CVE-2025-32432)
1010795* - Joomla CMS Cross-Site Scripting Vulnerability (CVE-2021-23124)
1012357 - SysAid Server Multiple XML External Entity Injection Vulnerabilities
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
CyberPanel
1012299* - CyberPanel Remote Code Execution Vulnerability (CVE-2024-53376)
Web Application Common
1010661* - BlackCat CMS Cross-Site Request Forgery Bypass Vulnerability (CVE-2020-25453)
1010663* - Bludit CMS Brute Force Bypass Vulnerability (CVE-2019-17240)
1010529* - CutePHP CuteNews Remote Code Execution Vulnerability (CVE-2019-11447)
1009630* - DotNetNuke Remote Code Execution Vulnerability (CVE-2017-9822)
1010668* - FUEL CMS Remote Code Execution Vulnerability (CVE-2018-16763)
1012352 - Pandora FMS Command Injection Vulnerability (CVE-2024-12971)
Web Application PHP Based
1007459* - Drupal XRDS Document Denial Of Service Vulnerability (CVE-2014-5267)
1010543* - GNUBoard 'ajax.autosave.php' SQL Injection Vulnerability (CVE-2014-2339)
1010542* - GNUBoard 'tb.php' SQL Injection Vulnerability (CVE-2011-4066)
1010545* - GNUBoard Local File Inclusion Vulnerability (EDB-ID-7927)
1010547* - GNUBoard Remote Code Execution Vulnerability (KVE-2018-0449 and KVE-2018-0441)
1010544* - GNUBoard SQL Injection Vulnerability (EDB-ID-7927)
1010931* - GetSimple CMS Cross Site Scripting Vulnerability (CVE-2020-23839)
1010564* - Joomla Arbitrary File Upload Vulnerability (CVE-2020-23972)
1010212* - LibreNMS Collectd Command Injection Vulnerability (CVE-2019-10669)
1012341* - LibreNMS Stored Cross-Site Scripting Vulnerabilities (CVE-2025-23199 and CVE-2025-23200)
1006656* - Magento Admin Authentication Bypass Vulnerability
1007641* - Magento Unauthenticated Arbitrary File Write Vulnerability (CVE-2016-4010)
1007252* - PHP jui_filter_rule Parsing Library Remote Code Execution Vulnerability
1012279* - WordPress 'WP Time Capsule' Plugin Arbitrary File Upload Vulnerability (CVE-2024-8856)
1006097* - phpMyAdmin 'server_databases.php' Remote Command Execution Vulnerability
Web Server Common
1010412* - Bolt CMS Authenticated Remote Code Execution Vulnerability
1010097* - CMS Made Simple (CMSMS) Remote Code Execution Vulnerability (CVE-2019-9692)
1010082* - CMS Made Simple Authenticated RCE Via Object Injection Vulnerability (CVE-2019-9055)
1010323* - Gila CMS Image Upload Remote Code Execution Vulnerability (CVE-2020-5514)
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)
Web Server HTTPS
1012350 - Cacti Arbitrary File Read Vulnerability (CVE-2024-45598)
1010723* - Identified Generic PHP Webshell Payload Over HTTP
1010718* - Joomla CMS 'mod_random_image' Stored Cross-Site Scripting Vulnerability (CVE-2020-15696)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
CyberPanel
1012299* - CyberPanel Remote Code Execution Vulnerability (CVE-2024-53376)
Web Application Common
1010661* - BlackCat CMS Cross-Site Request Forgery Bypass Vulnerability (CVE-2020-25453)
1010663* - Bludit CMS Brute Force Bypass Vulnerability (CVE-2019-17240)
1010529* - CutePHP CuteNews Remote Code Execution Vulnerability (CVE-2019-11447)
1009630* - DotNetNuke Remote Code Execution Vulnerability (CVE-2017-9822)
1010668* - FUEL CMS Remote Code Execution Vulnerability (CVE-2018-16763)
1012352 - Pandora FMS Command Injection Vulnerability (CVE-2024-12971)
Web Application PHP Based
1007459* - Drupal XRDS Document Denial Of Service Vulnerability (CVE-2014-5267)
1010543* - GNUBoard 'ajax.autosave.php' SQL Injection Vulnerability (CVE-2014-2339)
1010542* - GNUBoard 'tb.php' SQL Injection Vulnerability (CVE-2011-4066)
1010545* - GNUBoard Local File Inclusion Vulnerability (EDB-ID-7927)
1010547* - GNUBoard Remote Code Execution Vulnerability (KVE-2018-0449 and KVE-2018-0441)
1010544* - GNUBoard SQL Injection Vulnerability (EDB-ID-7927)
1010931* - GetSimple CMS Cross Site Scripting Vulnerability (CVE-2020-23839)
1010564* - Joomla Arbitrary File Upload Vulnerability (CVE-2020-23972)
1010212* - LibreNMS Collectd Command Injection Vulnerability (CVE-2019-10669)
1012341* - LibreNMS Stored Cross-Site Scripting Vulnerabilities (CVE-2025-23199 and CVE-2025-23200)
1006656* - Magento Admin Authentication Bypass Vulnerability
1007641* - Magento Unauthenticated Arbitrary File Write Vulnerability (CVE-2016-4010)
1007252* - PHP jui_filter_rule Parsing Library Remote Code Execution Vulnerability
1012279* - WordPress 'WP Time Capsule' Plugin Arbitrary File Upload Vulnerability (CVE-2024-8856)
1006097* - phpMyAdmin 'server_databases.php' Remote Command Execution Vulnerability
Web Server Common
1010412* - Bolt CMS Authenticated Remote Code Execution Vulnerability
1010097* - CMS Made Simple (CMSMS) Remote Code Execution Vulnerability (CVE-2019-9692)
1010082* - CMS Made Simple Authenticated RCE Via Object Injection Vulnerability (CVE-2019-9055)
1010323* - Gila CMS Image Upload Remote Code Execution Vulnerability (CVE-2020-5514)
1010264* - dotCMS CMSFilter Improper Access Control RCE Vulnerability (CVE-2020-6754)
Web Server HTTPS
1012350 - Cacti Arbitrary File Read Vulnerability (CVE-2024-45598)
1010723* - Identified Generic PHP Webshell Payload Over HTTP
1010718* - Joomla CMS 'mod_random_image' Stored Cross-Site Scripting Vulnerability (CVE-2020-15696)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Ivanti Endpoint Manager
1012253* - Ivanti Endpoint Manager SQL Injection Vulnerabilities (CVE-2024-32848 and CVE-2024-13162)
1012346 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-34781)
1012345 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2025-22461)
Web Application Common
1010023* - October CMS Upload Protection Bypass Code Execution Vulnerability (CVE-2017-1000119)
1010036* - SDCMS Remote Code Execution Vulnerability (CVE-2018-19520)
1012348 - ZendTo Remote Code Execution Vulnerability (CVE-2021-47667)
Web Application PHP Based
1009720* - Drupal Core Cross-Site Scripting Vulnerability (CVE-2019-6341)
1009541* - Drupal Core Remote Code Execution Vulnerability (CVE-2019-6340)
1009157* - Joomla Component Ekrishta SQL Injection Vulnerability (CVE-2018-12254)
1009308* - Moodle PHP Unserialize Remote Code Execution Vulnerability (CVE-2018-14630)
1010338* - PHP-Fusion Administration Banner Stored Cross-Site Scripting Vulnerability (CVE-2020-12438)
1010281* - Rank Math Wordpress SEO Plugin 'updateMeta' Privilege Escalation Vulnerability (CVE-2020-11514)
1012344 - WordPress 'Beautiful Taxonomy Filters' Plugin SQL Injection Vulnerability (CVE-2024-12270)
1010705* - WordPress 'Canto' Plugin Multiple Server-Side Request Forgery Vulnerabilities
1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)
1010194* - WordPress 'GDPR Cookie Consent Plugin' Stored Cross-Site Scripting Vulnerability
1010551* - WordPress 'SupportCandy Plugin' Arbitrary File Upload Vulnerability (CVE-2019-11223)
1010683* - WordPress 'Ultimate Member' Plugin Multiple Privilege Escalation Vulnerabilities
1010499* - WordPress 'WP EasyCart Plugin' Shell Upload Vulnerability (CVE-2014-9308)
1012347 - WordPress 'WP Load Gallery' Plugin Arbitrary File Upload Vulnerability (CVE-2025-23942)
1010359* - WordPress 'bbPress' Plugin Unauthenticated Privilege Escalation Vulnerability (CVE-2020-13693)
1010375* - WordPress 10Web Photo Gallery Plugin SQL Injection Vulnerability
1009776* - WordPress Comment Field Remote Code Execution Vulnerability (CVE-2019-9787)
1009617* - WordPress Easy SMTP Plugin Unauthenticated Arbitrary 'wp_options' Import Vulnerability
1010172* - WordPress InfiniteWP And Time Capsule Plugin Client Authentication Bypass Vulnerability (CVE-2020-8771)
1008148* - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
1009751* - WordPress PayPal Checkout Payment Gateway Plugin Parameter Tampering Vulnerability (CVE-2019-7441)
1010122* - WordPress Plainview Activity Monitor Plugin Remote Code Execution Vulnerability (CVE-2018-15877)
1010341* - Wordpress Drag and Drop Multi File Uploader Remote Code Execution Vulnerability (CVE-2020-12800)
1010648* - Wordpress Woody Ad Snippets Plugin Remote Code Execution Vulnerability (CVE-2019-15858)
Web Application Tomcat
1000697* - Directory Listing in Apache Tomcat 5.x.x
Web Server Adobe ColdFusion
1012011* - Adobe ColdFusion Directory Traversal Vulnerabilities (CVE-2024-20767 and CVE-2024-53961)
Web Server HTTPS
1012314 - Cacti CRLF Injection Vulnerability (CVE-2025-24367)
Web Server Miscellaneous
1012335 - CrushFTP Authentication Bypass Vulnerability (CVE-2025-2825 and CVE-2025-31161)
pgAdmin
1012349 - pgAdmin Remote Code Execution Vulnerability (CVE-2025-2945)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Ivanti Endpoint Manager
1012253* - Ivanti Endpoint Manager SQL Injection Vulnerabilities (CVE-2024-32848 and CVE-2024-13162)
1012346 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-34781)
1012345 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2025-22461)
Web Application Common
1010023* - October CMS Upload Protection Bypass Code Execution Vulnerability (CVE-2017-1000119)
1010036* - SDCMS Remote Code Execution Vulnerability (CVE-2018-19520)
1012348 - ZendTo Remote Code Execution Vulnerability (CVE-2021-47667)
Web Application PHP Based
1009720* - Drupal Core Cross-Site Scripting Vulnerability (CVE-2019-6341)
1009541* - Drupal Core Remote Code Execution Vulnerability (CVE-2019-6340)
1009157* - Joomla Component Ekrishta SQL Injection Vulnerability (CVE-2018-12254)
1009308* - Moodle PHP Unserialize Remote Code Execution Vulnerability (CVE-2018-14630)
1010338* - PHP-Fusion Administration Banner Stored Cross-Site Scripting Vulnerability (CVE-2020-12438)
1010281* - Rank Math Wordpress SEO Plugin 'updateMeta' Privilege Escalation Vulnerability (CVE-2020-11514)
1012344 - WordPress 'Beautiful Taxonomy Filters' Plugin SQL Injection Vulnerability (CVE-2024-12270)
1010705* - WordPress 'Canto' Plugin Multiple Server-Side Request Forgery Vulnerabilities
1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)
1010194* - WordPress 'GDPR Cookie Consent Plugin' Stored Cross-Site Scripting Vulnerability
1010551* - WordPress 'SupportCandy Plugin' Arbitrary File Upload Vulnerability (CVE-2019-11223)
1010683* - WordPress 'Ultimate Member' Plugin Multiple Privilege Escalation Vulnerabilities
1010499* - WordPress 'WP EasyCart Plugin' Shell Upload Vulnerability (CVE-2014-9308)
1012347 - WordPress 'WP Load Gallery' Plugin Arbitrary File Upload Vulnerability (CVE-2025-23942)
1010359* - WordPress 'bbPress' Plugin Unauthenticated Privilege Escalation Vulnerability (CVE-2020-13693)
1010375* - WordPress 10Web Photo Gallery Plugin SQL Injection Vulnerability
1009776* - WordPress Comment Field Remote Code Execution Vulnerability (CVE-2019-9787)
1009617* - WordPress Easy SMTP Plugin Unauthenticated Arbitrary 'wp_options' Import Vulnerability
1010172* - WordPress InfiniteWP And Time Capsule Plugin Client Authentication Bypass Vulnerability (CVE-2020-8771)
1008148* - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
1009751* - WordPress PayPal Checkout Payment Gateway Plugin Parameter Tampering Vulnerability (CVE-2019-7441)
1010122* - WordPress Plainview Activity Monitor Plugin Remote Code Execution Vulnerability (CVE-2018-15877)
1010341* - Wordpress Drag and Drop Multi File Uploader Remote Code Execution Vulnerability (CVE-2020-12800)
1010648* - Wordpress Woody Ad Snippets Plugin Remote Code Execution Vulnerability (CVE-2019-15858)
Web Application Tomcat
1000697* - Directory Listing in Apache Tomcat 5.x.x
Web Server Adobe ColdFusion
1012011* - Adobe ColdFusion Directory Traversal Vulnerabilities (CVE-2024-20767 and CVE-2024-53961)
Web Server HTTPS
1012314 - Cacti CRLF Injection Vulnerability (CVE-2025-24367)
Web Server Miscellaneous
1012335 - CrushFTP Authentication Bypass Vulnerability (CVE-2025-2825 and CVE-2025-31161)
pgAdmin
1012349 - pgAdmin Remote Code Execution Vulnerability (CVE-2025-2945)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
SAP NetWeaver Visual Composer
1012351 - SAP NetWeaver Visual Composer Unrestricted File Upload Vulnerability (CVE-2025-31324)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
SAP NetWeaver Visual Composer
1012351 - SAP NetWeaver Visual Composer Unrestricted File Upload Vulnerability (CVE-2025-31324)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1009717* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability Over SMB
Gogs
1012334 - Gogs Arbitrary File Delete Vulnerability (CVE-2024-39931)
HPE Insight Remote Support Client
1012323 - HPE Insight Remote Support XML External Entity Injection Vulnerability (CVE-2024-11622)
SSL Client
1006740* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Client (ATT&CK T1573.002)
1006561* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Response (ATT&CK T1573.002)
Web Application PHP Based
1012148* - SPIP Remote Code Execution Vulnerability (CVE-2024-7954)
1012106* - WordPress 'Hash Form' Plugin Arbitrary File Upload Vulnerability (CVE-2024-5084)
1012343 - WordPress 'WP Umbrella' Plugin Local File Inclusion Vulnerability (CVE-2024-12209)
1009631* - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)
1009487* - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)
Web Application Ruby Based
1005328* - Ruby On Rails XML Processor YAML Deserialization Code Execution Vulnerability
Web Application Tomcat
1002691* - Apache Tomcat Directory Traversal Vulnerability
1000697* - Directory Listing in Apache Tomcat 5.x.x
Web Client Common
1005386* - Identified Java Exploit
1008297* - Identified Suspicious RTF File With Obfuscated PowerShell Execution (ATT&CK T1027, T1204.002, T1059.001)
1006742* - Identified Suspicious User Agent In Outgoing HTTP Request
1009714* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability
1009489* - Microsoft Windows Vcf And Contact File Insufficient UI Warning Remote Code Execution Vulnerability
Web Client Internet Explorer/Edge
1004121* - Identified Obfuscated JavaScript For Internet Explorer
1009640* - Microsoft Edge And Internet Explorer Same Origin Policy Bypass Vulnerabilities
1004328* - Windows Live MSN ActiveX Remote Code Execution
Web Client SSL
1006296* - Detected SSLv3 Response (ATT&CK T1573.002)
1004790* - Identified Diginotar Certificate
1005307* - Identified Fraudulent Digital Certificate
1006606* - Identified Fraudulent Digital Certificate - 1
1005040* - Identified Revoked Certificate Authority In SSL Traffic (ATT&CK T1573.002)
Web Server Common
1010405* - JAWS Remote Code Execution Vulnerability
1003816* - Web Services On Devices API Memory Corruption Vulnerability
Web Server HTTPS
1012255* - GFI Archiver Telerik Web UI Remote Code Execution Vulnerability (CVE-2024-11948)
1011519* - Node.js HTTP Request Smuggling Attack (CVE-2022-32214)
Web Server Miscellaneous
1010729* - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14179)
Web Server Nagios
1012329 - Nagios XI SQL Injection Vulnerability (CVE-2023-48084)
Windows Server DCERPC
1012340 - Microsoft Windows Remote Desktop Licensing Service Path Traversal Vulnerability (CVE-2024-38258)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services - Client
1009717* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability Over SMB
Gogs
1012334 - Gogs Arbitrary File Delete Vulnerability (CVE-2024-39931)
HPE Insight Remote Support Client
1012323 - HPE Insight Remote Support XML External Entity Injection Vulnerability (CVE-2024-11622)
SSL Client
1006740* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Client (ATT&CK T1573.002)
1006561* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Response (ATT&CK T1573.002)
Web Application PHP Based
1012148* - SPIP Remote Code Execution Vulnerability (CVE-2024-7954)
1012106* - WordPress 'Hash Form' Plugin Arbitrary File Upload Vulnerability (CVE-2024-5084)
1012343 - WordPress 'WP Umbrella' Plugin Local File Inclusion Vulnerability (CVE-2024-12209)
1009631* - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)
1009487* - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)
Web Application Ruby Based
1005328* - Ruby On Rails XML Processor YAML Deserialization Code Execution Vulnerability
Web Application Tomcat
1002691* - Apache Tomcat Directory Traversal Vulnerability
1000697* - Directory Listing in Apache Tomcat 5.x.x
Web Client Common
1005386* - Identified Java Exploit
1008297* - Identified Suspicious RTF File With Obfuscated PowerShell Execution (ATT&CK T1027, T1204.002, T1059.001)
1006742* - Identified Suspicious User Agent In Outgoing HTTP Request
1009714* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability
1009489* - Microsoft Windows Vcf And Contact File Insufficient UI Warning Remote Code Execution Vulnerability
Web Client Internet Explorer/Edge
1004121* - Identified Obfuscated JavaScript For Internet Explorer
1009640* - Microsoft Edge And Internet Explorer Same Origin Policy Bypass Vulnerabilities
1004328* - Windows Live MSN ActiveX Remote Code Execution
Web Client SSL
1006296* - Detected SSLv3 Response (ATT&CK T1573.002)
1004790* - Identified Diginotar Certificate
1005307* - Identified Fraudulent Digital Certificate
1006606* - Identified Fraudulent Digital Certificate - 1
1005040* - Identified Revoked Certificate Authority In SSL Traffic (ATT&CK T1573.002)
Web Server Common
1010405* - JAWS Remote Code Execution Vulnerability
1003816* - Web Services On Devices API Memory Corruption Vulnerability
Web Server HTTPS
1012255* - GFI Archiver Telerik Web UI Remote Code Execution Vulnerability (CVE-2024-11948)
1011519* - Node.js HTTP Request Smuggling Attack (CVE-2022-32214)
Web Server Miscellaneous
1010729* - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14179)
Web Server Nagios
1012329 - Nagios XI SQL Injection Vulnerability (CVE-2023-48084)
Windows Server DCERPC
1012340 - Microsoft Windows Remote Desktop Licensing Service Path Traversal Vulnerability (CVE-2024-38258)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
DCERPC Services - Client
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
DHCP Server
1001173* - ISC DHCPD Server Remote Stack Corruption Vulnerability
DNS Client
1002988* - Multiple Vendors libspf2 DNS TXT Record Parsing Buffer Overflow
Database MySQL
1005045* - MySQL Database Server Possible Login Brute Force Attempt (ATT&CK T1110)
Database Oracle
1000407* - Oracle Database Server Buffer Overflow In Interval And Timestamp Functions
1000840* - Oracle Database Server Generic SQL Injection Detection
Gogs
1012331 - Gogs Path Traversal Vulnerability (CVE-2024-55947)
SSL/TLS Server
1006293* - Detected SSLv3 Request (ATT&CK T1573.002)
1006297* - Identified CBC Based Cipher Suite In SSLv3 Response (ATT&CK T1573.002)
Suspicious Client Application Activity
1010770* - Identified UDP Trojan SSHDoor C&C Traffic
Suspicious Client Ransomware Activity
1010767* - Identified HTTP Backdoor Kobalos C&C Traffic
Wazuh
1012332 - Wazuh Insecure Deserialization Vulnerability (CVE-2025-24016)
Web Application Common
1012333 - Microsoft .NET Framework Information Disclosure Vulnerability (CVE-2024-29059)
1010344* - ThinkPHP Remote Code Execution Vulnerability (CVE-2019-9082 and CVE-2018-20062)
Web Application PHP Based
1012337 - GLPI SQL Injection Vulnerability (CVE-2025-24799)
1012341 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2025-23200)
1012265* - WordPress 'White Label CMS' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0422)
Web Application Ruby Based
1005350* - Ruby On Rails JSON Parser Remote Code Execution Vulnerability
1005331* - Ruby On Rails XML Processor YAML Deserialization DoS
Web Server Common
1009889* - Atlassian Crowd Remote Code Execution Vulnerability (CVE-2019-11580)
1006241* - Restrict Content-Length Header Value
Web Server HTTPS
1006741* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Server (ATT&CK T1573.002)
1006562* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Request (ATT&CK T1573.002)
Web Server IIS
1004409* - Microsoft .NET Framework ASP.NET 'Padding Oracle' Information Disclosure Vulnerability
Web Server IIS HTTPS
1006357* - Microsoft Schannel Remote Code Execution Vulnerability (CVE-2014-6321) - 1
Web Server Miscellaneous
1006744* - Jetty Httpd HttpParser Memory Information Disclosure Vulnerability (CVE-2015-2080)
Web Server RealVNC
1008557* - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)
Windows SMB Server
1012318 - Identified Possible Ransomware File Rename Activity Over Network Share - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
DCERPC Services - Client
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
DHCP Server
1001173* - ISC DHCPD Server Remote Stack Corruption Vulnerability
DNS Client
1002988* - Multiple Vendors libspf2 DNS TXT Record Parsing Buffer Overflow
Database MySQL
1005045* - MySQL Database Server Possible Login Brute Force Attempt (ATT&CK T1110)
Database Oracle
1000407* - Oracle Database Server Buffer Overflow In Interval And Timestamp Functions
1000840* - Oracle Database Server Generic SQL Injection Detection
Gogs
1012331 - Gogs Path Traversal Vulnerability (CVE-2024-55947)
SSL/TLS Server
1006293* - Detected SSLv3 Request (ATT&CK T1573.002)
1006297* - Identified CBC Based Cipher Suite In SSLv3 Response (ATT&CK T1573.002)
Suspicious Client Application Activity
1010770* - Identified UDP Trojan SSHDoor C&C Traffic
Suspicious Client Ransomware Activity
1010767* - Identified HTTP Backdoor Kobalos C&C Traffic
Wazuh
1012332 - Wazuh Insecure Deserialization Vulnerability (CVE-2025-24016)
Web Application Common
1012333 - Microsoft .NET Framework Information Disclosure Vulnerability (CVE-2024-29059)
1010344* - ThinkPHP Remote Code Execution Vulnerability (CVE-2019-9082 and CVE-2018-20062)
Web Application PHP Based
1012337 - GLPI SQL Injection Vulnerability (CVE-2025-24799)
1012341 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2025-23200)
1012265* - WordPress 'White Label CMS' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0422)
Web Application Ruby Based
1005350* - Ruby On Rails JSON Parser Remote Code Execution Vulnerability
1005331* - Ruby On Rails XML Processor YAML Deserialization DoS
Web Server Common
1009889* - Atlassian Crowd Remote Code Execution Vulnerability (CVE-2019-11580)
1006241* - Restrict Content-Length Header Value
Web Server HTTPS
1006741* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Server (ATT&CK T1573.002)
1006562* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Request (ATT&CK T1573.002)
Web Server IIS
1004409* - Microsoft .NET Framework ASP.NET 'Padding Oracle' Information Disclosure Vulnerability
Web Server IIS HTTPS
1006357* - Microsoft Schannel Remote Code Execution Vulnerability (CVE-2014-6321) - 1
Web Server Miscellaneous
1006744* - Jetty Httpd HttpParser Memory Information Disclosure Vulnerability (CVE-2015-2080)
Web Server RealVNC
1008557* - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)
Windows SMB Server
1012318 - Identified Possible Ransomware File Rename Activity Over Network Share - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache OpenJPA TCPRemoteCommitProvider
1012321 - Apache OpenMeetings Insecure Deserialization Vulnerability (CVE-2024-54676)
Kerberos KDC Client
1012338 - Microsoft Windows Defender Credential Guard Security Feature Bypass Vulnerability (CVE-2025-29809)
Kerberos KDC Server
1012336 - Microsoft Windows Kerberos Security Feature Bypass Vulnerability (CVE-2025-29809)
SimpleHelp Server
1012326 - SimpleHelp Directory Traversal Vulnerability (CVE-2024-57727)
WSO2
1012249* - WSO2 Multiple Products Arbitrary File Upload Vulnerability (CVE-2024-7074)
Web Client HTTPS
1012328 - Ivanti Endpoint Manager Unrestricted File Upload Vulnerability (CVE-2024-13171)
Web Server HTTPS
1012322 - Apache Camel Command Injection Vulnerabilities (CVE-2025-29891 and CVE-2025-27636)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Apache OpenJPA TCPRemoteCommitProvider
1012321 - Apache OpenMeetings Insecure Deserialization Vulnerability (CVE-2024-54676)
Kerberos KDC Client
1012338 - Microsoft Windows Defender Credential Guard Security Feature Bypass Vulnerability (CVE-2025-29809)
Kerberos KDC Server
1012336 - Microsoft Windows Kerberos Security Feature Bypass Vulnerability (CVE-2025-29809)
SimpleHelp Server
1012326 - SimpleHelp Directory Traversal Vulnerability (CVE-2024-57727)
WSO2
1012249* - WSO2 Multiple Products Arbitrary File Upload Vulnerability (CVE-2024-7074)
Web Client HTTPS
1012328 - Ivanti Endpoint Manager Unrestricted File Upload Vulnerability (CVE-2024-13171)
Web Server HTTPS
1012322 - Apache Camel Command Injection Vulnerabilities (CVE-2025-29891 and CVE-2025-27636)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more