Vulnerability-Lookup – Service FAQ

This document answers common questions about Vulnerability-Lookup services. It explains how the service works, how to manage accounts and notifications, and how to interpret vulnerability-related data and terminology.

Vulnerability-Lookup – Frequently Asked Questions (FAQ)

General Information

What is Vulnerability-Lookup?

Vulnerability-Lookup is a platform that aggregates security vulnerability information from multiple trusted sources into a single searchable interface. It allows users to explore vulnerabilities, track affected products, and access related intelligence such as exploitation status and community references.

All vulnerability data is publicly accessible. An account is required only for personalized features such as notifications and watchlists.

Accounts & Authentication

Who can create an account?

Account eligibility depends on the specific deployment of Vulnerability-Lookup. Some instances may restrict registration to users from specific organizations or domains.

If registration is not available on a particular instance, users may check alternative public deployments.

Why was my email address rejected during registration?

Vulnerability-Lookup can be configured to allow or block specific email domains. Some deployments restrict the use of free email providers or enforce a domain whitelist.

If your registration was rejected, please verify that you are using an accepted email domain or contact the instance administrator.

Why is a long password required?

Strong password requirements are enforced to enhance account security and reduce the risk of compromise. The platform may require passwords of 20 or more characters.

What is an authenticator app and why is it required?

Vulnerability-Lookup supports multi-factor authentication (MFA) for enhanced security.

An authenticator app generates time-based one-time passwords (TOTP) used during login. Common examples include:

  • Microsoft Authenticator
  • Google Authenticator

After installing an authenticator app, users scan a QR code during setup. Login then requires:

  1. Username
  2. Password
  3. One-time authentication code

Subscribing to Products & Notifications

How do I subscribe to a product?

There are two recommended methods:

  1. From a vulnerability page: Open a vulnerability affecting the desired product and click the bell icon next to the vendor/product name.

  2. From the Notifications page: Use the “Create new notification” option and select the vendor and product from the dropdown suggestions.

For best results, begin typing and select from the suggested list rather than manually entering full names.

Why are vendor or product names sometimes inconsistent?

Vulnerability data is aggregated from multiple sources, each using its own naming conventions. Vendors may appear under different variations (e.g., corporate suffixes, rebranding, acquisitions).

It is recommended to subscribe to all relevant vendor-product variations that appear in the platform.

Can I subscribe to all products of a vendor using a wildcard?

No. Wildcard subscriptions (e.g., *) are not supported. Subscriptions must specify both vendor and product.

I subscribed to a product but did not receive a notification. Why?

Possible reasons include:

  • Notification frequency is set to weekly (or another interval not yet triggered).
  • The vulnerability is associated with a different vendor-product combination.
  • The subscription is inactive.

Users should verify the vendor-product pairing listed in the vulnerability record and adjust subscriptions accordingly.

Can I disable email notifications but keep my watchlist?

Yes. By deactivating a notification entry, email alerts can be disabled while retaining visibility in the Watchlist page.

To completely remove an item, the subscription must be deleted.

How can I reduce the number of notification emails?

It is recommended to create a dedicated mailbox folder (e.g., “VulnerabilityLookup”) and configure an email rule to automatically route platform notifications into that folder.

RSS & API Access

Is RSS or Atom feed access available?

Yes. Authenticated RSS/Atom feeds are supported. A Feed Key is required and can be found in the user profile settings.

Is there an API?

Yes. Vulnerability-Lookup provides an API for querying vulnerability data.

An API Key is required for authenticated requests. It can be found in the user profile settings.

A Python client library is also available for programmatic access.

Platform Features

What are “Sightings”?

A sighting is a reference to external information related to a vulnerability. This may include:

  • Security advisories
  • Blog posts
  • Exploit releases
  • Detection templates
  • Confirmed exploitation reports

Sightings are categorized (e.g., observed, confirmed, proof-of-concept published, exploited, patched) to distinguish between types of activity.

Some sightings are added automatically by monitoring sources such as:

  • Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities (KEV) Catalog
  • Metasploit Framework
  • Nuclei

Automated sightings are typically attributed to a system account.

Can users add sightings?

Yes. Users are encouraged to contribute valuable external references related to vulnerabilities.

What are comments?

Comments allow users to provide structured analysis, summaries, or contextual information beyond simple links. Comments may include detailed explanations and references.

What is a bundle?

A bundle is an extended structured entry that can reference multiple vulnerabilities. It is typically used to document broader incident reports, campaigns, or research publications that involve several related CVEs.

Vulnerability Scoring & Classification

What is CVSS?

Common Vulnerability Scoring System (CVSS) measures vulnerability severity on a scale from 0.0 to 10.0. Multiple versions exist (v2, v3.1, v4.0). Higher scores indicate higher severity.

What is EPSS?

Exploit Prediction Scoring System (EPSS) estimates the probability (0–1) that a vulnerability will be exploited in the wild within 30 days. It assists with prioritization.

What is CWE?

Common Weakness Enumeration (CWE) is a catalog of common software weakness types that lead to vulnerabilities (e.g., hard-coded credentials).

What is CPE?

Common Platform Enumeration (CPE) is a standardized naming scheme that uniquely identifies products and versions (vendor, product, version).

Accurate subscriptions require vendor and product names that match known CPE entries.

What is KEV?

Known Exploited Vulnerabilities Catalog (KEV) is a catalog of vulnerabilities with confirmed exploitation in the wild. Inclusion in KEV generally indicates high remediation priority.

Interface & Usability

Why is the references section empty?

References are typically collapsed by default. Use the expand icon to view them.

Why is there no bell icon for some vulnerabilities?

The bell icon appears only when vendor and product information is available and subscription is supported.

What does the front page show?

The front page highlights vulnerabilities with significant recent activity, often measured by sightings, along with related statistics and trends.

If additional questions arise, please consult the platform documentation or contact the relevant instance administrator.