from cedric@lemmy.ml to security@lemmy.ml on 14 Nov 14:09
https://lemmy.ml/post/38966890
We’re delighted to announce the release of Vulnerability-Lookup 2.18.0 — packed with exciting new features!
What’s New
Integration with Rulezet
Rulezet is an open-source platform for sharing, evaluating, improving, and managing cybersecurity detection rules (YARA, Sigma, Suricata, etc.). Its goal is to foster collaboration among professionals and enthusiasts to enhance the quality and reliability of detection rules.
Vulnerability-Lookup can now be configured to interface with the API of any Rulezet instance, providing insights into existing detection rules related to security vulnerabilities.
The default Rulezet instance enabled in Vulnerability-Lookup is hosted at rulezet.org and currently offers more than 122,000 security rules.
Detection rules related to vulnerabilities are displayed on the vulnerability details page (in a dedicated tab) and on bundle details pages.
You can even query the remote Rulezet instance via the Vulnerability-Lookup API:
$ curl --silent 'https://vulnerability.circl.lu/api/rulezet/search_rules_by_vulnerabilities/CVE-2020-27130?page=1&per_page=50' | jq
{
"metadata": {
"count": 3,
"page": 1,
"per_page": 50
},
"data": [
{
"id": 122599,
"uuid": "84846673-015e-450b-8a73-2ba481b5a6ce",
"vulnerability_id": "CVE-2020-27130",
"format": "suricata",
"title": "Exploit CVE-2020-27130 on Cisco Security Manager - Upload webshell",
"description": "Rule for security (detection rule in many format)",
"raw": "alert http any any -> any any (msg:\"Exploit CVE-2020-27130 on Cisco Security Manager - Upload webshell\"; flow:to_server,established; content:\"POST\"; http_method; content:\"/cwhp/XmpFileUploadServlet\"; startswith; http_uri; pcre:\"/filename=\\\".*\\.\\.\\/.+\\\"\\r\\n/P\"; reference:cve,CVE-2020-27130; classtype:web-application-attack; sid:2020271303; rev:1;)",
"detail_url": "https://rulezet.org/rule/detail_rule/122599",
"creation_date": "2025-11-06 13:03",
"updated_date": "2025-11-13 09:33"
},
{
"id": 122598,
"uuid": "538dafc1-d49c-4fd6-bdb5-57b997346fe6",
"vulnerability_id": "CVE-2020-27130",
"format": "suricata",
"title": "Exploit CVE-2020-27130 on Cisco Security Manager - Download arbitrary directory as a zip file",
"description": "Rule for security (detection rule in many format)",
"raw": "alert http any any -> any any (msg:\"Exploit CVE-2020-27130 on Cisco Security Manager - Download arbitrary directory as a zip file\"; flow:to_server,established; content:\"GET\"; http_method; pcre:\"/^\\/cwhp\\/(Xmp|Sample)FileDownloadServlet/U\"; content:\"../\"; distance:0; http_uri; reference:cve,CVE-2020-27130; classtype:web-application-attack; sid:2020271302; rev:1;)",
"detail_url": "https://rulezet.org/rule/detail_rule/122598",
"creation_date": "2025-11-06 13:03",
"updated_date": "2025-11-06 13:03"
},
{
"id": 122597,
"uuid": "2cd8fb2a-e97b-4390-8dca-d416b2858c66",
"vulnerability_id": "CVE-2020-27130",
"format": "suricata",
"title": "Exploit CVE-2020-27130 on Cisco Security Manager - Download arbitrary file",
"description": "Rule for security (detection rule in many format)",
"raw": "alert http any any -> any any (msg:\"Exploit CVE-2020-27130 on Cisco Security Manager - Download arbitrary file\"; flow:to_server,established; content:\"GET\"; http_method; pcre:\"/^\\/athena\\/(xdmProxy\\/(xdmConfig|xdmResources)|itf\\/resultsFrame\\.jsp)/U\"; content:\"../\"; distance:0; http_uri; reference:cve,CVE-2020-27130; classtype:web-application-attack; sid:2020271301; rev:1;)",
"detail_url": "https://rulezet.org/rule/detail_rule/122597",
"creation_date": "2025-11-06 13:03",
"updated_date": "2025-11-06 13:03"
}
]
}
Thanks to Théo Geffe for making this integration possible.
Indexing Information Related to Assigners (CNA)
Information about security advisory assigners is now indexed. CNAs from the official CVE Program source (cvelistv5) are indexed in Kvrocks, with GNAs planned for the future.
The API exposes this data via a new assigners endpoint. From an API perspective, both CNAs and GNAs are treated as assigners, though they will be stored in dedicated indexes.
Updates include:
- Enhanced search capabilities related to assigners.
- Improved /stats page.
- Updated vulnerability details page: display the assigner name with a link.
- A new page listing assigners, similar to the existing CWE list.
Implemented in PR #283.
Website
- new: [website] Add PROTECT_USER_PAGES option to restrict user profile pages to authenticated users. Closes (#277)
Vulnerability Sources
- Added ABB CSAF feed (0d984a8) by @neutrinoguy
- It now possible to enable a list of enabled feeders via the config/modules.cfg file. (e4a1acb)
Changes
- chg: [website] Account creation via the API is now rate-limited to 3 registrations per hour per IP. (3a12de2)
- Additional validation checks have been added to reject email addresses that are disposable (MISP list), from blocked domains, or with invalid MX records. (3a12de2)
- chg: [website] Improved email address check in both the API endpoint and in the form controller. (bb090fc)
- chg: [website] user.last_seen is now updated after successful login. (fb5796e)
- chg: [API] Improved date parsing for sightings (d7bc9fd)
- chg: [website] Harmonization of the templates for the details views of bundles and comments. (c7f90aa)
- chg: [feeders] Improved use of the kvrocks counters for vendors and cwe rankings. (1205670)
- chg: [notifications] add random jitter to reschedule execution times (d974315)
- various minor improvements to the backend, user interface and documentation.
Refreshed views
Fixes
- fix: [website] Redirect the user to the user_bp.watchlist view if notifications are found. (4f6e0bc)
- fix: [API] Delete notifications of the user to delete. (2371962)
- Rename flatpickr to flatpickr.js and update template reference (8dcc804) by @DocArmoryTech
Changelog
📂 For the full list of changes, check the GitHub release:
github.com/vulnerability-lookup/…/v2.18.0
Thank you to all contributors and testers!
Feedback and Support
If you find any issues or have suggestions, please open a ticket on our GitHub repository:
github.com/vulnerability-lookup/…/issues/
We appreciate your feedback!
Follow Us on Fediverse/Mastodon
Stay updated on security advisories in real-time by following us on Mastodon:
social.circl.lu/@vulnerability_lookup/
threaded - newest