Yes. As someone who spent years on the receiving end of these, I'd change my original post to be about "real" vulnerabilities, not the results of automated scans.