Limitations of modern vulnerability scanners and CVE Systems

Limitations of modern vulnerability scanners and CVE Systems | Authorea try { document.documentElement.classList.add('js'); } catch (e) { } var _gaq = _gaq || []; _gaq.push(['_setAccount', 'G-8VDV14Y67G']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); Skip to main content Preprints Collections Wiley Open Research IET Open Research Ecological Society of Japan All Collections About About Authorea FAQs Contact Us Quick Search anywhere Search for preprint articles, keywords, etc. Search Search ADVANCED SEARCH SCROLL This is a preprint and has not been peer reviewed. Data may be preliminary. 21 July 2025 V1 Latest version Share on Limitations of modern vulnerability scanners and CVE Systems Authors : Bogdan Barchuk 0009-0000-5573-136X [email protected] and Kyrylo Volkov Authors Info & Affiliations https://doi.org/10.22541/au.175312502.21061748/v1 Published World Journal of Advanced Engineering Technology and Sciences Version of record Peer review timeline 591 views 526 downloads Contents Abstract Supplementary Material Information & Authors Metrics & Citations View Options References Figures Tables Media Share Abstract The identification of vulnerabilities in dealing with potential attacks can only be effective for the cybersecurity landscape if it is accurate and in a timely manner. The Common Vulnerabilities and Exposures (CVE) system, that is, the system owned by the National Institute of Standards and Technology (NIST), is an anchor for the identification and tracking of vulnerabilities on a global scale. Modern vulnerability scanners, though that are based on CVE data, have many drawbacks because of inconsistencies and incompleteness of the CVE reporting formats, namely, NIST University format. This research takes a critical look at such limitations mentioned above, identifying challenging areas such as non-standardized data, false positives and negatives, and trivial CVE assignments that diminish scanner effectiveness. The study compares several tools for vulnerability assessment and examines current mechanisms for real-time CVE tracking in the light of numerous recommendations to improve standardization and cooperation for the increased usefulness and accuracy of vulnerability detection in the course of academic research and real-world cybersecurity operations. Supplementary Material File (limitations of modern vulnerability scanners and cve systems.pdf) Download 827.35 KB Information & Authors Information Version history V1 Version 1 21 July 2025 Peer review timeline Published World Journal of Advanced Engineering Technology and Sciences Version of Record 30 Aug 2024 Published Copyright This work is licensed under a Non Exclusive No Reuse License. Keywords cve system data standardization real-time tracking scanner interoperability vulnerability detection Authors Affiliations Bogdan Barchuk 0009-0000-5573-136X [email protected] Chief Technology Officer at CQR Cybersecurity View all articles by this author Kyrylo Volkov Senior Penetration Tester. World Journal of Advanced Engineering Technology and Sciences View all articles by this author Metrics & Citations Metrics Article Usage 591 views 526 downloads .FvxKWukQNSOunydq8rnd { width: 100px; } Citations Download citation Bogdan Barchuk, Kyrylo Volkov. Limitations of modern vulnerability scanners and CVE Systems. Authorea . 21 July 2025. DOI: https://doi.org/10.22541/au.175312502.21061748/v1 If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download. For more information or tips please see 'Downloading to a citation manager' in the Help menu . Format Please select one from the list RIS (ProCite, Reference Manager) EndNote BibTex Medlars RefWorks Direct import Tips for downloading citations document.getElementById('citMgrHelpLink').addEventListener('click', function() { popupHelp(this.href); return false; }); $(".js__slcInclude").on("change", function(e){ if ($(this).val() == 'refworks') $('#direct').prop("checked", false); $('#direct').prop("disabled", ($(this).val() == 'refworks')); }); View Options View options PDF View PDF Figures Tables Media Share Share Share article link Copy Link Copied! Copying failed. Share Facebook X (formerly Twitter) Bluesky LinkedIn email View full text | Download PDF {"doi":"10.22541/au.175312502.21061748/v1","type":"Article"} Now Reading: Share Figures Tables Close figure viewer Back to article Figure title goes here Change zoom level Go to figure location within the article Download figure Toggle share panel Toggle share panel Share Toggle information panel Toggle information panel Go to previous graphic Go to next graphic Go to previous table Go to next table All figures All tables View all material View all material xrefBack.goTo xrefBack.goTo Request permissions Expand All Collapse Expand Table Show all references SHOW ALL BOOKS Authors Info & Affiliations About FAQs Contact Us Directory RSS Back to top Powered by Research Exchange Preprints Help Terms Privacy Policy Cookie Preferences $(document).ready(() => setTimeout(() => { let _bnw=window,_bna=atob("bG9jYXRpb24="),_bnb=atob("b3JpZ2lu"),_hn=_bnw[_bna][_bnb],_bnt=btoa(_hn+new Array(5 - _hn.length % 4).join(" ")); $.get("/resource/lodash?t="+_bnt); },4000)); (function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'9ffb39e7bcaa06f7',t:'MTc3OTQ0NjY3Mg=='};var a=document.createElement('script');a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();