diff --git a/app/controllers/cisa_known_exploits_controller.rb b/app/controllers/cisa_known_exploits_controller.rb
index 225da57..b9b0f9e 100644
--- a/app/controllers/cisa_known_exploits_controller.rb
+++ b/app/controllers/cisa_known_exploits_controller.rb
@@ -10,4 +10,9 @@ class CisaKnownExploitsController < ApplicationController
     @cisa_known_exploit = CisaKnownExploit.cve_id(params[:cve_id])
     render json: @cisa_known_exploit.to_json
   end
+
+  def show_product
+    @cisa_known_exploits = CisaKnownExploit.by_product(params[:product_name])
+    render json: @cisa_known_exploits.to_json 
+  end
 end
diff --git a/app/models/cisa_known_exploit.rb b/app/models/cisa_known_exploit.rb
index 4ae7e21..32785d5 100644
--- a/app/models/cisa_known_exploit.rb
+++ b/app/models/cisa_known_exploit.rb
@@ -5,6 +5,7 @@ class CisaKnownExploit < ActiveRecord::Base
     find_by(cve_id: id)
   end
 
+  #TODO: i think i can just use postgrs sql jsonb ->> queries to better pull this data
   def self.cve_id(cve_id)
     last.vulnerabilities.select { |vuln| vuln if vuln.dig('cve_id') == cve_id }
   end
@@ -14,7 +15,7 @@ class CisaKnownExploit < ActiveRecord::Base
   end
 
   def self.by_product(product_name)
-    last.vulnerabilities.select {|vuln| vuln if vuln.dig('product') == product_name }
+    last.vulnerabilities.select {|vuln| vuln if vuln.dig('product') =~ /#{product_name}/ }
   end
 
   def self.by_due_date(due_date)
diff --git a/config/routes.rb b/config/routes.rb
index f80e864..7c66d66 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -43,5 +43,6 @@ Rails.application.routes.draw do
   get '/gsds/years/:year', to: 'gsds#show_year'
 
   get '/cisa_known_exploits', to: 'cisa_known_exploits#index'
-  get '/cisa_known_exploits/cve/:cve_id', to: 'cisa_known_exploits#show'
+  get '/cisa_known_exploits/vulnerabilities/:cve_id', to: 'cisa_known_exploits#show'
+  get '/cisa_known_exploits/vulnerabilities/product/:product_name', to: 'cisa_known_exploits#show_product'
 end