Views:
Table of Contents
--------------------------
  New Filters - 9
  Modified Filters (logic changes) - 10
  Modified Filters (metadata changes only) - 3
  Removed Filters - 0
  New Filters:

    46065: HTTP: Suspicious Visual Studio Code Java Extension Pack Detected
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects a download of a suspicious Visual Studio Code Java extension pack.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-27084
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: June 24, 2025

    46066: HTTP: Liferay Portal Cross-Site Scripting Vulnerability 
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a cross-site scripting vulnerability in Liferay Portal.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-4388
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: June 24, 2025

    46067: HTTP: Samsung MagicINFO 9 Server Directory Traversal Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Samsung MagicINFO 9 Server.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-4632 CVSS 9.0
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: June 24, 2025

    46068: HTTP: Apple macOS CoreAudio mRemappingArray Memory Corruption Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Exploits
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a type confusion vulnerability in Apple macOS CoreAudio.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-31200
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: June 24, 2025

    46069: HTTP: VMware vSphere Potential Finger Printing Attempt
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Security Policy
      - Severity: Low
      - Description: This filter detects potential fingerprinting activity in VMWare vSphere.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2021-21972
      - Classification: Security Policy - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Client Application
      - Release Date: June 24, 2025

    46070: HTTP: TBK DVR Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in various TBK DVRs.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-3721
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Networked Hardware Device Application or Service
      - Release Date: June 24, 2025

    46072: HTTP: HPE Insight Remote Support DownloadAttachmentServlet Directory Traversal Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Hewlett Packard Enterprise (HPE) Insight Remote Support.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-37098 CVSS 5.7
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: June 24, 2025

    46078: HTTP: WordPress Depicter Plugin SQL Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects the attempt to exploit a SQL injection vulnerability in WordPress Depicter Plugin.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-2011 CVSS 7.5
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: June 24, 2025

    46089: HTTP: Roundcube Webmail _from URL Parameter Insecure Deserialization Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit an insecure deserialization vulnerability in Roundcube Webmail.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2025-49113 CVSS 8.2
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: June 24, 2025

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    * 29068: HTTP: Apache Struts 2 Struts 1 Plugin Remote Code Execution Vulnerability
      - IPS Version: 3.1.3 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Description updated.
      - Detection logic updated.
      - Release Date: July 11, 2017
      - Last Modified Date: June 24, 2025

    37910: HTTP: Ruby on Rails Argument Call Code Execution Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: July 28, 2020
      - Last Modified Date: June 24, 2025

    38625: HTTP: WordPress Duplicator duplicator_download Directory Traversal Vulnerability
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Detection logic updated.
      - Release Date: December 22, 2020
      - Last Modified Date: June 24, 2025

    * 42150: HTTP: TP-Link AX1800 locale controller Command Injection Vulnerability (ZDI-23-451)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: January 10, 2023
      - Last Modified Date: June 24, 2025

    44388: HTTP: Ivanti Endpoint Manager EFile Directory Traversal Vulnerability (ZDI-24-1501)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: June 18, 2024
      - Last Modified Date: June 24, 2025

    * 44487: HTTP: Ivanti Endpoint Manager Report_RunPatch SQL Injection Vulnerability (ZDI-24-1502)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Release Date: July 09, 2024
      - Last Modified Date: June 24, 2025

    * 45058: HTTP: HPE StoreOnce VSA deletePackages Directory Traversal Vulnerability (ZDI-25-317)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45058: ZDI-CAN-25314: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise StoreOnce VSA)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 12, 2024
      - Last Modified Date: June 24, 2025

    * 45059: HTTP: HPE StoreOnce VSA getServerPayload Directory Traversal Vulnerability (ZDI-25-318)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45059: ZDI-CAN-25315: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise StoreOnce VSA)".
      - Severity changed from "Critical" to "High".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 12, 2024
      - Last Modified Date: June 24, 2025

    * 45060: HTTP: HPE StoreOnce VSA getServerCertificate Command Injection Vulnerability (ZDI-25-319)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45060: ZDI-CAN-25316: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise StoreOnce VSA)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: November 12, 2024
      - Last Modified Date: June 24, 2025

    45500: HTTP: HPE Insight Remote Support processAttachmentDataStream Directory Traversal (ZDI-25-325)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45500: ZDI-CAN-25954: Zero Day Initiative Vulnerability (Hewlett Packard Enterprise Insight Remote Support)".
      - Description updated.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 04, 2025
      - Last Modified Date: June 24, 2025

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    36985: HTTP: Pivotal RabbitMQ X-Reason HTTP Header Denial-of-Service Vulnerability 
      - IPS Version: 3.6.2 and after.
      - TPS Version: 4.0.0 and after.
      - vTPS Version: 4.0.1 and after.
      - Miscellaneous modification.
      - Release Date: February 04, 2020
      - Last Modified Date: June 24, 2025

    42846: HTTP: Fortinet FortiOS enc Parameter Usage
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Description updated.
      - Vulnerability references updated.
      - Release Date: June 20, 2023
      - Last Modified Date: June 24, 2025

    45728: HTTP: Allegra isZipEntryValide Directory Traversal Vulnerability (ZDI-25-255)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "45728: ZDI-CAN-25730: Zero Day Initiative Vulnerability (Allegra)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: April 15, 2025
      - Last Modified Date: June 24, 2025

  Removed Filters: None