ISO 27001:2022 A.8.8
Management of technical vulnerabilities
UnveilScan findings mapped to this control
The scanner emits 13 distinct findings on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).
web.cisa_kev
⏱ 1 day
WEB — Cisa kev
Risk if ignored: CISA KEV lists CVEs with documented active exploitation. Delay = compromise — US federal agencies have hard-deadline patching for this list.
security legal
web.cve_2022_22965_spring4shell
⏱ 4h
WEB — Cve 2022 22965 spring4shell
Risk if ignored: Remote code execution on a Spring backend is trivial with publicly documented payloads.
security
web.drupal_outdated_core
⏱ 4h
WEB — Drupal outdated core
Risk if ignored: Drupal majors hit End-of-Life on a fixed calendar (D7/D8/D9 all EOL). The Drupalgeddon CVE family specifically targets unpatched cores, and core SQLi / RCE bugs surface every few months in supported branches too.
security operational
web.joomla_outdated_core
⏱ 4h
WEB — Joomla outdated core
Risk if ignored: Joomla 3.x is EOL since 2023-08 (no security patches). Joomla 4.x EOL is scheduled mid-2027. Outdated cores accumulate unpatched CVEs in core + bundled extensions.
security operational
web.js_lib_cve
⏱ 15 min
WEB — Js lib cve
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
web.leak.composer_lock
⏱ 15 min
WEB — Leak.composer lock
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.leak.package_lock
⏱ 15 min
WEB — Leak.package lock
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.leak.yarn_lock
⏱ 15 min
WEB — Leak.yarn lock
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
Also maps to 1 other control
web.magento_outdated_core
⏱ 18 weeks
WEB — Magento outdated core
Risk if ignored: Magento 1 is EOL since 2020-06-30 — no Adobe patches. Several large-scale Magecart breaches (Sansec CardBleed, others) specifically targeted unpatched M1 hosts. PCI-DSS compliance is impossible on an unsupported platform.
security financial legal
web.prestashop_outdated_core
⏱ 1 day
WEB — Prestashop outdated core
Risk if ignored: PrestaShop 1.6 / 1.7 are EOL. Several SmartBlog / WeBuy SQLi + RCE CVEs from 2022-2024 specifically targeted outdated installs. Card skimmer injections are the dominant exploitation outcome.
security financial
web.shodan_cve_exposure
⏱ 2h
WEB — Shodan cve exposure
Risk if ignored: Each CVE published on NVD is a hard signal for opportunistic attackers (Nuclei templates, Metasploit modules). Expect scripted exploitation attempts within hours of a CVE hitting KEV.
security operational
web.tech_cve
⏱ 15 min
WEB — Tech cve
Risk if ignored: Low impact, mostly a maturity signal. Fix when you next touch this area.
operational
web.wp_outdated_core
⏱ 30 min
WEB — Wp outdated core
Risk if ignored: Outdated WP core ships unpatched CVEs disclosed in subsequent releases. Most exploited WP CVEs target installs that lag a single minor version. If auto-updates are off, every fortnight increases exposure.
security operational