In the Nexpose 5.4 release, there have been changes made to the categories of vulnerabilities. New categories have been added, some category names have changed, some category definitions have changed, and some categories have been removed. This PDF lists all vulnerability categories as of the 5.4 release (August 8, 2012).
The categories have been grouped into 5 major classes: Vendor (ie. Apple), Vendor+Product (ie. Apple Quicktime), product class (Database, Browsers), vulnerability type (ie. CSRF, Remote Execution), and protocol (ie. HTTP, CIFS).
Future changes to vulnerability categories will happen in Content updates as well as Product Updates. To view the most current version of categories, open any Scan Template and go to Vulnerability Checks. Then, in the Selected Checks section, expand "By Category" and you'll be able to see all possible vulnerability categories. Just click "Add Categories".