Vulnerability scans look for known vulnerabilities in your systems and report on them.
I like to use a door lock analogy here. Let’s say you bought a Schlage door lock from Home Depot. A month later, you get a notification that your lock doesn’t quite lock correctly. If a burglar were to tap on the lock ten times, the lock would just open. Schlage released a bulletin about this and called it the 10-tap vulnerability. The Schlage lock company issued a part replacement that you could install in the lock to make sure that the 10-tap vulnerability is no longer present.