Common Vulnerabilities and Exposures (CVE)

Sec+ Glossary 📖 • Vulnerabilities 🚨 • Security Operations 🛡️ • Difficulty: free

What is Common Vulnerabilities and Exposures (CVE)?

CVE is a public identifier system for security vulnerabilities. A CVE ID gives everyone a shared reference for the same issue so advisories, scanners, patches, and incident reports can reliably point to the same vulnerability.

Examples

A vendor advisory says a product has a remote code execution vulnerability and assigns CVE-2024-12345 so defenders can track it across tools and reports.
A vulnerability scanner flags CVE-2023-1234 on several servers, which helps the team prioritize patching and verify remediation.

Discover 🔎

In security, the hardest part is often not fixing the problem but agreeing which problem you are talking about. CVE solves that coordination issue. A CVE ID is like a tracking number for a vulnerability. It does not fix anything by itself, but it makes it far easier to communicate, search, prioritize, patch, and report.

Remember: CVE is an identifier, not a severity score and not a patch. It is a shared name for a specific vulnerability.

Summary 📝

CVE gives the security world a shared language for vulnerabilities. A CVE ID makes it easy to track the same issue across advisories, scanners, patches, and reports. Treat CVE as a pointer and a tracking key: confirm relevance, assess exposure, follow vendor guidance, remediate safely, and verify the fix.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.