FAQ

A CVE (Common Vulnerabilities and Exposures) is a security flaw that has been publicly identified, documented, and published in an official database. It is known and, in most cases, a patch is available or in progress. A zero-day, on the other hand, is a flaw that has not yet been disclosed, and therefore is not listed as a CVE at the time of discovery.

In short, every zero-day can become a CVE, but not all CVEs are zero-days. The main risk with zero-days is that they are exploitable before any public awareness, whereas CVEs are typically already under analysis or remediation.