diff --git a/.appsec-tests/vpatch-CVE-2024-51567/config.yaml b/.appsec-tests/vpatch-CVE-2024-51567/config.yaml
new file mode 100644
index 00000000000..f5e0838c222
--- /dev/null
+++ b/.appsec-tests/vpatch-CVE-2024-51567/config.yaml
@@ -0,0 +1,4 @@
+appsec-rules:
+    - ./appsec-rules/crowdsecurity/base-config.yaml
+    - ./appsec-rules/crowdsecurity/vpatch-CVE-2024-51567.yaml
+nuclei_template: vpatch-CVE-2024-51567.yaml
diff --git a/.appsec-tests/vpatch-CVE-2024-51567/vpatch-CVE-2024-51567.yaml b/.appsec-tests/vpatch-CVE-2024-51567/vpatch-CVE-2024-51567.yaml
new file mode 100755
index 00000000000..68bd973e440
--- /dev/null
+++ b/.appsec-tests/vpatch-CVE-2024-51567/vpatch-CVE-2024-51567.yaml
@@ -0,0 +1,25 @@
+id: vpatch-CVE-2024-51567
+info:
+  name: vpatch-CVE-2024-51567
+  author: crowdsec
+  severity: info
+  description: vpatch-CVE-2024-51567 testing
+  tags: appsec-testing
+http:
+#this is a dummy request, edit the request(s) to match your needs
+  - raw:
+    - |
+      PUT /dataBases/upgrademysqlstatus HTTP/1.1
+      Host: {{Hostname}}
+      Content-Type: application/json
+
+      {
+        "statusFile": "/dev/null; whoami > /tmp/id; #"
+      }
+
+    cookie-reuse: true
+#test will fail because we won't match http status 
+    matchers:
+    - type: status
+      status:
+       - 403
diff --git a/.index.json b/.index.json
index 666c023fb09..c2ba0a6a543 100644
--- a/.index.json
+++ b/.index.json
@@ -2450,6 +2450,34 @@
     "type": "exploit"
    }
   },
+  "crowdsecurity/vpatch-CVE-2024-51567": {
+   "path": "appsec-rules/crowdsecurity/vpatch-CVE-2024-51567.yaml",
+   "version": "0.1",
+   "versions": {
+    "0.1": {
+     "digest": "99ef5af971e1263bdf18201229b8cd004f9aec0643a9ef9dbc824a2e2f5be43a",
+     "deprecated": false
+    }
+   },
+   "content": "Cm5hbWU6IGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTUxNTY3CmRlc2NyaXB0aW9uOiAiQ3liZXJQYW5lbCBSQ0UgKENWRS0yMDI0LTUxNTY3KSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiAvZGF0YWJhc2VzL3VwZ3JhZGVteXNxbHN0YXR1cwogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IFBVVAogICAgLSB6b25lczoKICAgICAgLSBCT0RZX0FSR1MKICAgICAgdHJhbnNmb3JtOgogICAgICAgIC0gbG93ZXJjYXNlCiAgICAgICAgLSB1cmxkZWNvZGUKICAgICAgdmFyaWFibGVzOgogICAgICAgLSBqc29uLnN0YXR1c2ZpbGUKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogJzsnCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkN5YmVyUGFuZWwgUkNFIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyNC01MTU2NwogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtMzA2CiAgIC0gY3dlLkNXRS0yNzY=",
+   "description": "CyberPanel RCE (CVE-2024-51567)",
+   "author": "crowdsecurity",
+   "labels": {
+    "behavior": "http:exploit",
+    "classification": [
+     "cve.CVE-2024-51567",
+     "attack.T1595",
+     "attack.T1190",
+     "cwe.CWE-306",
+     "cwe.CWE-276"
+    ],
+    "confidence": 3,
+    "label": "CyberPanel RCE",
+    "service": "http",
+    "spoofable": 0,
+    "type": "exploit"
+   }
+  },
   "crowdsecurity/vpatch-CVE-2024-8190": {
    "path": "appsec-rules/crowdsecurity/vpatch-CVE-2024-8190.yaml",
    "version": "0.1",
@@ -3348,7 +3376,7 @@
   },
   "crowdsecurity/appsec-virtual-patching": {
    "path": "collections/crowdsecurity/appsec-virtual-patching.yaml",
-   "version": "4.1",
+   "version": "4.2",
    "versions": {
     "0.1": {
      "digest": "a165d638c8d826a932e4ca4e70ec5379d558a0bee1356e871c7c92cc2df714fc",
@@ -3513,10 +3541,14 @@
     "4.1": {
      "digest": "541309db799190b3791bd72fd289cdab50c8ba7d90ae99084918ace0a890050a",
      "deprecated": false
+    },
+    "4.2": {
+     "digest": "db45e9ff4b84538b8402dd1fc57ee137ad14562f15fbd7719f4f5813e824b71a",
+     "deprecated": false
     }
    },
    "long_description": "IyBBcHBTZWMgVmlydHVhbCBQYXRjaGluZwoKVGhpcyBjb2xsZWN0aW9uIGNvbnRhaW5zIHZpcnR1YWwgcGF0Y2hpbmcgZm9yIGNvbW1vbmx5IGV4cGxvaXRlZCB2dWxuZXJhYmlsaXRpZXMsIGFuZCBpcyBpbnNwaXJlZCBieSB0aGUgW0NJU0EgS25vd24gRXhwbG9pdGVkIFZ1bG5lcmFiaWxpdGllcyBDYXRhbG9nXShodHRwczovL3d3dy5jaXNhLmdvdi9rbm93bi1leHBsb2l0ZWQtdnVsbmVyYWJpbGl0aWVzLWNhdGFsb2cpLiBUaGUgZ29hbCBpcyB0byBwcm92aWRlIHZpcnR1YWwgcGF0Y2hpbmcgY2FwYWJpbGl0aWVzIGZvciB0aGUgbW9zdCBvZnRlbiBleHBsb2l0ZWQgdnVsbmVyYWJpbGl0aWVzLCBhdm9pZGluZyBmYWxzZSBwb3NpdGl2ZXMgd2hpbGUgY2F0Y2hpbmcgcGVvcGxlIHNjb3V0aW5nIHlvdXIgYXBwbGljYXRpb25zIGZvciBqdWljeSB2dWxuZXJhYmlsaXRpZXMuCg==",
-   "content": "YXBwc2VjLWNvbmZpZ3M6Ci0gY3Jvd2RzZWN1cml0eS92aXJ0dWFsLXBhdGNoaW5nCi0gY3Jvd2RzZWN1cml0eS9hcHBzZWMtZGVmYXVsdAphcHBzZWMtcnVsZXM6Ci0gY3Jvd2RzZWN1cml0eS9iYXNlLWNvbmZpZwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLWVudi1hY2Nlc3MKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00MDA0NAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE3LTk4NDEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMC0xMTczOAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTI3OTI2Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMzU5MTQKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi00NjE2OQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIwMTk4Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjI1MTUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zMzYxNwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM0MzYyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUxOQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTQyNzkzCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNTAxNjQKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zODIwNQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTI0NDg5Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMzEyOQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIxLTIyOTQxCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTktMTI5ODkKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi00NDg3NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEwNTYyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNjU1MwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEwMDA4NjEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAxOS0xMDAzMDMwCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMjI5NjUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yMzc1MgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTQ5MDcwCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtbGFyYXZlbC1kZWJ1Zy1tb2RlCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjgxMjEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMC0xNzQ5NgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTEzODkKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy03MDI4Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDY4MDUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yMzg5NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIyNTI3Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUwNzgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zNTA4MgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTIyOTU0Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMTIxMgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLXN5bWZvbnktcHJvZmlsZXIKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1jb25uZWN0d2lzZS1hdXRoLWJ5cGFzcwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTIyMDI0Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjcxOTgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zMjczCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtNDU3NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI5ODQ5Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDcyMTgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1naXQtY29uZmlnCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMzIxMTMKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zMjcyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjgyNTUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yOTgyNAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI3MzQ4Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjAtNTkwMgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEzMzc5Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMjYxMzQKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zNDEwMgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI5OTczCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItNDEwODIKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAxOS0xODkzNQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTgxOTAKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yODk4NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTM4ODU2Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTgtMjAwNjIKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMS0yNjA4NgphdXRob3I6IGNyb3dkc2VjdXJpdHkKY29udGV4dHM6Ci0gY3Jvd2RzZWN1cml0eS9hcHBzZWNfYmFzZQpkZXNjcmlwdGlvbjogYSBnZW5lcmljIHZpcnR1YWwgcGF0Y2hpbmcgY29sbGVjdGlvbiwgc3VpdGFibGUgZm9yIG1vc3Qgd2ViIHNlcnZlcnMuCm5hbWU6IGNyb3dkc2VjdXJpdHkvYXBwc2VjLXZpcnR1YWwtcGF0Y2hpbmcKcGFyc2VyczoKLSBjcm93ZHNlY3VyaXR5L2FwcHNlYy1sb2dzCnNjZW5hcmlvczoKLSBjcm93ZHNlY3VyaXR5L2FwcHNlYy12cGF0Y2gK",
+   "content": "YXBwc2VjLWNvbmZpZ3M6Ci0gY3Jvd2RzZWN1cml0eS92aXJ0dWFsLXBhdGNoaW5nCi0gY3Jvd2RzZWN1cml0eS9hcHBzZWMtZGVmYXVsdAphcHBzZWMtcnVsZXM6Ci0gY3Jvd2RzZWN1cml0eS9iYXNlLWNvbmZpZwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLWVudi1hY2Nlc3MKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy00MDA0NAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE3LTk4NDEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMC0xMTczOAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTI3OTI2Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMzU5MTQKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi00NjE2OQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIwMTk4Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjI1MTUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zMzYxNwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM0MzYyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUxOQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTQyNzkzCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNTAxNjQKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zODIwNQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTI0NDg5Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMzEyOQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIxLTIyOTQxCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTktMTI5ODkKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMi00NDg3NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEwNTYyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNjU1MwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEwMDA4NjEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAxOS0xMDAzMDMwCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMjI5NjUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0yMzc1MgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTQ5MDcwCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtbGFyYXZlbC1kZWJ1Zy1tb2RlCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjgxMjEKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMC0xNzQ5NgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTEzODkKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy03MDI4Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDY4MDUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yMzg5NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTIyNTI3Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUwNzgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMy0zNTA4MgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIyLTIyOTU0Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMTIxMgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLXN5bWZvbnktcHJvZmlsZXIKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1jb25uZWN0d2lzZS1hdXRoLWJ5cGFzcwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTIyMDI0Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjcxOTgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zMjczCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtNDU3NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI5ODQ5Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDcyMTgKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1naXQtY29uZmlnCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMzIxMTMKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zMjcyCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjQtMjgyNTUKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yOTgyNAotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI3MzQ4Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjAtNTkwMgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDE4LTEzMzc5Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMjYxMzQKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0zNDEwMgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTI5OTczCi0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItNDEwODIKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAxOS0xODkzNQotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTgxOTAKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyNC0yODk4NwotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTM4ODU2Ci0gY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTgtMjAwNjIKLSBjcm93ZHNlY3VyaXR5L3ZwYXRjaC1DVkUtMjAyMS0yNjA4NgotIGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDI0LTUxNTY3CmF1dGhvcjogY3Jvd2RzZWN1cml0eQpjb250ZXh0czoKLSBjcm93ZHNlY3VyaXR5L2FwcHNlY19iYXNlCmRlc2NyaXB0aW9uOiBhIGdlbmVyaWMgdmlydHVhbCBwYXRjaGluZyBjb2xsZWN0aW9uLCBzdWl0YWJsZSBmb3IgbW9zdCB3ZWIgc2VydmVycy4KbmFtZTogY3Jvd2RzZWN1cml0eS9hcHBzZWMtdmlydHVhbC1wYXRjaGluZwpwYXJzZXJzOgotIGNyb3dkc2VjdXJpdHkvYXBwc2VjLWxvZ3MKc2NlbmFyaW9zOgotIGNyb3dkc2VjdXJpdHkvYXBwc2VjLXZwYXRjaAo=",
    "description": "a generic virtual patching collection, suitable for most web servers.",
    "author": "crowdsecurity",
    "labels": null,
@@ -3592,7 +3624,8 @@
     "crowdsecurity/vpatch-CVE-2024-28987",
     "crowdsecurity/vpatch-CVE-2024-38856",
     "crowdsecurity/vpatch-CVE-2018-20062",
-    "crowdsecurity/vpatch-CVE-2021-26086"
+    "crowdsecurity/vpatch-CVE-2021-26086",
+    "crowdsecurity/vpatch-CVE-2024-51567"
    ],
    "appsec-configs": [
     "crowdsecurity/virtual-patching",
@@ -12993,7 +13026,7 @@
   },
   "crowdsecurity/http-bf-wordpress_bf_xmlrpc": {
    "path": "scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml",
-   "version": "0.2",
+   "version": "0.3",
    "versions": {
     "0.1": {
      "digest": "d4a3456d8fc2edb27b895967f79053f649b943f043763369d437d5c55591c402",
@@ -13002,11 +13035,15 @@
     "0.2": {
      "digest": "c3da65b418bd36dc8e26aaf7c620f7629c60a65b34115525b9c93e6312d261b2",
      "deprecated": false
+    },
+    "0.3": {
+     "digest": "4a7ba422a97b70dead7259ff98f733ae25d8130baed6c66835cef351bfd8fc7a",
+     "deprecated": false
     }
    },
    "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIHdvcmRwcmVzcyBBUEkgJ3htbHJwYy5waHAnLgoKKipXYXJuaW5nKio6IFNvbWUgcGx1Z2luIGhlYXZpbHkgcmVseSBvbiB0aGUgeG1scnBjLCBieSBlbmFibGluZyB0aGlzIHNjZW5hcmlvIHlvdSBjb3VsZCBibG9jayB5b3VyIG93biBzZXJ2ZXIuCkJlIHN1cmUgdG8gY2hlY2sgdGhlIHNvdXJjZSBvZiB0aGUgY2FsbHMgb24gdGhlIFhNTFJQQyBBUEkgYmVmb3JlIGVuYWJsaW5nIHRoaXMuCgpsZWFrc3BlZWQgb2YgMm0sIGNhcGFjaXR5IG9mIDUK",
-   "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWJmLXdvcmRwcmVzc19iZl94bWxycGMKZGVzY3JpcHRpb246ICJkZXRlY3Qgd29yZHByZXNzIGJydXRlZm9yY2Ugb24geG1scnBjIgpkZWJ1ZzogZmFsc2UKIyBYTUxSUEMgYWx3YXlzIHJldHVybnMgMjAwCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdodHRwX2FjY2Vzcy1sb2cnICYmIGV2dC5QYXJzZWQuZmlsZV9uYW1lID09ICd4bWxycGMucGhwJyAmJiBldnQuUGFyc2VkLnZlcmIgPT0gJ1BPU1QnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAybQpibGFja2hvbGU6IDVtCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTExMAogIGJlaGF2aW9yOiAiaHR0cDpicnV0ZWZvcmNlIgogIGxhYmVsOiAiV1AgWE1MUlBDIGJydXRlZm9yY2UiCiAgc2VydmljZTogd29yZHByZXNzCiAgcmVtZWRpYXRpb246IHRydWUK",
-   "description": "detect wordpress bruteforce on xmlrpc",
+   "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWJmLXdvcmRwcmVzc19iZl94bWxycGMKZGVzY3JpcHRpb246ICJEZXRlY3QgV29yZFByZXNzIGJydXRlZm9yY2Ugb24gWE1MLVJQQyBlbmRwb2ludCIKZGVidWc6IGZhbHNlCiMgWE1MUlBDIGFsd2F5cyByZXR1cm5zIDIwMApmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnaHR0cF9hY2Nlc3MtbG9nJyAmJiBldnQuUGFyc2VkLmZpbGVfbmFtZSA9PSAneG1scnBjLnBocCcgJiYgZXZ0LlBhcnNlZC52ZXJiID09ICdQT1NUJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiA1CmxlYWtzcGVlZDogMm0KYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExMTAKICBiZWhhdmlvcjogImh0dHA6YnJ1dGVmb3JjZSIKICBsYWJlbDogIldQIFhNTFJQQyBicnV0ZWZvcmNlIgogIHNlcnZpY2U6IHdvcmRwcmVzcwogIHJlbWVkaWF0aW9uOiB0cnVlCg==",
+   "description": "Detect WordPress bruteforce on XML-RPC endpoint",
    "author": "crowdsecurity",
    "labels": {
     "behavior": "http:bruteforce",
@@ -13835,16 +13872,20 @@
   },
   "crowdsecurity/impossible-travel": {
    "path": "scenarios/crowdsecurity/impossible-travel.yaml",
-   "version": "0.1",
+   "version": "0.2",
    "versions": {
     "0.1": {
      "digest": "9f25e866bd1bd232b68e9533cf60d85cd852bac91ec325978e3e9ebd81b4c3f7",
      "deprecated": false
+    },
+    "0.2": {
+     "digest": "e7dc7372fd0b5c47df7712228ee252b3c97968cd2448c4b136f160a998393b18",
+     "deprecated": false
     }
    },
    "long_description": "R2VuZXJpYyBpbXBsZW1lbnRhdGlvbiBvZiBpbXBvc3NpYmxlIHRyYXZlbCB0byBkZXRlY3QgdXNlcnMgbG9nZ2luZyBpbiBmcm9tIHR3byBkaWZmZXJlbnQgbG9jYXRpb25zIGluIGEgc2hvcnQgcGVyaW9kIG9mIHRpbWUuIElmIHlvdSB3aXNoIHdyaXRlIGEgcGFyc2VyIHRvIGZhbGwgaW50byB0aGlzIGdlbmVyaWMgYnVja2V0IHlvdSBtdXN0IHNldCB0aGUgZm9sbG93aW5nIGF0dHJpYnV0ZXMgb24gdGhlIGBtZXRhYCBvYmplY3Q6CgotIGBsb2dfdHlwZWA6IGBhdXRoX3N1Y2Nlc3NgCi0gYHNvdXJjZV9pcGA6IHRoZSBJUCBhZGRyZXNzCi0gYHVzZXJgOiB0aGUgdXNlciB0aGF0IGxvZ2dlZCBpbgotIGBzZXJ2aWNlYDogdGhlIHNlcnZpY2UgdGhlIHVzZXIgbG9nZ2VkIGluIHRvIEVHIGBzc2hgCgpJdCBpcyBpbXBvcnRhbnQgdG8gc2V0IHRoZSBgc2VydmljZWAgYXR0cmlidXRlIGFzIHRoaXMgaXMgaG93IHRoZSBidWNrZXRzIGFyZSBzZXBhcmF0ZWQuIElmIHlvdSBkbyBub3Qgc2V0IHRoZSBgc2VydmljZWAgYXR0cmlidXRlLCBhbGwgdGhlIGV2ZW50cyBmb3IgdGhlIHNhbWUgdXNlciB3aWxsIGZhbGwgaW50byB0aGUgc2FtZSBidWNrZXQgbm90IG1hdHRlciBpZiBpdCB3YXMgYSBkaWZmZXJlbnQgc2VydmljZSB3aGljaCBjb3VsZCBsZWFkIHRvIGZhbHNlIHBvc2l0aXZlcy4=",
-   "content": "IyMgR2VuZXJpYyBidWNrZXQgdG8gaGFuZGxlIGltcG9zc2libGUgdHJhdmVsIGZvciBhdXRoZW50aWNhdGlvbgp0eXBlOiBjb25kaXRpb25hbApuYW1lOiBjcm93ZHNlY3VyaXR5L2ltcG9zc2libGUtdHJhdmVsCmRlc2NyaXB0aW9uOiAiaW1wb3NzaWJsZSB0cmF2ZWwiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdhdXRoX3N1Y2Nlc3MnICYmIGV2dC5NZXRhLnVzZXIgbm90IGluIFsnJywgbmlsXSIKZ3JvdXBieTogImV2dC5NZXRhLnNlcnZpY2UgKyBldnQuTWV0YS51c2VyIgojIFRvIG1ha2UgaXQgZ2VuZXJpYyB3ZSBjb25jYXRlbmF0ZSB0aGUgc2VydmljZSBuYW1lIGFuZCB0aGUgdXNlcgpjYXBhY2l0eTogLTEKY29uZGl0aW9uOiB8CiAgICBsZW4ocXVldWUuUXVldWUpID49IDIgCiAgICBhbmQgRGlzdGFuY2UocXVldWUuUXVldWVbLTFdLkVucmljaGVkLkxhdGl0dWRlLCBxdWV1ZS5RdWV1ZVstMV0uRW5yaWNoZWQuTG9uZ2l0dWRlLAogICAgcXVldWUuUXVldWVbLTJdLkVucmljaGVkLkxhdGl0dWRlLCBxdWV1ZS5RdWV1ZVstMl0uRW5yaWNoZWQuTG9uZ2l0dWRlKSA+IDEwMDAKbGVha3NwZWVkOiAzaApsYWJlbHM6CiAgcmVtZWRpYXRpb246IGZhbHNlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTA3OAogIGJlaGF2aW9yOiAiYXV0aDpzdWNjZXNzZnVsIgogIGxhYmVsOiAiSW1wb3NzaWJsZSB0cmF2ZWwiCiAgc3Bvb2ZhYmxlOiAwCiAgc2VydmljZTogYXV0aGVudGljYXRpb24KICBjb25maWRlbmNlOiAz",
-   "description": "impossible travel",
+   "content": "IyMgR2VuZXJpYyBidWNrZXQgdG8gaGFuZGxlIGltcG9zc2libGUgdHJhdmVsIGZvciBhdXRoZW50aWNhdGlvbgp0eXBlOiBjb25kaXRpb25hbApuYW1lOiBjcm93ZHNlY3VyaXR5L2ltcG9zc2libGUtdHJhdmVsCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEltcG9zc2libGUgVHJhdmVsIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnYXV0aF9zdWNjZXNzJyAmJiBldnQuTWV0YS51c2VyIG5vdCBpbiBbJycsIG5pbF0iCmdyb3VwYnk6ICJldnQuTWV0YS5zZXJ2aWNlICsgZXZ0Lk1ldGEudXNlciIKIyBUbyBtYWtlIGl0IGdlbmVyaWMgd2UgY29uY2F0ZW5hdGUgdGhlIHNlcnZpY2UgbmFtZSBhbmQgdGhlIHVzZXIKY2FwYWNpdHk6IC0xCmNvbmRpdGlvbjogfAogICAgbGVuKHF1ZXVlLlF1ZXVlKSA+PSAyIAogICAgYW5kIERpc3RhbmNlKHF1ZXVlLlF1ZXVlWy0xXS5FbnJpY2hlZC5MYXRpdHVkZSwgcXVldWUuUXVldWVbLTFdLkVucmljaGVkLkxvbmdpdHVkZSwKICAgIHF1ZXVlLlF1ZXVlWy0yXS5FbnJpY2hlZC5MYXRpdHVkZSwgcXVldWUuUXVldWVbLTJdLkVucmljaGVkLkxvbmdpdHVkZSkgPiAxMDAwCmxlYWtzcGVlZDogM2gKbGFiZWxzOgogIHJlbWVkaWF0aW9uOiBmYWxzZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDEwNzgKICBiZWhhdmlvcjogImF1dGg6c3VjY2Vzc2Z1bCIKICBsYWJlbDogIkltcG9zc2libGUgdHJhdmVsIgogIHNwb29mYWJsZTogMAogIHNlcnZpY2U6IGF1dGhlbnRpY2F0aW9uCiAgY29uZmlkZW5jZTogMw==",
+   "description": "Detect Impossible Travel",
    "author": "crowdsecurity",
    "labels": {
     "behavior": "auth:successful",
@@ -13885,7 +13926,7 @@
   },
   "crowdsecurity/iptables-scan-multi_ports": {
    "path": "scenarios/crowdsecurity/iptables-scan-multi_ports.yaml",
-   "version": "0.2",
+   "version": "0.3",
    "versions": {
     "0.1": {
      "digest": "85bd908ec6efae802035e4553f5dd41e4d5b6b53b2f237dd256533965bd44cd7",
@@ -13894,11 +13935,15 @@
     "0.2": {
      "digest": "af7ec1e0af8a778d80f6de3c8d28c15fdce53882e7cd5c8e3291e397b6ac4985",
      "deprecated": false
+    },
+    "0.3": {
+     "digest": "81fc1dfd47c1b2ee6874af937e6755fbe80930cf4733b8fa2cb5c5cb031ba3b6",
+     "deprecated": false
     }
    },
    "long_description": "RGV0ZWN0cyBhIHBvcnQgc2NhbiA6IGRldGVjdHMgaWYgYSBzaW5nbGUgSVAgYXR0ZW1wdHMgY29ubmVjdGlvbiB0byBtYW55IGRpZmZlcmVudCBwb3J0cy4KCkxlYWtzcGVlZCBvZiA1cywgY2FwYWNpdHkgb2YgMTUuCg==",
-   "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9pcHRhYmxlcy1zY2FuLW11bHRpX3BvcnRzCmRlc2NyaXB0aW9uOiAiYmFuIElQcyB0aGF0IGFyZSBzY2FubmluZyB1cyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2lwdGFibGVzX2Ryb3AnICYmIGV2dC5NZXRhLnNlcnZpY2UgPT0gJ3RjcCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0LlBhcnNlZC5kc3RfcG9ydApjYXBhY2l0eTogMTUKbGVha3NwZWVkOiA1cwpibGFja2hvbGU6IDFtCmxhYmVsczoKICByZW1lZGlhdGlvbjogdHJ1ZQogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUuMDAxCiAgICAtIGF0dGFjay5UMTAxOAogICAgLSBhdHRhY2suVDEwNDYKICBiZWhhdmlvcjogInRjcDpzY2FuIgogIGxhYmVsOiAiVENQIFBvcnQgU2NhbiIKICBzcG9vZmFibGU6IDMKICBjb25maWRlbmNlOiAxCg==",
-   "description": "ban IPs that are scanning us",
+   "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9pcHRhYmxlcy1zY2FuLW11bHRpX3BvcnRzCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGFnZ3Jlc3NpdmUgcG9ydHNjYW5zIgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnaXB0YWJsZXNfZHJvcCcgJiYgZXZ0Lk1ldGEuc2VydmljZSA9PSAndGNwJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiBldnQuUGFyc2VkLmRzdF9wb3J0CmNhcGFjaXR5OiAxNQpsZWFrc3BlZWQ6IDVzCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NS4wMDEKICAgIC0gYXR0YWNrLlQxMDE4CiAgICAtIGF0dGFjay5UMTA0NgogIGJlaGF2aW9yOiAidGNwOnNjYW4iCiAgbGFiZWw6ICJUQ1AgUG9ydCBTY2FuIgogIHNwb29mYWJsZTogMwogIGNvbmZpZGVuY2U6IDEK",
+   "description": "Detect aggressive portscans",
    "author": "crowdsecurity",
    "labels": {
     "behavior": "tcp:scan",
@@ -15628,7 +15673,7 @@
   },
   "firewallservices/pf-scan-multi_ports": {
    "path": "scenarios/firewallservices/pf-scan-multi_ports.yaml",
-   "version": "0.4",
+   "version": "0.5",
    "versions": {
     "0.1": {
      "digest": "d650a9e64532d14a46dcf5bfc952b0a0eb1825efdb07a179069d9c7f8f185d78",
@@ -15645,11 +15690,15 @@
     "0.4": {
      "digest": "a8017247b648a5b731414ea6e7923b12d8da86ae0be535b96aa122ac65653b1f",
      "deprecated": false
+    },
+    "0.5": {
+     "digest": "cc7db3dfe4ceb18e39de969a641e66d7f0279120695a43ad55e51dcca036a34d",
+     "deprecated": false
     }
    },
    "long_description": "RGV0ZWN0cyBUQ1AgcG9ydCBzY2FuIDogZGV0ZWN0cyBpZiBhIHNpbmdsZSBJUCBhdHRlbXB0cyBjb25uZWN0aW9uIHRvIG1hbnkgZGlmZmVyZW50IHBvcnRzLgoKTGVha3NwZWVkIG9mIDVzLCBjYXBhY2l0eSBvZiAxNS4K",
-   "content": "dHlwZTogbGVha3kKbmFtZTogZmlyZXdhbGxzZXJ2aWNlcy9wZi1zY2FuLW11bHRpX3BvcnRzCmRlc2NyaXB0aW9uOiAiYmFuIElQcyB0aGF0IGFyZSBzY2FubmluZyB1cyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3BmX2Ryb3AnICYmIGV2dC5NZXRhLnNlcnZpY2UgPT0gJ3RjcCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0LlBhcnNlZC5kc3RfcG9ydApjYXBhY2l0eTogMTUKbGVha3NwZWVkOiA1cwpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiB0Y3AKICBjb25maWRlbmNlOiAxCiAgc3Bvb2ZhYmxlOiAzCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NS4wMDEKICAgIC0gYXR0YWNrLlQxMDE4CiAgICAtIGF0dGFjay5UMTA0NgogIGJlaGF2aW9yOiAidGNwOnNjYW4iCiAgbGFiZWw6ICJQRiBTY2FuIE11bHRpIFBvcnRzIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==",
-   "description": "ban IPs that are scanning us",
+   "content": "dHlwZTogbGVha3kKbmFtZTogZmlyZXdhbGxzZXJ2aWNlcy9wZi1zY2FuLW11bHRpX3BvcnRzCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGFnZ3Jlc3NpdmUgcG9ydHNjYW5zIChwZikiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdwZl9kcm9wJyAmJiBldnQuTWV0YS5zZXJ2aWNlID09ICd0Y3AnIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKZGlzdGluY3Q6IGV2dC5QYXJzZWQuZHN0X3BvcnQKY2FwYWNpdHk6IDE1CmxlYWtzcGVlZDogNXMKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiAgc2VydmljZTogdGNwCiAgY29uZmlkZW5jZTogMQogIHNwb29mYWJsZTogMwogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDE1OTUuMDAxCiAgICAtIGF0dGFjay5UMTAxOAogICAgLSBhdHRhY2suVDEwNDYKICBiZWhhdmlvcjogInRjcDpzY2FuIgogIGxhYmVsOiAiUEYgU2NhbiBNdWx0aSBQb3J0cyIKICByZW1lZGlhdGlvbjogdHJ1ZQo=",
+   "description": "Detect aggressive portscans (pf)",
    "author": "firewallservices",
    "labels": {
     "behavior": "tcp:scan",
diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2024-51567.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2024-51567.yaml
new file mode 100644
index 00000000000..1aff8aaf277
--- /dev/null
+++ b/appsec-rules/crowdsecurity/vpatch-CVE-2024-51567.yaml
@@ -0,0 +1,40 @@
+
+name: crowdsecurity/vpatch-CVE-2024-51567
+description: "CyberPanel RCE (CVE-2024-51567)"
+rules:
+  - and:
+    - zones:
+      - URI
+      transform:
+      - lowercase
+      match:
+        type: equals
+        value: /databases/upgrademysqlstatus
+    - zones:
+      - METHOD
+      match:
+        type: equals
+        value: PUT
+    - zones:
+      - BODY_ARGS
+      transform:
+        - lowercase
+        - urldecode
+      variables:
+       - json.statusfile
+      match:
+        type: contains
+        value: ';'
+labels:
+  type: exploit
+  service: http
+  confidence: 3
+  spoofable: 0
+  behavior: "http:exploit"
+  label: "CyberPanel RCE"
+  classification:
+   - cve.CVE-2024-51567
+   - attack.T1595
+   - attack.T1190
+   - cwe.CWE-306
+   - cwe.CWE-276
\ No newline at end of file
diff --git a/collections/crowdsecurity/appsec-virtual-patching.yaml b/collections/crowdsecurity/appsec-virtual-patching.yaml
index f9c7276508d..5ef83ba1848 100644
--- a/collections/crowdsecurity/appsec-virtual-patching.yaml
+++ b/collections/crowdsecurity/appsec-virtual-patching.yaml
@@ -68,6 +68,7 @@ appsec-rules:
 - crowdsecurity/vpatch-CVE-2024-38856
 - crowdsecurity/vpatch-CVE-2018-20062
 - crowdsecurity/vpatch-CVE-2021-26086
+- crowdsecurity/vpatch-CVE-2024-51567
 author: crowdsecurity
 contexts:
 - crowdsecurity/appsec_base
diff --git a/scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml b/scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml
index b19c1c9b843..e7315208d62 100644
--- a/scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml
+++ b/scenarios/crowdsecurity/http-bf-wordpress_bf_xmlrpc.yaml
@@ -1,6 +1,6 @@
 type: leaky
 name: crowdsecurity/http-bf-wordpress_bf_xmlrpc
-description: "detect wordpress bruteforce on xmlrpc"
+description: "Detect WordPress bruteforce on XML-RPC endpoint"
 debug: false
 # XMLRPC always returns 200
 filter: "evt.Meta.log_type == 'http_access-log' && evt.Parsed.file_name == 'xmlrpc.php' && evt.Parsed.verb == 'POST'"
diff --git a/scenarios/crowdsecurity/impossible-travel.yaml b/scenarios/crowdsecurity/impossible-travel.yaml
index 1ec6745ea5c..5df137184dd 100644
--- a/scenarios/crowdsecurity/impossible-travel.yaml
+++ b/scenarios/crowdsecurity/impossible-travel.yaml
@@ -1,7 +1,7 @@
 ## Generic bucket to handle impossible travel for authentication
 type: conditional
 name: crowdsecurity/impossible-travel
-description: "impossible travel"
+description: "Detect Impossible Travel"
 filter: "evt.Meta.log_type == 'auth_success' && evt.Meta.user not in ['', nil]"
 groupby: "evt.Meta.service + evt.Meta.user"
 # To make it generic we concatenate the service name and the user
diff --git a/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml b/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml
index b9c7e26a229..593c0ec02c2 100644
--- a/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml
+++ b/scenarios/crowdsecurity/iptables-scan-multi_ports.yaml
@@ -1,6 +1,6 @@
 type: leaky
 name: crowdsecurity/iptables-scan-multi_ports
-description: "ban IPs that are scanning us"
+description: "Detect aggressive portscans"
 filter: "evt.Meta.log_type == 'iptables_drop' && evt.Meta.service == 'tcp'"
 groupby: evt.Meta.source_ip
 distinct: evt.Parsed.dst_port
diff --git a/scenarios/firewallservices/pf-scan-multi_ports.yaml b/scenarios/firewallservices/pf-scan-multi_ports.yaml
index e745f3ecac6..a189240dd77 100644
--- a/scenarios/firewallservices/pf-scan-multi_ports.yaml
+++ b/scenarios/firewallservices/pf-scan-multi_ports.yaml
@@ -1,6 +1,6 @@
 type: leaky
 name: firewallservices/pf-scan-multi_ports
-description: "ban IPs that are scanning us"
+description: "Detect aggressive portscans (pf)"
 filter: "evt.Meta.log_type == 'pf_drop' && evt.Meta.service == 'tcp'"
 groupby: evt.Meta.source_ip
 distinct: evt.Parsed.dst_port
diff --git a/taxonomy/scenarios.json b/taxonomy/scenarios.json
index 0706f1ecee5..6c277c906a1 100644
--- a/taxonomy/scenarios.json
+++ b/taxonomy/scenarios.json
@@ -1550,6 +1550,29 @@
       "CWE-707"
     ]
   },
+  "crowdsecurity/vpatch-CVE-2024-51567": {
+    "name": "crowdsecurity/vpatch-CVE-2024-51567",
+    "description": "CyberPanel RCE (CVE-2024-51567)",
+    "label": "CyberPanel RCE",
+    "behaviors": [
+      "http:exploit"
+    ],
+    "mitre_attacks": [
+      "TA0043:T1595",
+      "TA0001:T1190"
+    ],
+    "confidence": 3,
+    "spoofable": 0,
+    "cti": true,
+    "service": "http",
+    "cves": [
+      "CVE-2024-51567"
+    ],
+    "cwes": [
+      "CWE-306",
+      "CWE-276"
+    ]
+  },
   "crowdsecurity/vpatch-CVE-2024-8190": {
     "name": "crowdsecurity/vpatch-CVE-2024-8190",
     "description": "Ivanti Cloud Services Appliance - RCE (CVE-2024-8190)",