What Is CVE (Common Vulnerabilities and Exposures)?

The CVE list is maintained by the MITRE Corporation, a not-for-profit organization that operates Federally Funded Research and Development Centers (FFRDCs). The CVE list provides a standardized way to identify and track publicly known vulnerabilities.

The most famous CVE vulnerability may vary, but historically, vulnerabilities like Heartbleed (CVE-2014-0160) and Shellshock (CVE-2014-6271) gained significant attention due to their widespread impact.

A vulnerability is a weakness in a system that can be exploited, while exposure refers to the potential harm or risk resulting from a vulnerability. Identifying vulnerabilities helps mitigate exposures and enhance overall security.

A common vulnerabilities and exposure (CVE) scan involves identifying and cataloging known vulnerabilities in software or systems. It uses a standardized list of vulnerabilities for comprehensive security assessment.

A vulnerability is a weakness in a system, while exposure is the potential harm that may result from exploiting that vulnerability. Exposure quantifies the risk associated with a vulnerability.