Vendor
medium
advisory
Suspicious Command Execution via Web Server on Linux
3 rules 2 TTPsIdentifies suspicious command executions via a web server on Linux systems, potentially indicating a vulnerability exploitation or remote shell access for persistence.
Elastic Defend
endpoint
linux
persistence
initial-access
vulnerability
3r
2t
high
advisory
Caddy Defender Client IP Bypass Vulnerability (CVE-2026-46415)
2 rules 1 TTPCaddy Defender versions before v0.10.1 are vulnerable to a client IP bypass (CVE-2026-46415) when deployed behind a trusted proxy, allowing blocked clients to bypass Defender's IP-based restrictions.
caddy-defender
cve
defender
proxy
bypass
ghsa
2r
1t