A catalog maintained by the Cybersecurity and Infrastructure Security Agency (CISA) lists vulnerabilities actively being exploited.

A structured software, hardware, and operating system naming scheme. It helps identify what products are affected by vulnerabilities, making tracking and referencing in CVE reports easier.

A standardized identifier for publicly known security vulnerabilities. Each CVE entry provides a unique reference for a vulnerability, making it easier for users to find and share vulnerability data.

A system that assigns a numerical score to vulnerabilities, reflecting their severity and risk. Scores range from 0 to 10, where a higher score indicates a more severe vulnerability. The Forum of Incident Response and Security Teams (FIRST) owns and develops the scoring framework.

A system that estimates the likelihood that a given vulnerability will be exploited in the wild. It uses historical data and machine learning to predict the risk of exploitation.

The U.S. government’s repository of vulnerability management data, including CVE entries. It provides enhanced vulnerability analysis and scoring based on the CVSS framework.

The practice of collecting and analyzing publicly available information from various open sources, such as websites, social media, public records, news outlets, forums, and more, to gather intelligence.

Code or a method that demonstrates how a vulnerability can be exploited. It may not necessarily be a fully weaponized exploit.