Deep Security Center
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1009717* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability Over SMB
Gogs
1012334 - Gogs Arbitrary File Delete Vulnerability (CVE-2024-39931)
HPE Insight Remote Support Client
1012323 - HPE Insight Remote Support XML External Entity Injection Vulnerability (CVE-2024-11622)
SSL Client
1006740* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Client (ATT&CK T1573.002)
1006561* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Response (ATT&CK T1573.002)
Web Application PHP Based
1012148* - SPIP Remote Code Execution Vulnerability (CVE-2024-7954)
1012106* - WordPress 'Hash Form' Plugin Arbitrary File Upload Vulnerability (CVE-2024-5084)
1012343 - WordPress 'WP Umbrella' Plugin Local File Inclusion Vulnerability (CVE-2024-12209)
1009631* - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)
1009487* - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)
Web Application Ruby Based
1005328* - Ruby On Rails XML Processor YAML Deserialization Code Execution Vulnerability
Web Application Tomcat
1002691* - Apache Tomcat Directory Traversal Vulnerability
1000697* - Directory Listing in Apache Tomcat 5.x.x
Web Client Common
1005386* - Identified Java Exploit
1008297* - Identified Suspicious RTF File With Obfuscated PowerShell Execution (ATT&CK T1027, T1204.002, T1059.001)
1006742* - Identified Suspicious User Agent In Outgoing HTTP Request
1009714* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability
1009489* - Microsoft Windows Vcf And Contact File Insufficient UI Warning Remote Code Execution Vulnerability
Web Client Internet Explorer/Edge
1004121* - Identified Obfuscated JavaScript For Internet Explorer
1009640* - Microsoft Edge And Internet Explorer Same Origin Policy Bypass Vulnerabilities
1004328* - Windows Live MSN ActiveX Remote Code Execution
Web Client SSL
1006296* - Detected SSLv3 Response (ATT&CK T1573.002)
1004790* - Identified Diginotar Certificate
1005307* - Identified Fraudulent Digital Certificate
1006606* - Identified Fraudulent Digital Certificate - 1
1005040* - Identified Revoked Certificate Authority In SSL Traffic (ATT&CK T1573.002)
Web Server Common
1010405* - JAWS Remote Code Execution Vulnerability
1003816* - Web Services On Devices API Memory Corruption Vulnerability
Web Server HTTPS
1012255* - GFI Archiver Telerik Web UI Remote Code Execution Vulnerability (CVE-2024-11948)
1011519* - Node.js HTTP Request Smuggling Attack (CVE-2022-32214)
Web Server Miscellaneous
1010729* - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14179)
Web Server Nagios
1012329 - Nagios XI SQL Injection Vulnerability (CVE-2023-48084)
Windows Server DCERPC
1012340 - Microsoft Windows Remote Desktop Licensing Service Path Traversal Vulnerability (CVE-2024-38258)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services - Client
1009717* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability Over SMB
Gogs
1012334 - Gogs Arbitrary File Delete Vulnerability (CVE-2024-39931)
HPE Insight Remote Support Client
1012323 - HPE Insight Remote Support XML External Entity Injection Vulnerability (CVE-2024-11622)
SSL Client
1006740* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Client (ATT&CK T1573.002)
1006561* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Response (ATT&CK T1573.002)
Web Application PHP Based
1012148* - SPIP Remote Code Execution Vulnerability (CVE-2024-7954)
1012106* - WordPress 'Hash Form' Plugin Arbitrary File Upload Vulnerability (CVE-2024-5084)
1012343 - WordPress 'WP Umbrella' Plugin Local File Inclusion Vulnerability (CVE-2024-12209)
1009631* - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)
1009487* - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)
Web Application Ruby Based
1005328* - Ruby On Rails XML Processor YAML Deserialization Code Execution Vulnerability
Web Application Tomcat
1002691* - Apache Tomcat Directory Traversal Vulnerability
1000697* - Directory Listing in Apache Tomcat 5.x.x
Web Client Common
1005386* - Identified Java Exploit
1008297* - Identified Suspicious RTF File With Obfuscated PowerShell Execution (ATT&CK T1027, T1204.002, T1059.001)
1006742* - Identified Suspicious User Agent In Outgoing HTTP Request
1009714* - Microsoft Windows PowerShell ISE Filename Parsing Remote Code Execution Vulnerability
1009489* - Microsoft Windows Vcf And Contact File Insufficient UI Warning Remote Code Execution Vulnerability
Web Client Internet Explorer/Edge
1004121* - Identified Obfuscated JavaScript For Internet Explorer
1009640* - Microsoft Edge And Internet Explorer Same Origin Policy Bypass Vulnerabilities
1004328* - Windows Live MSN ActiveX Remote Code Execution
Web Client SSL
1006296* - Detected SSLv3 Response (ATT&CK T1573.002)
1004790* - Identified Diginotar Certificate
1005307* - Identified Fraudulent Digital Certificate
1006606* - Identified Fraudulent Digital Certificate - 1
1005040* - Identified Revoked Certificate Authority In SSL Traffic (ATT&CK T1573.002)
Web Server Common
1010405* - JAWS Remote Code Execution Vulnerability
1003816* - Web Services On Devices API Memory Corruption Vulnerability
Web Server HTTPS
1012255* - GFI Archiver Telerik Web UI Remote Code Execution Vulnerability (CVE-2024-11948)
1011519* - Node.js HTTP Request Smuggling Attack (CVE-2022-32214)
Web Server Miscellaneous
1010729* - Atlassian Jira Information Disclosure Vulnerability (CVE-2020-14179)
Web Server Nagios
1012329 - Nagios XI SQL Injection Vulnerability (CVE-2023-48084)
Windows Server DCERPC
1012340 - Microsoft Windows Remote Desktop Licensing Service Path Traversal Vulnerability (CVE-2024-38258)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
DCERPC Services - Client
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
DHCP Server
1001173* - ISC DHCPD Server Remote Stack Corruption Vulnerability
DNS Client
1002988* - Multiple Vendors libspf2 DNS TXT Record Parsing Buffer Overflow
Database MySQL
1005045* - MySQL Database Server Possible Login Brute Force Attempt (ATT&CK T1110)
Database Oracle
1000407* - Oracle Database Server Buffer Overflow In Interval And Timestamp Functions
1000840* - Oracle Database Server Generic SQL Injection Detection
Gogs
1012331 - Gogs Path Traversal Vulnerability (CVE-2024-55947)
SSL/TLS Server
1006293* - Detected SSLv3 Request (ATT&CK T1573.002)
1006297* - Identified CBC Based Cipher Suite In SSLv3 Response (ATT&CK T1573.002)
Suspicious Client Application Activity
1010770* - Identified UDP Trojan SSHDoor C&C Traffic
Suspicious Client Ransomware Activity
1010767* - Identified HTTP Backdoor Kobalos C&C Traffic
Wazuh
1012332 - Wazuh Insecure Deserialization Vulnerability (CVE-2025-24016)
Web Application Common
1012333 - Microsoft .NET Framework Information Disclosure Vulnerability (CVE-2024-29059)
1010344* - ThinkPHP Remote Code Execution Vulnerability (CVE-2019-9082 and CVE-2018-20062)
Web Application PHP Based
1012337 - GLPI SQL Injection Vulnerability (CVE-2025-24799)
1012341 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2025-23200)
1012265* - WordPress 'White Label CMS' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0422)
Web Application Ruby Based
1005350* - Ruby On Rails JSON Parser Remote Code Execution Vulnerability
1005331* - Ruby On Rails XML Processor YAML Deserialization DoS
Web Server Common
1009889* - Atlassian Crowd Remote Code Execution Vulnerability (CVE-2019-11580)
1006241* - Restrict Content-Length Header Value
Web Server HTTPS
1006741* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Server (ATT&CK T1573.002)
1006562* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Request (ATT&CK T1573.002)
Web Server IIS
1004409* - Microsoft .NET Framework ASP.NET 'Padding Oracle' Information Disclosure Vulnerability
Web Server IIS HTTPS
1006357* - Microsoft Schannel Remote Code Execution Vulnerability (CVE-2014-6321) - 1
Web Server Miscellaneous
1006744* - Jetty Httpd HttpParser Memory Information Disclosure Vulnerability (CVE-2015-2080)
Web Server RealVNC
1008557* - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)
Windows SMB Server
1012318 - Identified Possible Ransomware File Rename Activity Over Network Share - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services
1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
DCERPC Services - Client
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
DHCP Server
1001173* - ISC DHCPD Server Remote Stack Corruption Vulnerability
DNS Client
1002988* - Multiple Vendors libspf2 DNS TXT Record Parsing Buffer Overflow
Database MySQL
1005045* - MySQL Database Server Possible Login Brute Force Attempt (ATT&CK T1110)
Database Oracle
1000407* - Oracle Database Server Buffer Overflow In Interval And Timestamp Functions
1000840* - Oracle Database Server Generic SQL Injection Detection
Gogs
1012331 - Gogs Path Traversal Vulnerability (CVE-2024-55947)
SSL/TLS Server
1006293* - Detected SSLv3 Request (ATT&CK T1573.002)
1006297* - Identified CBC Based Cipher Suite In SSLv3 Response (ATT&CK T1573.002)
Suspicious Client Application Activity
1010770* - Identified UDP Trojan SSHDoor C&C Traffic
Suspicious Client Ransomware Activity
1010767* - Identified HTTP Backdoor Kobalos C&C Traffic
Wazuh
1012332 - Wazuh Insecure Deserialization Vulnerability (CVE-2025-24016)
Web Application Common
1012333 - Microsoft .NET Framework Information Disclosure Vulnerability (CVE-2024-29059)
1010344* - ThinkPHP Remote Code Execution Vulnerability (CVE-2019-9082 and CVE-2018-20062)
Web Application PHP Based
1012337 - GLPI SQL Injection Vulnerability (CVE-2025-24799)
1012341 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2025-23200)
1012265* - WordPress 'White Label CMS' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0422)
Web Application Ruby Based
1005350* - Ruby On Rails JSON Parser Remote Code Execution Vulnerability
1005331* - Ruby On Rails XML Processor YAML Deserialization DoS
Web Server Common
1009889* - Atlassian Crowd Remote Code Execution Vulnerability (CVE-2019-11580)
1006241* - Restrict Content-Length Header Value
Web Server HTTPS
1006741* - Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Server (ATT&CK T1573.002)
1006562* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Request (ATT&CK T1573.002)
Web Server IIS
1004409* - Microsoft .NET Framework ASP.NET 'Padding Oracle' Information Disclosure Vulnerability
Web Server IIS HTTPS
1006357* - Microsoft Schannel Remote Code Execution Vulnerability (CVE-2014-6321) - 1
Web Server Miscellaneous
1006744* - Jetty Httpd HttpParser Memory Information Disclosure Vulnerability (CVE-2015-2080)
Web Server RealVNC
1008557* - RealVNC NULL Authentication Mode Bypass Vulnerability (CVE-2006-2369)
Windows SMB Server
1012318 - Identified Possible Ransomware File Rename Activity Over Network Share - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache OpenJPA TCPRemoteCommitProvider
1012321 - Apache OpenMeetings Insecure Deserialization Vulnerability (CVE-2024-54676)
Kerberos KDC Client
1012338 - Microsoft Windows Defender Credential Guard Security Feature Bypass Vulnerability (CVE-2025-29809)
Kerberos KDC Server
1012336 - Microsoft Windows Kerberos Security Feature Bypass Vulnerability (CVE-2025-29809)
SimpleHelp Server
1012326 - SimpleHelp Directory Traversal Vulnerability (CVE-2024-57727)
WSO2
1012249* - WSO2 Multiple Products Arbitrary File Upload Vulnerability (CVE-2024-7074)
Web Client HTTPS
1012328 - Ivanti Endpoint Manager Unrestricted File Upload Vulnerability (CVE-2024-13171)
Web Server HTTPS
1012322 - Apache Camel Command Injection Vulnerabilities (CVE-2025-29891 and CVE-2025-27636)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Apache OpenJPA TCPRemoteCommitProvider
1012321 - Apache OpenMeetings Insecure Deserialization Vulnerability (CVE-2024-54676)
Kerberos KDC Client
1012338 - Microsoft Windows Defender Credential Guard Security Feature Bypass Vulnerability (CVE-2025-29809)
Kerberos KDC Server
1012336 - Microsoft Windows Kerberos Security Feature Bypass Vulnerability (CVE-2025-29809)
SimpleHelp Server
1012326 - SimpleHelp Directory Traversal Vulnerability (CVE-2024-57727)
WSO2
1012249* - WSO2 Multiple Products Arbitrary File Upload Vulnerability (CVE-2024-7074)
Web Client HTTPS
1012328 - Ivanti Endpoint Manager Unrestricted File Upload Vulnerability (CVE-2024-13171)
Web Server HTTPS
1012322 - Apache Camel Command Injection Vulnerabilities (CVE-2025-29891 and CVE-2025-27636)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1012183* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over SMB (ZDI-25-148)
Redis Server
1012286 - Redis Use After Free Vulnerability (CVE-2024-46981)
Remote Desktop Server Websocket
1012325 - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2024-49116)
Web Application PHP Based
1012281 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-49754)
Web Application Tomcat
1012330 - Apache Tomcat Path Equivalence Vulnerability (CVE-2025-24813)
Web Client Common
1012182* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over HTTP (ZDI-25-148)
Web Server HTTPS
1012066* - PHP-CGI Argument Injection Vulnerability (CVE-2024-4577)
1012292* - Zabbix SQL Injection Vulnerability (CVE-2024-42327)
Web Server Miscellaneous
1012315 - Zimbra Collaboration SQL Injection Vulnerability (CVE-2025-25064)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services - Client
1012183* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over SMB (ZDI-25-148)
Redis Server
1012286 - Redis Use After Free Vulnerability (CVE-2024-46981)
Remote Desktop Server Websocket
1012325 - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2024-49116)
Web Application PHP Based
1012281 - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-49754)
Web Application Tomcat
1012330 - Apache Tomcat Path Equivalence Vulnerability (CVE-2025-24813)
Web Client Common
1012182* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over HTTP (ZDI-25-148)
Web Server HTTPS
1012066* - PHP-CGI Argument Injection Vulnerability (CVE-2024-4577)
1012292* - Zabbix SQL Injection Vulnerability (CVE-2024-42327)
Web Server Miscellaneous
1012315 - Zimbra Collaboration SQL Injection Vulnerability (CVE-2025-25064)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
CyberPanel
1012299 - CyberPanel Remote Code Execution Vulnerability (CVE-2024-53376)
DCERPC Services - Client
1012183* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over SMB (ZDI-25-148)
Directory Client LDAP TCP
1012276* - Microsoft Windows LDAP Integer Overflow Vulnerability (CVE-2024-49112)
HPE Insight Remote Support
1012317 - HPE Insight Remote Support XML External Entity Injection Vulnerability (CVE-2024-53675)
Web Application Common
1012324 - Vercel Next.js Authorization Bypass Vulnerability (CVE-2025-29927)
Web Application PHP Based
1012285 - Clinic's Patient Management System Remote Code Execution Vulnerability (CVE-2022-40471)
1012307 - WordPress 'Tutor LMS' Plugin SQL Injection Vulnerability (CVE-2024-10400)
Web Client Common
1012182* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over HTTP (ZDI-25-148)
Web Server HTTPS
1012319 - Centreon SQL Injection Vulnerability (CVE-2024-55573)
1012066* - PHP-CGI Argument Injection Vulnerability (CVE-2024-4577)
1012320 - WordPress 'KiviCare' Plugin SQL Injection Vulnerability (CVE-2024-11728)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
CyberPanel
1012299 - CyberPanel Remote Code Execution Vulnerability (CVE-2024-53376)
DCERPC Services - Client
1012183* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over SMB (ZDI-25-148)
Directory Client LDAP TCP
1012276* - Microsoft Windows LDAP Integer Overflow Vulnerability (CVE-2024-49112)
HPE Insight Remote Support
1012317 - HPE Insight Remote Support XML External Entity Injection Vulnerability (CVE-2024-53675)
Web Application Common
1012324 - Vercel Next.js Authorization Bypass Vulnerability (CVE-2025-29927)
Web Application PHP Based
1012285 - Clinic's Patient Management System Remote Code Execution Vulnerability (CVE-2022-40471)
1012307 - WordPress 'Tutor LMS' Plugin SQL Injection Vulnerability (CVE-2024-10400)
Web Client Common
1012182* - Microsoft Windows LNK File UI Misrepresentation Vulnerability Over HTTP (ZDI-25-148)
Web Server HTTPS
1012319 - Centreon SQL Injection Vulnerability (CVE-2024-55573)
1012066* - PHP-CGI Argument Injection Vulnerability (CVE-2024-4577)
1012320 - WordPress 'KiviCare' Plugin SQL Injection Vulnerability (CVE-2024-11728)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Directory Server LDAP
1012309 - OpenLDAP SQL Injection Vulnerability (CVE-2022-29155)
Ivanti Endpoint Manager
1012149* - Ivanti Endpoint Manager Multiple SQL Injection Vulnerabilities - 1
1012253* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32848)
1012283 - Ivanti Endpoint Manager Untrusted Search Path Vulnerability (CVE-2024-13158)
SolarWinds Orion Platform
1012316 - SolarWinds Orion Platform Server-Side Request Forgery Vulnerability (CVE-2024-52606)
Web Application PHP Based
1012308 - WordPress 'Hunk Companion' Plugin Broken Access Control Vulnerability (CVE-2024-11972)
1012313 - WordPress 'Ultimate Exporter' Plugin Command Injection Vulnerability (CVE-2024-56278)
Web Client HTTPS
1012220 - Ivanti Endpoint Manager Multiple Directory Traversal Vulnerabilities
Web Server HTTPS
1012292 - Zabbix SQL Injection Vulnerability (CVE-2024-42327)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Directory Server LDAP
1012309 - OpenLDAP SQL Injection Vulnerability (CVE-2022-29155)
Ivanti Endpoint Manager
1012149* - Ivanti Endpoint Manager Multiple SQL Injection Vulnerabilities - 1
1012253* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32848)
1012283 - Ivanti Endpoint Manager Untrusted Search Path Vulnerability (CVE-2024-13158)
SolarWinds Orion Platform
1012316 - SolarWinds Orion Platform Server-Side Request Forgery Vulnerability (CVE-2024-52606)
Web Application PHP Based
1012308 - WordPress 'Hunk Companion' Plugin Broken Access Control Vulnerability (CVE-2024-11972)
1012313 - WordPress 'Ultimate Exporter' Plugin Command Injection Vulnerability (CVE-2024-56278)
Web Client HTTPS
1012220 - Ivanti Endpoint Manager Multiple Directory Traversal Vulnerabilities
Web Server HTTPS
1012292 - Zabbix SQL Injection Vulnerability (CVE-2024-42327)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
CyberPanel
1012300 - CyberPanel Command Injection Vulnerability (CVE-2024-51378)
HPE Insight Remote Support
1012304 - HPE Insight Remote Support Directory Traversal Vulnerability (CVE-2024-53676)
OpenSSL
1012310 - OpenSSL Denial of Service Vulnerability (CVE-2024-6119) - Server
OpenSSL Client
1012311 - OpenSSL Denial of Service Vulnerability (CVE-2024-6119) - Client
Web Application Common
1012290 - Pandora FMS Command Injection Vulnerability (CVE-2024-11320)
Web Application PHP Based
1012279 - WordPress 'WP Time Capsule' Plugin Arbitrary File Upload Vulnerability (CVE-2024-8856)
Web Proxy Squid
1012273* - Squid Proxy Denial Of Service Vulnerability (CVE-2024-45802)
Web Server Apache
1012305 - Chamilo Command Injection Vulnerabilities (CVE-2023-34960 and CVE-2023-3368)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
CyberPanel
1012300 - CyberPanel Command Injection Vulnerability (CVE-2024-51378)
HPE Insight Remote Support
1012304 - HPE Insight Remote Support Directory Traversal Vulnerability (CVE-2024-53676)
OpenSSL
1012310 - OpenSSL Denial of Service Vulnerability (CVE-2024-6119) - Server
OpenSSL Client
1012311 - OpenSSL Denial of Service Vulnerability (CVE-2024-6119) - Client
Web Application Common
1012290 - Pandora FMS Command Injection Vulnerability (CVE-2024-11320)
Web Application PHP Based
1012279 - WordPress 'WP Time Capsule' Plugin Arbitrary File Upload Vulnerability (CVE-2024-8856)
Web Proxy Squid
1012273* - Squid Proxy Denial Of Service Vulnerability (CVE-2024-45802)
Web Server Apache
1012305 - Chamilo Command Injection Vulnerabilities (CVE-2023-34960 and CVE-2023-3368)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Ivanti Avalanche
1012296 - Ivanti Avalanche Path Traversal Vulnerability (CVE-2024-13179)
Ivanti Endpoint Manager
1012271* - Ivanti Endpoint Manager Multiple Denial Of Service Vulnerabilities
1012278 - Ivanti Endpoint Manager Multiple Denial Of Service Vulnerabilities (CVE-2024-13170 and CVE-2024-13167)
1012253 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32848)
JetBrains TeamCity
1012297 - JetBrains TeamCity Cross-Site Scripting Vulnerability (CVE-2025-24459)
Solr Service
1012291* - Apache Solr Directory Traversal Vulnerability (CVE-2024-52012)
Web Application PHP Based
1012097* - LibreNMS SQL Injection Vulnerability (CVE-2024-32461)
1012301 - WordPress 'Quiz Maker' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2023-2571)
1012226 - WordPress 'wpForo' Plugin Local File Inclusion Vulnerability (CVE-2023-2249)
Web Client Common
1008828* - Speculative Execution Information Disclosure Vulnerabilities (Spectre)
Web Server HTTPS
1012284 - Apache Traffic Control SQL Injection Vulnerability (CVE-2024-45387)
Web Server Miscellaneous
1012303 - XWiki Code Injection Vulnerability (CVE-2025-24893)
Windows Server DCERPC
1012209* - Microsoft Windows Remote Desktop Licensing Service Denial of Service Vulnerability (CVE-2024-38071)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Ivanti Avalanche
1012296 - Ivanti Avalanche Path Traversal Vulnerability (CVE-2024-13179)
Ivanti Endpoint Manager
1012271* - Ivanti Endpoint Manager Multiple Denial Of Service Vulnerabilities
1012278 - Ivanti Endpoint Manager Multiple Denial Of Service Vulnerabilities (CVE-2024-13170 and CVE-2024-13167)
1012253 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32848)
JetBrains TeamCity
1012297 - JetBrains TeamCity Cross-Site Scripting Vulnerability (CVE-2025-24459)
Solr Service
1012291* - Apache Solr Directory Traversal Vulnerability (CVE-2024-52012)
Web Application PHP Based
1012097* - LibreNMS SQL Injection Vulnerability (CVE-2024-32461)
1012301 - WordPress 'Quiz Maker' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2023-2571)
1012226 - WordPress 'wpForo' Plugin Local File Inclusion Vulnerability (CVE-2023-2249)
Web Client Common
1008828* - Speculative Execution Information Disclosure Vulnerabilities (Spectre)
Web Server HTTPS
1012284 - Apache Traffic Control SQL Injection Vulnerability (CVE-2024-45387)
Web Server Miscellaneous
1012303 - XWiki Code Injection Vulnerability (CVE-2025-24893)
Windows Server DCERPC
1012209* - Microsoft Windows Remote Desktop Licensing Service Denial of Service Vulnerability (CVE-2024-38071)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Ivanti Avalanche
1012298 - Ivanti Avalanche Authentication Bypass Vulnerability (CVE-2024-13181)
Ivanti Endpoint Manager
1012271 - Ivanti Endpoint Manager Multiple Denial Of Service Vulnerabilities
Solr Service
1012280 - Apache Solr Authentication Bypass Vulnerability (CVE-2024-45216)
1012291 - Apache Solr Directory Traversal Vulnerability (CVE-2025-52012)
Web Client Common
1012282* - Microsoft Windows Themes Spoofing Vulnerability (CVE-2025-21308)
Integrity Monitoring Rules:
1012288 - Vulnerability - Microsoft Windows Active Directory Elevation of Privilege (CVE-2025-21293) (ATT&CK T1112, T1546.003, T1574.011)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Ivanti Avalanche
1012298 - Ivanti Avalanche Authentication Bypass Vulnerability (CVE-2024-13181)
Ivanti Endpoint Manager
1012271 - Ivanti Endpoint Manager Multiple Denial Of Service Vulnerabilities
Solr Service
1012280 - Apache Solr Authentication Bypass Vulnerability (CVE-2024-45216)
1012291 - Apache Solr Directory Traversal Vulnerability (CVE-2025-52012)
Web Client Common
1012282* - Microsoft Windows Themes Spoofing Vulnerability (CVE-2025-21308)
Integrity Monitoring Rules:
1012288 - Vulnerability - Microsoft Windows Active Directory Elevation of Privilege (CVE-2025-21293) (ATT&CK T1112, T1546.003, T1574.011)
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Directory Client LDAP TCP
1012276 - Microsoft Windows LDAP Integer Overflow Vulnerability (CVE-2024-49112)
Microsoft Configuration Manager
1012289 - Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)
Progress WhatsUp Gold
1012287 - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-12105)
Web Application PHP Based
1012265 - WordPress 'White Label MS' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0422)
Web Client Common
1012282 - Microsoft Windows Themes Spoofing Vulnerability (CVE-2025-21308)
Web Server Miscellaneous
1012248 - Jenkins 'Simple Queue' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2024-54003)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Directory Client LDAP TCP
1012276 - Microsoft Windows LDAP Integer Overflow Vulnerability (CVE-2024-49112)
Microsoft Configuration Manager
1012289 - Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)
Progress WhatsUp Gold
1012287 - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-12105)
Web Application PHP Based
1012265 - WordPress 'White Label MS' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2022-0422)
Web Client Common
1012282 - Microsoft Windows Themes Spoofing Vulnerability (CVE-2025-21308)
Web Server Miscellaneous
1012248 - Jenkins 'Simple Queue' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2024-54003)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.