Issue detail panel — full view showing severity badge, CVSS score, Attack vector, Attack complexity, Privileges required, User interaction, Exploit likelihood, CVEs, Remediation, and Description sections.

Severity and CVSS score

The badge at the top shows the severity level: CRITICAL, HIGH, MEDIUM, or LOW.

The number next to it is the CVSS score (Common Vulnerability Scoring System) — a standardized 0–10 scale used across the security industry to rate the intrinsic severity of a vulnerability. Higher scores indicate greater potential impact.

Highest CVSS score is shown when an issue has multiple CVEs — it displays the worst-case score across all of them.

Attack characteristics

FieldWhat it means
Attack vectorHow the vulnerability is reached: Network (remotely exploitable), Adjacent, Local, or Physical
Attack complexityHow difficult it is to exploit: Low (straightforward) or High (requires specific conditions)
Privileges requiredWhether an attacker needs prior access: None, Low, or High
User interactionWhether a victim needs to take an action for the exploit to succeed

Exploit likelihood

A signal specific to Topscan indicating how probable it is that this vulnerability is actively being exploited in the wild. Ratings range from Low to High.

When Exploit Known is shown on an issue, a working public exploit exists. These should be prioritized regardless of CVSS score.

CVEs

Links to the CVE identifiers associated with this issue (e.g. CVE-2022-28615). Clicking a CVE opens the official advisory in the National Vulnerability Database.

Description

Technical background on the vulnerability: what it is, what it affects, and what an attacker could do if it were exploited.

If left unpatched

The concrete consequence of leaving this issue open — what an attacker could actually achieve. Use it to judge urgency in your own context.

How to fix

Specific, actionable guidance for resolving the issue. For package vulnerabilities this is typically "install the updated package"; for misconfigurations it describes the correct configuration; for an exposed service it explains how to close or restrict it.

Occurrences

An issue can appear on multiple targets or multiple ports of the same target. Each occurrence is listed separately below the issue name, showing the target hostname and port. This helps you understand the full scope of exposure.

What's next