Skip to content
  • There are no suggestions because the search field is empty.

2026-07-02: More detail, richer API data, and clearer remediation tracking

Reproduce and fix web vulnerabilities faster with complete details

We've made it significantly easier to understand, reproduce, and remediate web vulnerabilities. Each finding now includes the complete technical detail - headers and payloads included - giving your security and development teams everything they need to reproduce the issue and implement the right fix.  

  • Full headers and payloads included
    Every web vulnerability now surfaces the request headers and payloads used during detection, removing the guesswork from reproduction and cutting down the back-and-forth between security and development teams.
  • Faster path to remediation
    With all technical details available directly on the vulnerability, developers can reproduce the exact conditions that triggered the finding - making it easier to validate the issue, build the fix, and confirm it's resolved.
  • Fewer tools, less context-switching
    Instead of piecing together details from scan logs or external tools, everything you need to act on a web vulnerability is now in one place inside Security Center.

Read how to reproduce vulnerabilities here.

Reproduce vulnerabilities

EPSS, asset risk scores, and device vulnerabilities - now in the API

We've expanded the API to surface key risk and vulnerability data that was previously available only in Security Center. Exploit Prediction Scoring System (EPSS) scores and asset risk scores are now available as enrichment on both asset and vulnerability endpoints, and vulnerabilities detected by device agents can now be listed through the API as well. Whether you're building integrations, feeding data into a SIEM or ticketing system, or automating risk-based prioritization workflows, these additions give you direct programmatic access to the data points that matter most.

  • EPSS scores in the API
    Every vulnerability returned by the API now includes its EPSS score, giving your integrations access to exploit likelihood data - so you can build automations that prioritize based on real-world threat activity, not just severity ratings.
  • Asset risk scores in the API
    Asset-level risk scores are now available as an enrichment on asset endpoints, making it straightforward to pull prioritized asset data into dashboards, reports, or orchestration workflows outside of Security Center.
  • Device agent vulnerabilities in the API
    Vulnerabilities discovered through device agents are now included in API responses alongside network-scanned findings - giving you a complete view of your vulnerability landscape through a single integration point.
Port-level vulnerability status at a glance

The ports selector on network vulnerabilities now displays the status of each port - such as Fixed, Reopened, or New - directly in the view. The list of ports also respects your active filters, so you can quickly narrow down to the ports that still need attention.

  • Status visibility per port
    Instantly see which ports have been resolved, which have reopened, and which are newly discovered - without clicking into each one individually.
  • Filter-aware selector
    The ports selector now responds to your active filters, making it easy to focus on what matters - for example, showing only ports with open or reopened vulnerabilities to prioritize your remediation efforts.

Port level vulnerability status

Detection vs. Fixed widget returns - now with team and tag scoping

The Detection vs. Fixed widget is back, now enhanced with the ability to scope data by tags and teams. See the balance between newly detected and resolved vulnerabilities, filtered by team or tag, so you can go beyond account-wide averages and dig into the metrics that matter most - whether that's a particular team's remediation pace or how vulnerabilities are trending across a defined set of assets.

    This widget will make its way to your dashboard soon.

    Detected v. Fixed vulnerabilities

    *This corrects our initial communication, which indicated that the Mean Time to Resolution (MTTR) widget was also included in this release. It is not part of this release.

    Full hostname visibility and primary hostname selection on network assets

    Network assets now display all associated hostnames directly on the asset, giving you a complete picture of how each asset is identified across your environment. You can also select which hostname should act as the primary - making it easier to keep asset naming consistent and aligned with how your team refers to them.

    • All hostnames in one place
      Every hostname associated with a network asset is now visible on the asset itself, so you no longer need to cross-reference multiple sources to understand the full identity of an asset.
    • Set a primary hostname
      Choose which hostname should be treated as the primary identifier for each asset. This is especially useful in environments where assets are reachable under multiple names, ensuring reports, dashboards, and vulnerability views reflect the naming convention your team actually uses.

    Full hostname visibility

    Additional enhancements

    • The Team selector is now searchable, making it easy to identify selections when you have many teams created.
    • We've improved the re-scan experience for hostnames so the hostname is now preserved properly.
    • The web scan is getting an update to better identify duplicate content, which should reduce scan time on certain targets.