• Definition :CVE is a list of publicly disclosed computer security flaws. (list of vulns publicly exposed).

• Standardized Identifier :Each vuln in the CVE list has a unique ID.

  CVE-the year of identification-unique number Ex : CVE-2023-12345

• Information Sharing : CVE program provides a standardized way for security professionals to share info about vulns.

• Global Reference : CVEs serve as a universal reference point for vulns.

• Database Management : CVE list is maintained by the MITRE Corporation under the sponsorship of the U.S.

• Mitre also maintains the Common Weakness Enumeration (CWE), a list of software and hardware weakness types.

• NVD - An Extension of CVE: The National Vulnerability Database is a U.S. government repository that extends the information contained in the CVE list (Managed by the National Institute of Standards and Technology (NIST)).

• Critical for Patch management : Identifying CVEs is essential for effective patch management in organizations.

• Importance in Security Research

• link of CVE database : https://www.cve.org/Downloads
• link of NVD database :https://nvd.nist.gov/vuln/search/results?results_type=overview&search_type=all&form_type=Basic&isCpeNameSearch=false&orderBy=publishDate&orderDir=desc

What is CVE (Common Vulnerabilities and Exposures)

• CVE IDs are assigned by CVE Numbering Authorities (CNAS)
• CVE list feeds the US National Vulnerability Database (NVD)

Mission : identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.