Zero-Day
A zero-day is a vulnerability that is unknown to the software vendor and therefore has no patch available. Attackers who discover zero-days can exploit them with no defenders able to protect patched systems. CISA KEV and EPSS track exploitation risk for both zero-days and known vulnerabilities.
Frequently Asked Questions
What is Zero-Day?
A zero-day is a vulnerability that is unknown to the software vendor and therefore has no patch available. Attackers who discover zero-days can exploit them with no defenders able to protect patched systems. CISA KEV and EPSS track exploitation risk for both zero-days and known vulnerabilities.
How is Zero-Day related to CVE (Common Vulnerabilities and Exposures)?
Zero-Day and CVE (Common Vulnerabilities and Exposures) are both key concepts in threat intelligence. CVE is a public catalogue of known cybersecurity vulnerabilities, maintained by MITRE and sponsored by CISA. Each entry has a unique CVE ID (e.g., CVE-2024-12345), a description, and references. CVE IDs are the universal language for tracking and patching specific vulnerabilities.