Common Vulnerabilities and Exposures (CVE)

Security+ 🏆 • Vulnerabilities 🚨 • Security Operations 🛡️ • Difficulty: free

Definition

CVE is a public identifier system for security vulnerabilities. A CVE ID gives everyone a shared reference for the same issue so advisories, scanners, patches, and incident reports can reliably point to the same vulnerability.

Examples

A vendor advisory says a product has a remote code execution vulnerability and assigns CVE-2024-12345 so defenders can track it across tools and reports.
A vulnerability scanner flags CVE-2023-1234 on several servers, which helps the team prioritize patching and verify remediation.

Discover 🔎

In security, the hardest part is often not fixing the problem but agreeing which problem you are talking about. CVE solves that coordination issue. A CVE ID is like a tracking number for a vulnerability. It does not fix anything by itself, but it makes it far easier to communicate, search, prioritize, patch, and report.

Remember: CVE is an identifier, not a severity score and not a patch. It is a shared name for a specific vulnerability.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.