Find known CVEs across every internet-facing service.

Vulnerabilities are the alerts most security teams reach for first — and they're the easiest to act on, because every CVE comes with a public advisory and a patch. Nano EASM identifies CVEs in services running on your discovered assets so you don't have to maintain a separate vulnerability scanner.

What we detect

• Critical and high-severity CVEs in web servers, application servers, message brokers, and databases.
• Marquee CVEs that come up in real-world breach reports — Log4Shell, Spring4Shell, ProxyShell, CitrixBleed, MOVEit, and equivalents going back several years.
• Software versions that have reached end-of-life and no longer receive security patches.
• CVE chains where multiple weaknesses combine into a higher-impact exploit.

Why it matters

External CVEs are the public attacker's favourite starting point because they're widely exploitable, well-documented, and almost always have a working exploit on the open internet within days of disclosure. The window between a CVE going public and exploitation in the wild is now measured in hours for high-impact issues. Catching them on the assets you control — including the ones IT didn't tell you about — closes that window.

How Nano EASM detects it

Asset discovery identifies internet-facing services on your domains and IPs. The HTTP, SSL, and Nmap engines fingerprint each service to capture vendor, product, and version. The Nuclei engine then runs template-based detection against those services, looking for the specific request/response signatures that indicate an exploitable CVE — not just version-string matching, which is noisy and unreliable. Findings come with a CVE ID, CVSS score, and an evidence snippet showing what was matched.

Common scenarios