WAF Rule Set Update Announcement
| Name | waf.sig | ||
| Version | 1.2.57 | ||
| StoneOS Version | 5.5R2-W-1.1 or above, BDS 5.5R8-3.4 or above | ||
| Release Date | 2026-6-1 | New Rules (30) |
Rule ID | Rule Name | Rule Details |
| 1030010026 | Detect XSS Injection with $.getScript Form | Click for Details | |
| 1060110036 | GraphQL Interface Scanner | Click for Details | |
| 1070210564 | CVE-2025-7788:XXL-JOB Remote Command Execution Vulnerability | Click for Details | |
| 1070210565 | CVE-2025-7787:XXL-JOB SSRF Vulnerability | Click for Details | |
| 1070210566 | Hongfan iOffice Multiple Interfaces SQL Injection Vulnerability | Click for Details | |
| 1070210567 | Kingdee EAS Remote Command Execution Vulnerability | Click for Details | |
| 1070210568 | Inspur HCM Cloud Remote Code Execution Vulnerability | Click for Details | |
| 1070210569 | CVE-2025-10771:Jeecgboot JimuReport DB2 JDBC Deserialization Vulnerability | Click for Details | |
| 1070210570 | Seeyon OA DownExcelBeanServlet Sensitive Information Disclosure Vulnerability | Click for Details | |
| 1070210571 | Toone OA createFileByZip Arbitrary File Upload Vulnerability | Click for Details | |
| 1070210572 | JeecgBoot JimuReport getDataSourceByPage Sensitive Information Disclosure Vulnerability | Click for Details | |
| 1070210573 | CVE-2025-58046:Dataease Remote Code Execution Vulnerability | Click for Details | |
| 1070210574 | CVE-2025-62420:Dataease Remote Code Execution Vulnerability | Click for Details | |
| 1070210575 | CVE-2025-64164:Dataease Remote Code Execution Vulnerability | Click for Details | |
| 1070210562 | CVE-2022-1609:WordPress plugin School Management Pro Code Injection Vulnerability | Click for Details | |
| 1070310269 | CVE-2024-38856:AcrelCloud-3000 uploadAttachment Arbitrary File Upload Vulnerability | Click for Details | |
| 1070310270 | CVE-2019-16514:ConnectWise Control Remote Code Execution Vulnerability | Click for Details | |
| 1070310271 | CVE-2023-34598:Gibbon v25.0.0 Arbitrary File Reading Vulnerability | Click for Details | |
| 1070310272 | CVE-2022-23881:ZZZCMS zzzphp 2.1.0 Remote Code Execution vulnerability | Click for Details | |
| 1070310273 | Kuaipu M6 wsAutoComplete.asmx SQL Injection Vulnerability | Click for Details | |
| 1070310274 | NSFOCUS NGFW Command Execution Vulnerability | Click for Details | |
| 1070310275 | Supermap Iserver Arbitrary File Upload Vulnerability | Click for Details | |
| 1070310277 | CVE-2025-10769:H2O 3.46.08 Deserialization Vulnerability | Click for Details | |
| 1070310278 | CVE-2018-1000130:Spring Jolokia Remote Code Execution Vulnerability | Click for Details | |
| 1070310279 | Youjiasoft Management System ms_DBLis Sensitive Information Disclosure Vulnerability | Click for Details | |
| 1070010039 | CVE-2026-9256:NGINX ngx_http_rewrite_module Buffer Overflow Vulnerability | Click for Details | |
| 1020010148 | SQL Injection Attempts | Click for Details | |
| 1020010149 | SQL Injection Attempts | Click for Details | |
| 1020410039 | Unix Command Injection - tac | Click for Details | |
| 1020810059 | Server Side Template Injection Attack | Click for Details | Updated Rules (2) |
Rule ID | Description | Ruel Details |
| 1060310004 | Directory Traversal Attack | Click for Details | |
| 1020410025 | Windows Command Injection-High frequency. | Click for Details | |