Vulnerabilities
N-Day Vulnerability
Also known as: Known vulnerability
Definition
A publicly disclosed vulnerability for which a patch already exists, but which remains exploitable on systems that have not yet been updated.
Examples
- CVE-2017-0144 (EternalBlue/WannaCry) — exploited at scale months after Microsoft's patch.
- CVE-2019-19781 (Citrix ADC) — mass-exploited despite vendor mitigations.
Related terms
Vulnerability
A weakness in a system, application, or process that an attacker can exploit to violate confidentiality, integrity, or availability.
Zero-Day Vulnerability
A security flaw that is unknown to the vendor (or for which no patch yet exists) at the moment it is discovered or exploited.
Exploit
A piece of code, data, or technique that takes advantage of a vulnerability to cause unintended behaviour such as code execution, privilege escalation, or information disclosure.
Patch Management
The end-to-end process of identifying, testing, deploying, and verifying software updates that fix vulnerabilities or bugs.
Known Exploited Vulnerability (KEV)
A CVE that the U.S. CISA confirms is being actively exploited and adds to its public KEV Catalog, triggering remediation deadlines for U.S. federal agencies.
Vulnerability Scanning
Automated process that probes systems, applications, or containers against known vulnerability signatures to produce a list of potential weaknesses.