diff --git a/content/en/docs/control-center/security/software-composition/components.md b/content/en/docs/control-center/security/software-composition/components.md
index 9fd0f9319c2..a8b76b5c4cb 100644
--- a/content/en/docs/control-center/security/software-composition/components.md
+++ b/content/en/docs/control-center/security/software-composition/components.md
@@ -86,6 +86,7 @@ The finding list contains the following information:
* Deprecated components: The current date - The date when the component was deprecated
* Outdated components: The current date - The publish date of the first higher runtime compatible version
+ * Vulnerable components: The number of days since the date when the CVSS score was computed
* Column customization ({{% icon name="view" %}}) — You can customize the columns in the list by clicking the {{% icon name="view" %}} icon and selecting or deselecting options.
diff --git a/content/en/docs/control-center/security/software-composition/findings.md b/content/en/docs/control-center/security/software-composition/findings.md
new file mode 100755
index 00000000000..6eb1ad4100c
--- /dev/null
+++ b/content/en/docs/control-center/security/software-composition/findings.md
@@ -0,0 +1,73 @@
+---
+title: "Findings Tab"
+linktitle: "Findings Tab"
+url: /control-center/findings-tab/
+description: "Describes the Findings tab on the Software Composition page of the Mendix Control Center."
+weight: 3
+---
+
+## Introduction
+
+The **Findings** tab allows you to view and manage vulnerable components across your app landscape, as published on the [Security Advisories](/releasenotes/security-advisories/) page. The information is organized based on the type of finding assigned to each component, making it easy to identify those that require action.
+
+
+
+## Finding List
+
+The following fields and options are available above the list of findings:
+
+* A search box to search for information within the list.
+* A filter to display items based on the type of finding.
+* A filter to display items based on the severity level.
+* The **Show Snoozed Findings** toggle, which allows you to hide or display findings which you have chosen to snooze temporarily.
+* The {{% icon name="office-sheet" %}}**Export All** option, which allows you to export all the information in the list to an Excel file.
+
+The findings list contains the following information:
+
+* **Severity** – The severity assigned to a component. This is computed on the [Scoring Criteria](/control-center/scoring-criteria-tab/) tab.
+* **Finding Type** – The type of finding, which can read more about in the [Finding Types](/control-center/scoring-criteria-tab/#finding-types) section of the *Scoring Criteria Tab* page.
+* **Component** – The component which is affected by the finding.
+* **Version** – The version of the component which is affected by the finding.
+* **Type** – The type of component. For more information, refer to the [Types of Marketplace Components](/appstore/#components-type) section on the *Marketplace* page.
+* **Support** – The support type of the Marketplace component. This can be **Mendix**, **Partner**, or **Community**. For more information, refer to [Content Support Categories](/appstore/marketplace-content-support/#category).
+* **Created On** – The date when the affected component was created.
+* **Apps Affected** – The number of apps which use the affected component. Clicking the number in this column displays a list of apps.
+* **View Details & Edit** – Displays the **Finding Overview** page, which contains details about the finding and the corresponding component.
+
+## Finding Overview
+
+The **Finding Overview** page displays detailed information about the selected finding, as well as appropriate actions to take on it.
+To access this page, click **View Details & Edit** for a finding in the list.
+
+### Finding Details
+
+This section contains the following information:
+
+* **Severity** – The severity of the finding, as computed based on the [NVD Vulnerability Metrics](https://nvd.nist.gov/vuln-metrics) framework.
+* **CVE-ID** – The unique ID which identifies the finding on the **Security Advisories** page.
+* **Age** – The number of days since the date when the CVSS score was computed.
+* **Created on** – The date when the component was created.
+* **Description** – The reason why the component was marked as vulnerable.
+
+### Components Details
+
+This section contains the following information:
+
+* **Version** – The version of the component affected by this finding.
+* **Type** – The type of the component affected by this finding.
+* **Owner** – The entity that owns the component affected by this finding.
+* **Apps using component** – The number of apps which use the component affected by this finding, along with a link to view them.
+
+### Activity
+
+This section logs all action pertaining to the finding, along with their dates.
+Activities include finding creation, Mendix Admin guidance updates, snoozing updates, scoring criteria changes.
+
+### Actions
+
+This section contains the following:
+
+* **Status** – The status of the finding.
+ You can choose to ignore the finding, and come back to it after a predefined time. To do that, click **Snooze**, then select a snooze duration, and add a reason.
+* **Mendix Admin Guidance** – An AI generated text containing information about what the vulnerability is, why it is important to fix it, and how it can be fixed.
+ You can edit this text.
diff --git a/content/en/docs/control-center/security/software-composition/scoring-criteria.md b/content/en/docs/control-center/security/software-composition/scoring-criteria.md
index 2837434b21f..c0f42d4bb13 100644
--- a/content/en/docs/control-center/security/software-composition/scoring-criteria.md
+++ b/content/en/docs/control-center/security/software-composition/scoring-criteria.md
@@ -3,7 +3,7 @@ title: "Scoring Criteria Tab"
linktitle: "Scoring Criteria Tab"
url: /control-center/scoring-criteria-tab/
description: "Describes the Scoring Criteria tab on the Software Composition page of the Mendix Control Center."
-weight: 3
+weight: 4
---
## Introduction
@@ -16,12 +16,20 @@ The settings on this tab determine how each such vulnerability is calculated for
{{< figure src="/attachments/control-center/security/software-composition/scoring_criteria.png" >}}
+
+
The default values are strict, but you can adjust them to reflect the practice of your company.
-## Finding Types
+## Finding Types {#finding-types}
The types of findings that you can adjust for are **Outdated** and **Deprecated**.
+### Vulnerable
+
+A finding is generated when a component is published on the [Security Advisories](/releasenotes/security-advisories/) page, and is assigned a specific CVSS score. CVSS scores are based on the [NVD Vulnerability Metrics](https://nvd.nist.gov/vuln-metrics) framework, and cannot be orverriden.
+
+You can choose the combination of CVSS range and severity for which you want a component to be marked as vulnerable.
+
### Outdated
A finding is generated when a component becomes outdated, meaning when a new runtime compatible version is published to the Mendix Marketplace.
diff --git a/content/en/docs/deployment/general/software-composition.md b/content/en/docs/deployment/general/software-composition.md
index ebe4a4bffaa..1b1cd310b24 100644
--- a/content/en/docs/deployment/general/software-composition.md
+++ b/content/en/docs/deployment/general/software-composition.md
@@ -116,6 +116,25 @@ The page is divided into two tabs: **Findings** and **Component Usage**. For det
* [Findings](/control-center/overview-tab/#overview-findings)
* [Component Usage](/control-center/overview-tab/#overviw-component-usage)
+#### Finding and Component Details
+
+If a finding is marked as **Vulnerable**, its corresponding component has a **View Details** button. Clicking it opens a window which includes two sections:
+
+* **Finding Details** – This includes the following details:
+
+ * **Severity** – The severity of the finding, as computed on the [Scoring Criteria](/control-center/scoring-criteria-tab/) tab.
+ * **CVE-ID** – The unique ID which identifies the finding on the **Security Advisories** page.
+ * **CVSS Score** – The CVSS score, as computed based on the [NVD Vulnerability Metrics](https://nvd.nist.gov/vuln-metrics) framework.
+ * **Age** – The number of days since the date when the CVSS score was computed.
+ * **Created on** – The date when the component was created.
+ * **Description** – The reason why the component was marked as vulnerable.
+
+* **Components Details** – This includes the following details:
+
+ * **Current Version** – The version of the component affected by this finding.
+ * **Type** – The type of the component affected by this finding.
+ * **Publisher** – The entity that published the component affected by this finding.
+
## Components {#all-components}
The **Components** tab gives an overview of all the unique components deployed in all the combined app environments.
@@ -203,6 +222,25 @@ The finding list contains the following information:
* Column customization ({{% icon name="view" %}}) — You can customize the columns in the list by clicking the {{% icon name="view" %}} icon and selecting or deselecting options.
+##### Finding and Component Details
+
+If a finding is marked as **Vulnerable**, its corresponding component has a **View Details** button. Clicking it opens a window which includes two sections:
+
+* **Finding Details** – This includes the following details:
+
+ * **Severity** – The severity of the finding, as computed on the [Scoring Criteria](/control-center/scoring-criteria-tab/) tab.
+ * **CVE-ID** – The unique ID which identifies the finding on the **Security Advisories** page.
+ * **CVSS Score** – The CVSS score, as computed based on the [NVD Vulnerability Metrics](https://nvd.nist.gov/vuln-metrics) framework.
+ * **Age** – The number of days since the date when the CVSS score was computed.
+ * **Created on** – The date when the component was created.
+ * **Description** – The reason why the component was marked as vulnerable.
+
+* **Components Details** – This includes the following details:
+
+ * **Current Version** – The version of the component affected by this finding.
+ * **Type** – The type of the component affected by this finding.
+ * **Publisher** – The entity that published the component affected by this finding.
+
#### Component Usage {#component-component-usage}
The **Component Usage** tab displays a detailed view of all environments where the component is used.
diff --git a/content/en/docs/releasenotes/control-center/_index.md b/content/en/docs/releasenotes/control-center/_index.md
index 8657acb8414..c358551825f 100644
--- a/content/en/docs/releasenotes/control-center/_index.md
+++ b/content/en/docs/releasenotes/control-center/_index.md
@@ -14,6 +14,12 @@ To see the current status of the Mendix Control Center, see [Mendix Status](http
## 2025
+### December 11, 2025
+
+#### New Features
+
+* Software Composition is now enhanced with the ability to view details on vulnerabilities and act upon them. This option is available through the new [Findings](/control-center/findings-tab/) tab, which provides a list of vulnerable components across all your apps. You can therefore easily identify components that require action, and take the appropriate measures to ensure uninterrupted app service.
+
### November 9, 2025
#### Improvements
diff --git a/content/en/docs/releasenotes/deployment/_index.md b/content/en/docs/releasenotes/deployment/_index.md
index 478e31ed239..b70078079ee 100644
--- a/content/en/docs/releasenotes/deployment/_index.md
+++ b/content/en/docs/releasenotes/deployment/_index.md
@@ -15,7 +15,7 @@ Follow the links in the table below to see the release notes you want:
| Type of Deployment | Last Updated |
| --- | --- |
-| [Mendix Cloud](/releasenotes/developer-portal/mendix-cloud/) | December 06, 2025 |
+| [Mendix Cloud](/releasenotes/developer-portal/mendix-cloud/) | December 11, 2025 |
| [Mendix on Kubernetes](/releasenotes/developer-portal/mendix-for-private-cloud/) | November 6, 2025 |
| [Mendix on Azure](/releasenotes/developer-portal/mendix-on-azure/) | November 6, 2025 |
| [SAP Business Technology Platform (SAP BTP)](/releasenotes/developer-portal/sap-cloud-platform/) | August 27, 2024 |
diff --git a/content/en/docs/releasenotes/deployment/mendix-cloud.md b/content/en/docs/releasenotes/deployment/mendix-cloud.md
index fb1258335f9..b5421f09940 100644
--- a/content/en/docs/releasenotes/deployment/mendix-cloud.md
+++ b/content/en/docs/releasenotes/deployment/mendix-cloud.md
@@ -16,6 +16,14 @@ For information on the current status of deployment to Mendix Cloud and any plan
## 2025
+### December 11, 2025
+
+#### New Features
+
+* Software Composition is now enhanced with the ability to view details on components marked as **Vulnerable** and act upon them.
+ For details, refer to [Software Composition](/developerportal/deploy/software-composition/).
+ For background information on the Control Center options that power this new feature, refer to [Findings](/control-center/findings-tab/).
+
### December 06, 2025
#### Improvements
diff --git a/layouts/partials/landingpage/latest-releases.html b/layouts/partials/landingpage/latest-releases.html
index 28b09503b4b..571d3dbc011 100644
--- a/layouts/partials/landingpage/latest-releases.html
+++ b/layouts/partials/landingpage/latest-releases.html
@@ -14,6 +14,6 @@ Latest Releases
Deployment
- December 06, 2025
+ December 11, 2025