for ($xc->findnodes( 'fndvuln', $host)) {
		
    $fnd_vuln_id = $_->findvalue('./@id');
			
    print  "\n";
    print $fnd_vuln_id . "\n";
					
    $commonRecord{"nCircleVulnID"} =  $fnd_vuln_id;
			
    # The Vulnerabliliy descriptions are in /audit/vulnerabilities
    for $vuln ( $xc->findnodes("/audit/vulnerabilities/vuln[\@id = '$fnd_vuln_id']")) {
        $commonRecord{"nCircleVulnName"} = $xc->findvalue('vname', $vuln);				
        $commonRecord{"nCircleVulnScore"} = $xc->findvalue('vscore', $vuln);
        $commonRecord{"nCircleVulnRisk"} = $xc->findvalue('risk', $vuln);
        $commonRecord{"nCircleVulnSkill"} = $xc->findvalue('skill', $vuln);
        $commonRecord{"nCircleVulnStrategy"} = $xc->findvalue('strategy', $vuln);
        $commonRecord{"nCircleVulnDesc"} = &clean( $xc->findvalue( 'vdescription', $vuln));

# This is where the issue is:

        if ( $xc->findnodes( 'advisories/cve', $vuln )) {		
            for ( $xc->findvalue( 'advisories/cve', $vuln )) {
					
     print $_ . "\n";
                push ( @cve_records, $_ );
            }
        }
    }

##</code><code>##

<audit>
<devices>
<host id="125861" persistent_id="20164">
<fndvuln id="3522" port="161" proto="udp"/>
</host>
</devices>
<vulnerabilities>
<vuln id="3522">
<vname>
SNMP System Description Available (system.sysDescr)</vname>
<vscore>48</vscore>
<risk>Exposure</risk>
<skill>Automated Exploit</skill>
<strategy>Network Reconnaissance</strategy>
<vdescription>
The SNMP System Description (sys.sysDescr, OID=.iso.3.6.1.2.1.1.1.0) is remotely available. This can give detailed operating system, build, and version information about the target.  
</vdescription>

<advisories>
<cve>CVE: CVE-1999-0516</cve>
<cve>CVE: CVE-1999-0517</cve>
</advisories>

</vuln>
##</code><code>##

3522
CVE: CVE-1999-0516CVE: CVE-1999-0517