Vulnerabilities
CVE (Common Vulnerabilities and Exposures)
Also known as: CVE ID, CVE record
Definition
A public catalogue that assigns a unique identifier to each disclosed software or hardware vulnerability so they can be referenced unambiguously across the industry.
Examples
- CVE-2014-0160 (Heartbleed) — OpenSSL heartbeat read overflow.
- CVE-2021-44228 (Log4Shell) — Log4j JNDI lookup remote code execution.
Related terms
Vulnerability
A weakness in a system, application, or process that an attacker can exploit to violate confidentiality, integrity, or availability.
CWE (Common Weakness Enumeration)
A community-developed taxonomy of software and hardware weakness types — the underlying flaw classes that lead to vulnerabilities.
CVSS (Common Vulnerability Scoring System)
An open framework, maintained by FIRST, that produces a 0–10 severity score for a vulnerability based on its exploitation characteristics and impact.
EPSS (Exploit Prediction Scoring System)
A data-driven model, maintained by FIRST, that estimates the probability a given CVE will be exploited in the wild within the next 30 days.
Known Exploited Vulnerability (KEV)
A CVE that the U.S. CISA confirms is being actively exploited and adds to its public KEV Catalog, triggering remediation deadlines for U.S. federal agencies.
CVE Numbering Authority (CNA)
CVE Numbering Authority (CNA) — definition coming soon.