A vulnerability scanner automatically checks systems, applications, and networks for known vulnerabilities. It compares detected configurations and software versions against vulnerability databases (CVE/NVD). In an ISMS, regular vulnerability scanning is a technical control per ISO 27001 Annex A.8.8. Common tools include OpenVAS, Nessus, and Qualys. Scan results feed into the vulnerability management process, where they are prioritized and addressed through patches or workarounds.