Vendor
Unusual Child Process Execution from Linux Web Servers
2 rules 4 TTPsThis rule detects unusual child process executions originating from web server processes on Linux systems, which attackers may use to maintain persistence on a compromised system by exploiting web server vulnerabilities.
Suspicious Command Execution via Web Server on Linux
2 rules 3 TTPsIdentifies suspicious command executions via a web server on Linux systems, which may suggest a vulnerability and remote shell access.
Spring AI Data Integrity Vulnerability (CVE-2026-41863)
2 rulesA data integrity vulnerability exists in Spring AI versions 1.1.x before 1.1.7, potentially allowing an attacker to compromise data integrity, as identified by CVE-2026-41863.
Multiple Vulnerabilities in Spring Products Allow for Remote Code Execution and Data Breach
2 rules 6 TTPs 1 CVEMultiple vulnerabilities in Spring products could allow a remote attacker to execute arbitrary code, cause a denial of service, or breach data confidentiality.
Spring Cloud Config Vulnerabilities Allow Secret Access and Directory Traversal
2 rules 3 CVEsMultiple vulnerabilities in Spring Cloud Config, including CVE-2026-40981, CVE-2026-40982, and CVE-2026-41002, could allow unauthorized access to secrets and directory traversal attacks, potentially leading to data exposure and system compromise.
Multiple Vulnerabilities in Spring Boot Allow Authorization Bypass and Potential RCE
2 rules 3 TTPs 3 CVEsMultiple vulnerabilities in Spring Boot, including CVE-2026-40976, CVE-2026-40973, and CVE-2026-40972, can allow attackers to bypass authorization, hijack sessions, or achieve remote code execution, potentially leading to data breaches and system compromise.
Spring AI Vulnerabilities CVE-2026-40967 and CVE-2026-40978
2 rules 1 TTP 2 CVEsSpring released security advisories on April 27, 2026, to address a VectorStore FilterExpression Converter injection vulnerability (CVE-2026-40967) and a SQL Injection vulnerability (CVE-2026-40978) in Spring AI versions prior to 1.0.6 and 1.1.5.