Deep Security Center
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
DCERPC Services - Client
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
DHCP Server
1001173* - ISC DHCPD Server Remote Stack Corruption Vulnerability
DNS Client
1002988* - Multiple Vendors libspf2 DNS TXT Record Parsing Buffer Overflow
Database MySQL
1005045* - MySQL Database Server Possible Login Brute Force Attempt (ATT&CK T1110)
Database Oracle
1000407* - Oracle Database Server Buffer Overflow In Interval And Timestamp Functions
1000840* - Oracle Database Server Generic SQL Injection Detection
Gogs
1012331 - Gogs Path Traversal Vulnerability (CVE-2024-55947)
SSL/TLS Server
1006293* - Detected SSLv3 Request (ATT&CK T1573.002)
1006297* - Identified CBC Based Cipher Suite In SSLv3 Response (ATT&CK T1573.002)
Suspicious Client Application Activity
1010770* - Identified UDP Trojan SSHDoor C&C Traffic
Suspicious Client Ransomware Activity
1010767* - Identified HTTP Backdoor Kobalos C&C Traffic
Wazuh
1012332 - Wazuh Insecure Deserialization Vulnerability (CVE-2025-24016)
Web Application Common
1012333 - Microsoft .NET Framework Information Disclosure Vulnerability (CVE-2024-29059)
1010344* - ThinkPHP Remote Code Execution Vulnerability (CVE-2019-9082 and CVE-2018-20062)
Web Application PHP Based
1012337 - GLPI SQL Injection Vulnerability (CVE-2025-24799)
1012341 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2025-23200)
1012265* - WordPress 'White Label CMS' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0422)
Web Application Ruby Based
1005350* - Ruby On Rails JSON Parser Remote Code Execution Vulnerability
1005331* - Ruby On Rails XML Processor YAML Deserialization DoS
Web Server Common
1009889* - Atlassian Crowd Remote Code Execution Vulnerability (CVE-2019-11580)
1006241* - Restrict Content-Length Header Value
Web Server HTTPS
1006741* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Server (ATT&CK T1573.002)
1006562* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Request (ATT&CK T1573.002)
Web Server IIS
1004409* - Microsoft .NET Framework ASP.NET 'Padding Oracle' Information Disclosure Vulnerability
Web Server IIS HTTPS
1006357* - Microsoft Schannel Remote Code Execution Vulnerability (CVE-2014-6321) - 1
Web Server Miscellaneous
1006744* - Jetty Httpd HttpParser Memory Information Disclosure Vulnerability (CVE-2015-2080)
Web Server RealVNC
1008557* - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)
Windows SMB Server
1012318 - Identified Possible Ransomware File Rename Activity Over Network Share - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
DCERPC Services - Client
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
DHCP Server
1001173* - ISC DHCPD Server Remote Stack Corruption Vulnerability
DNS Client
1002988* - Multiple Vendors libspf2 DNS TXT Record Parsing Buffer Overflow
Database MySQL
1005045* - MySQL Database Server Possible Login Brute Force Attempt (ATT&CK T1110)
Database Oracle
1000407* - Oracle Database Server Buffer Overflow In Interval And Timestamp Functions
1000840* - Oracle Database Server Generic SQL Injection Detection
Gogs
1012331 - Gogs Path Traversal Vulnerability (CVE-2024-55947)
SSL/TLS Server
1006293* - Detected SSLv3 Request (ATT&CK T1573.002)
1006297* - Identified CBC Based Cipher Suite In SSLv3 Response (ATT&CK T1573.002)
Suspicious Client Application Activity
1010770* - Identified UDP Trojan SSHDoor C&C Traffic
Suspicious Client Ransomware Activity
1010767* - Identified HTTP Backdoor Kobalos C&C Traffic
Wazuh
1012332 - Wazuh Insecure Deserialization Vulnerability (CVE-2025-24016)
Web Application Common
1012333 - Microsoft .NET Framework Information Disclosure Vulnerability (CVE-2024-29059)
1010344* - ThinkPHP Remote Code Execution Vulnerability (CVE-2019-9082 and CVE-2018-20062)
Web Application PHP Based
1012337 - GLPI SQL Injection Vulnerability (CVE-2025-24799)
1012341 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2025-23200)
1012265* - WordPress 'White Label CMS' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0422)
Web Application Ruby Based
1005350* - Ruby On Rails JSON Parser Remote Code Execution Vulnerability
1005331* - Ruby On Rails XML Processor YAML Deserialization DoS
Web Server Common
1009889* - Atlassian Crowd Remote Code Execution Vulnerability (CVE-2019-11580)
1006241* - Restrict Content-Length Header Value
Web Server HTTPS
1006741* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Server (ATT&CK T1573.002)
1006562* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Request (ATT&CK T1573.002)
Web Server IIS
1004409* - Microsoft .NET Framework ASP.NET 'Padding Oracle' Information Disclosure Vulnerability
Web Server IIS HTTPS
1006357* - Microsoft Schannel Remote Code Execution Vulnerability (CVE-2014-6321) - 1
Web Server Miscellaneous
1006744* - Jetty Httpd HttpParser Memory Information Disclosure Vulnerability (CVE-2015-2080)
Web Server RealVNC
1008557* - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)
Windows SMB Server
1012318 - Identified Possible Ransomware File Rename Activity Over Network Share - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache OpenJPA TCPRemoteCommitProvider
1012321 - Apache OpenMeetings Insecure Deserialization Vulnerability (CVE-2024-54676)
Kerberos KDC Client
1012338 - Microsoft Windows Defender Credential Guard Security Feature Bypass Vulnerability (CVE-2025-29809)
Kerberos KDC Server
1012336 - Microsoft Windows Kerberos Security Feature Bypass Vulnerability (CVE-2025-29809)
SimpleHelp Server
1012326 - SimpleHelp Directory Traversal Vulnerability (CVE-2024-57727)
WSO2
1012249* - WSO2 Multiple Products Arbitrary File Upload Vulnerability (CVE-2024-7074)
Web Client HTTPS
1012328 - Ivanti Endpoint Manager Unrestricted File Upload Vulnerability (CVE-2024-13171)
Web Server HTTPS
1012322 - Apache Camel Command Injection Vulnerabilities (CVE-2025-29891 and CVE-2025-27636)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Apache OpenJPA TCPRemoteCommitProvider
1012321 - Apache OpenMeetings Insecure Deserialization Vulnerability (CVE-2024-54676)
Kerberos KDC Client
1012338 - Microsoft Windows Defender Credential Guard Security Feature Bypass Vulnerability (CVE-2025-29809)
Kerberos KDC Server
1012336 - Microsoft Windows Kerberos Security Feature Bypass Vulnerability (CVE-2025-29809)
SimpleHelp Server
1012326 - SimpleHelp Directory Traversal Vulnerability (CVE-2024-57727)
WSO2
1012249* - WSO2 Multiple Products Arbitrary File Upload Vulnerability (CVE-2024-7074)
Web Client HTTPS
1012328 - Ivanti Endpoint Manager Unrestricted File Upload Vulnerability (CVE-2024-13171)
Web Server HTTPS
1012322 - Apache Camel Command Injection Vulnerabilities (CVE-2025-29891 and CVE-2025-27636)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1012183* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over SMB (ZDI-25-148)
Redis Server
1012286 - Redis Use After Free Vulnerability (CVE-2024-46981)
Remote Desktop Server Websocket
1012325 - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2024-49116)
Web Application PHP Based
1012281 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-49754)
Web Application Tomcat
1012330 - Apache Tomcat Path Equivalence Vulnerability (CVE-2025-24813)
Web Client Common
1012182* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over HTTP (ZDI-25-148)
Web Server HTTPS
1012066* - PHP-CGI Argument Injection Vulnerability (CVE-2024-4577)
1012292* - Zabbix SQL Injection Vulnerability (CVE-2024-42327)
Web Server Miscellaneous
1012315 - Zimbra Collaboration SQL Injection Vulnerability (CVE-2025-25064)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services - Client
1012183* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over SMB (ZDI-25-148)
Redis Server
1012286 - Redis Use After Free Vulnerability (CVE-2024-46981)
Remote Desktop Server Websocket
1012325 - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2024-49116)
Web Application PHP Based
1012281 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-49754)
Web Application Tomcat
1012330 - Apache Tomcat Path Equivalence Vulnerability (CVE-2025-24813)
Web Client Common
1012182* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over HTTP (ZDI-25-148)
Web Server HTTPS
1012066* - PHP-CGI Argument Injection Vulnerability (CVE-2024-4577)
1012292* - Zabbix SQL Injection Vulnerability (CVE-2024-42327)
Web Server Miscellaneous
1012315 - Zimbra Collaboration SQL Injection Vulnerability (CVE-2025-25064)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
CyberPanel
1012299 - CyberPanel Remote Code Execution Vulnerability (CVE-2024-53376)
DCERPC Services - Client
1012183* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over SMB (ZDI-25-148)
Directory Client LDAP TCP
1012276* - Microsoft Windows LDAP Integer Overflow Vulnerability (CVE-2024-49112)
HPE Insight Remote Support
1012317 - HPE Insight Remote Support XML External Entity Injection Vulnerability (CVE-2024-53675)
Web Application Common
1012324 - Vercel Next.js Authorization Bypass Vulnerability (CVE-2025-29927)
Web Application PHP Based
1012285 - Clinic's Patient Management System Remote Code Execution Vulnerability (CVE-2022-40471)
1012307 - WordPress 'Tutor LMS' Plugin SQL Injection Vulnerability (CVE-2024-10400)
Web Client Common
1012182* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over HTTP (ZDI-25-148)
Web Server HTTPS
1012319 - Centreon SQL Injection Vulnerability (CVE-2024-55573)
1012066* - PHP-CGI Argument Injection Vulnerability (CVE-2024-4577)
1012320 - WordPress 'KiviCare' Plugin SQL Injection Vulnerability (CVE-2024-11728)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
CyberPanel
1012299 - CyberPanel Remote Code Execution Vulnerability (CVE-2024-53376)
DCERPC Services - Client
1012183* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over SMB (ZDI-25-148)
Directory Client LDAP TCP
1012276* - Microsoft Windows LDAP Integer Overflow Vulnerability (CVE-2024-49112)
HPE Insight Remote Support
1012317 - HPE Insight Remote Support XML External Entity Injection Vulnerability (CVE-2024-53675)
Web Application Common
1012324 - Vercel Next.js Authorization Bypass Vulnerability (CVE-2025-29927)
Web Application PHP Based
1012285 - Clinic's Patient Management System Remote Code Execution Vulnerability (CVE-2022-40471)
1012307 - WordPress 'Tutor LMS' Plugin SQL Injection Vulnerability (CVE-2024-10400)
Web Client Common
1012182* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over HTTP (ZDI-25-148)
Web Server HTTPS
1012319 - Centreon SQL Injection Vulnerability (CVE-2024-55573)
1012066* - PHP-CGI Argument Injection Vulnerability (CVE-2024-4577)
1012320 - WordPress 'KiviCare' Plugin SQL Injection Vulnerability (CVE-2024-11728)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Directory Server LDAP
1012309 - OpenLDAP SQL Injection Vulnerability (CVE-2022-29155)
Ivanti Endpoint Manager
1012149* - Ivanti Endpoint Manager Multiple SQL Injection Vulnerabilities - 1
1012253* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32848)
1012283 - Ivanti Endpoint Manager Untrusted Search Path Vulnerability (CVE-2024-13158)
SolarWinds Orion Platform
1012316 - SolarWinds Orion Platform Server-Side Request Forgery Vulnerability (CVE-2024-52606)
Web Application PHP Based
1012308 - WordPress 'Hunk Companion' Plugin Broken Access Control Vulnerability (CVE-2024-11972)
1012313 - WordPress 'Ultimate Exporter' Plugin Command Injection Vulnerability (CVE-2024-56278)
Web Client HTTPS
1012220 - Ivanti Endpoint Manager Multiple Directory Traversal Vulnerabilities
Web Server HTTPS
1012292 - Zabbix SQL Injection Vulnerability (CVE-2024-42327)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Directory Server LDAP
1012309 - OpenLDAP SQL Injection Vulnerability (CVE-2022-29155)
Ivanti Endpoint Manager
1012149* - Ivanti Endpoint Manager Multiple SQL Injection Vulnerabilities - 1
1012253* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32848)
1012283 - Ivanti Endpoint Manager Untrusted Search Path Vulnerability (CVE-2024-13158)
SolarWinds Orion Platform
1012316 - SolarWinds Orion Platform Server-Side Request Forgery Vulnerability (CVE-2024-52606)
Web Application PHP Based
1012308 - WordPress 'Hunk Companion' Plugin Broken Access Control Vulnerability (CVE-2024-11972)
1012313 - WordPress 'Ultimate Exporter' Plugin Command Injection Vulnerability (CVE-2024-56278)
Web Client HTTPS
1012220 - Ivanti Endpoint Manager Multiple Directory Traversal Vulnerabilities
Web Server HTTPS
1012292 - Zabbix SQL Injection Vulnerability (CVE-2024-42327)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
CyberPanel
1012300 - CyberPanel Command Injection Vulnerability (CVE-2024-51378)
HPE Insight Remote Support
1012304 - HPE Insight Remote Support Directory Traversal Vulnerability (CVE-2024-53676)
OpenSSL
1012310 - OpenSSL Denial of Service Vulnerability (CVE-2024-6119) - Server
OpenSSL Client
1012311 - OpenSSL Denial of Service Vulnerability (CVE-2024-6119) - Client
Web Application Common
1012290 - Pandora FMS Command Injection Vulnerability (CVE-2024-11320)
Web Application PHP Based
1012279 - WordPress 'WP Time Capsule' Plugin Arbitrary File Upload Vulnerability (CVE-2024-8856)
Web Proxy Squid
1012273* - Squid Proxy Denial Of Service Vulnerability (CVE-2024-45802)
Web Server Apache
1012305 - Chamilo Command Injection Vulnerabilities (CVE-2023-34960 and CVE-2023-3368)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
CyberPanel
1012300 - CyberPanel Command Injection Vulnerability (CVE-2024-51378)
HPE Insight Remote Support
1012304 - HPE Insight Remote Support Directory Traversal Vulnerability (CVE-2024-53676)
OpenSSL
1012310 - OpenSSL Denial of Service Vulnerability (CVE-2024-6119) - Server
OpenSSL Client
1012311 - OpenSSL Denial of Service Vulnerability (CVE-2024-6119) - Client
Web Application Common
1012290 - Pandora FMS Command Injection Vulnerability (CVE-2024-11320)
Web Application PHP Based
1012279 - WordPress 'WP Time Capsule' Plugin Arbitrary File Upload Vulnerability (CVE-2024-8856)
Web Proxy Squid
1012273* - Squid Proxy Denial Of Service Vulnerability (CVE-2024-45802)
Web Server Apache
1012305 - Chamilo Command Injection Vulnerabilities (CVE-2023-34960 and CVE-2023-3368)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Ivanti Avalanche
1012296 - Ivanti Avalanche Path Traversal Vulnerability (CVE-2024-13179)
Ivanti Endpoint Manager
1012271* - Ivanti Endpoint Manager Multiple Denial Of Service Vulnerabilities
1012278 - Ivanti Endpoint Manager Multiple Denial Of Service Vulnerabilities (CVE-2024-13170 and CVE-2024-13167)
1012253 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32848)
JetBrains TeamCity
1012297 - JetBrains TeamCity Cross-Site Scripting Vulnerability (CVE-2025-24459)
Solr Service
1012291* - Apache Solr Directory Traversal Vulnerability (CVE-2024-52012)
Web Application PHP Based
1012097* - LibreNMS SQL Injection Vulnerability (CVE-2024-32461)
1012301 - WordPress 'Quiz Maker' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2023-2571)
1012226 - WordPress 'wpForo' Plugin Local File Inclusion Vulnerability (CVE-2023-2249)
Web Client Common
1008828* - Speculative Execution Information Disclosure Vulnerabilities (Spectre)
Web Server HTTPS
1012284 - Apache Traffic Control SQL Injection Vulnerability (CVE-2024-45387)
Web Server Miscellaneous
1012303 - XWiki Code Injection Vulnerability (CVE-2025-24893)
Windows Server DCERPC
1012209* - Microsoft Windows Remote Desktop Licensing Service Denial of Service Vulnerability (CVE-2024-38071)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Ivanti Avalanche
1012296 - Ivanti Avalanche Path Traversal Vulnerability (CVE-2024-13179)
Ivanti Endpoint Manager
1012271* - Ivanti Endpoint Manager Multiple Denial Of Service Vulnerabilities
1012278 - Ivanti Endpoint Manager Multiple Denial Of Service Vulnerabilities (CVE-2024-13170 and CVE-2024-13167)
1012253 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32848)
JetBrains TeamCity
1012297 - JetBrains TeamCity Cross-Site Scripting Vulnerability (CVE-2025-24459)
Solr Service
1012291* - Apache Solr Directory Traversal Vulnerability (CVE-2024-52012)
Web Application PHP Based
1012097* - LibreNMS SQL Injection Vulnerability (CVE-2024-32461)
1012301 - WordPress 'Quiz Maker' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2023-2571)
1012226 - WordPress 'wpForo' Plugin Local File Inclusion Vulnerability (CVE-2023-2249)
Web Client Common
1008828* - Speculative Execution Information Disclosure Vulnerabilities (Spectre)
Web Server HTTPS
1012284 - Apache Traffic Control SQL Injection Vulnerability (CVE-2024-45387)
Web Server Miscellaneous
1012303 - XWiki Code Injection Vulnerability (CVE-2025-24893)
Windows Server DCERPC
1012209* - Microsoft Windows Remote Desktop Licensing Service Denial of Service Vulnerability (CVE-2024-38071)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Ivanti Avalanche
1012298 - Ivanti Avalanche Authentication Bypass Vulnerability (CVE-2024-13181)
Ivanti Endpoint Manager
1012271 - Ivanti Endpoint Manager Multiple Denial Of Service Vulnerabilities
Solr Service
1012280 - Apache Solr Authentication Bypass Vulnerability (CVE-2024-45216)
1012291 - Apache Solr Directory Traversal Vulnerability (CVE-2025-52012)
Web Client Common
1012282* - Microsoft Windows Themes Spoofing Vulnerability (CVE-2025-21308)
Integrity Monitoring Rules:
1012288 - Vulnerability - Microsoft Windows Active Directory Elevation of Privilege (CVE-2025-21293) (ATT&CK T1112, T1546.003, T1574.011)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Ivanti Avalanche
1012298 - Ivanti Avalanche Authentication Bypass Vulnerability (CVE-2024-13181)
Ivanti Endpoint Manager
1012271 - Ivanti Endpoint Manager Multiple Denial Of Service Vulnerabilities
Solr Service
1012280 - Apache Solr Authentication Bypass Vulnerability (CVE-2024-45216)
1012291 - Apache Solr Directory Traversal Vulnerability (CVE-2025-52012)
Web Client Common
1012282* - Microsoft Windows Themes Spoofing Vulnerability (CVE-2025-21308)
Integrity Monitoring Rules:
1012288 - Vulnerability - Microsoft Windows Active Directory Elevation of Privilege (CVE-2025-21293) (ATT&CK T1112, T1546.003, T1574.011)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Directory Client LDAP TCP
1012276 - Microsoft Windows LDAP Integer Overflow Vulnerability (CVE-2024-49112)
Microsoft Configuration Manager
1012289 - Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)
Progress WhatsUp Gold
1012287 - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-12105)
Web Application PHP Based
1012265 - WordPress 'White Label MS' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0422)
Web Client Common
1012282 - Microsoft Windows Themes Spoofing Vulnerability (CVE-2025-21308)
Web Server Miscellaneous
1012248 - Jenkins 'Simple Queue' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2024-54003)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Directory Client LDAP TCP
1012276 - Microsoft Windows LDAP Integer Overflow Vulnerability (CVE-2024-49112)
Microsoft Configuration Manager
1012289 - Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)
Progress WhatsUp Gold
1012287 - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-12105)
Web Application PHP Based
1012265 - WordPress 'White Label MS' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0422)
Web Client Common
1012282 - Microsoft Windows Themes Spoofing Vulnerability (CVE-2025-21308)
Web Server Miscellaneous
1012248 - Jenkins 'Simple Queue' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2024-54003)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
MyQ Print Server
1012268 - MyQ Print Server Remote Code Execution Vulnerability (CVE-2024-28059)
Progress WhatsUp Gold
1012237 - Progress WhatsUp Gold SQL Injection Vulnerability (CVE-2024-46905)
Trend Micro Common
1012272 - Trend Micro Multiple Products Path Traversal Vulnerabilities
Web Application PHP Based
1011999* - BoidCMS Command Injection Vulnerability (CVE-2023-38836)
1012021* - Grav CMS Directory Traversal Vulnerability (CVE-2024-27921)
1012073* - LibreNMS Cross-Site Scripting Vulnerability (CVE-2024-32479)
1011993* - LibreNMS SQL Injection Vulnerability (CVE-2023-5591)
1012260 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-50352)
1012277 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-53457)
1011975* - WordPress 'Backup Migration' Plugin Command Injection Vulnerability (CVE-2023-7002)
1012067* - WordPress 'Forminator' Plugin SQL Injection Vulnerability (CVE-2024-31077)
1012014* - WordPress 'LayerSlider' Plugin SQL Injection Vulnerability (CVE-2024-2879)
1011968* - WordPress 'LearnPress' Plugin SQL Injection Vulnerability (CVE-2023-6567)
1012005* - WordPress 'Popup Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2023-6000)
1012007* - WordPress 'Ultimate Member' Plugin SQL Injection Vulnerability (CVE-2024-1071)
1012045* - WordPress 'WPvivid Backup' Plugin Insecure Deserialization Vulnerability (CVE-2024-3054)
Web Application Tomcat
1012274 - Apache Tomcat Race Condition Vulnerability (CVE-2024-50379 and CVE-2024-56337)
Web Server HTTPS
1012255 - GFI Archiver Telerik Web UI Remote Code Execution Vulnerability (CVE-2024-11948)
1012051* - WordPress Core Cross-Site Scripting Vulnerability (CVE-2024-4439)
Web Server Miscellaneous
1011948* - Ivanti Avalanche Multiple Remote Code Execution Vulnerabilities
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
MyQ Print Server
1012268 - MyQ Print Server Remote Code Execution Vulnerability (CVE-2024-28059)
Progress WhatsUp Gold
1012237 - Progress WhatsUp Gold SQL Injection Vulnerability (CVE-2024-46905)
Trend Micro Common
1012272 - Trend Micro Multiple Products Path Traversal Vulnerabilities
Web Application PHP Based
1011999* - BoidCMS Command Injection Vulnerability (CVE-2023-38836)
1012021* - Grav CMS Directory Traversal Vulnerability (CVE-2024-27921)
1012073* - LibreNMS Cross-Site Scripting Vulnerability (CVE-2024-32479)
1011993* - LibreNMS SQL Injection Vulnerability (CVE-2023-5591)
1012260 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-50352)
1012277 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-53457)
1011975* - WordPress 'Backup Migration' Plugin Command Injection Vulnerability (CVE-2023-7002)
1012067* - WordPress 'Forminator' Plugin SQL Injection Vulnerability (CVE-2024-31077)
1012014* - WordPress 'LayerSlider' Plugin SQL Injection Vulnerability (CVE-2024-2879)
1011968* - WordPress 'LearnPress' Plugin SQL Injection Vulnerability (CVE-2023-6567)
1012005* - WordPress 'Popup Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2023-6000)
1012007* - WordPress 'Ultimate Member' Plugin SQL Injection Vulnerability (CVE-2024-1071)
1012045* - WordPress 'WPvivid Backup' Plugin Insecure Deserialization Vulnerability (CVE-2024-3054)
Web Application Tomcat
1012274 - Apache Tomcat Race Condition Vulnerability (CVE-2024-50379 and CVE-2024-56337)
Web Server HTTPS
1012255 - GFI Archiver Telerik Web UI Remote Code Execution Vulnerability (CVE-2024-11948)
1012051* - WordPress Core Cross-Site Scripting Vulnerability (CVE-2024-4439)
Web Server Miscellaneous
1011948* - Ivanti Avalanche Multiple Remote Code Execution Vulnerabilities
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more