Glossary · Vulnerability Management

CVE

Also known as: Common Vulnerabilities and Exposures

Common Vulnerabilities and Exposures — public identifier for a disclosed security flaw.

CVE IDs (issued by MITRE-coordinated CNAs) are the primary way the security industry labels disclosed vulnerabilities. They reference a flaw in a specific product / version range and are typically accompanied by a CVSS severity score and an EPSS exploit-likelihood score.

Related terms

SBOM
Software Bill of Materials — machine-readable inventory of components and dependencies in a build.
EPSS
Exploit Prediction Scoring System — probabilistic likelihood that a CVE will be exploited.
CISA KEV
CISA's Known Exploited Vulnerabilities catalog — CVEs confirmed to be exploited in the wild.

Need help applying CVE on a programme? Use the contact form or request a KAVACH demo.

CVE

SBOM

EPSS

CISA KEV