What is Zero-Day?

A vulnerability that is exploited before the vendor has released a patch — defenders have “zero days” to fix it.

A zero-day exploit targets a flaw unknown to the vendor (or known but unpatched). Because no fix exists, signature-based defenses often miss it, making behavioral detection and rapid patching critical once a fix lands.

Once a zero-day is disclosed or patched it becomes an “n-day” — still dangerous because many organizations patch slowly. CISA’s KEV catalog tracks vulnerabilities confirmed exploited in the wild.

Related free tools

CVE Lookup → CISA KEV →

Part of the Ciphers Security glossary. Free reference for analysts, defenders & learners.

What is Zero-Day?

Related free tools

Related terms