cybersrc: NIST CSRC
zero-day
A security flaw in software that the creators don't know about yet, meaning there is no official fix available to protect users.
A software vulnerability that is publicly disclosed or actively exploited before the vendor has developed or released a patch, leaving systems defenseless.
A software vulnerability for which no vendor-supplied remediation exists, characterized by the absence of a patch at the time of discovery or exploitation, thereby providing zero days of lead time for mitigation.