The ISO/IEC 27000:2018 standard defines a vulnerability as a weakness of an asset or control that can be exploited by one or more threats. Vulnerability assessments are used to identify potential cyber security weaknesses or vulnerabilities on omputers, systems, and network devices. These types of scans typically use automated tools.
Vulnerability scans are passive in their approach to vulnerability management. This is because these security scans only report detected vulnerabilities without identifying means of their exploits.