Definition
Plain language
An officially numbered entry in the public catalog of known security vulnerabilities.
As stated in the literature
Common Vulnerabilities and Exposures — a standardized identifier assigned by MITRE-coordinated authorities for publicly disclosed software security flaws.
Also called: CVEs
Why it matters: Standardized IDs are what let the security ecosystem — and AI tools that scan for known flaws — coordinate on the same vulnerabilities without confusion.
For example, the Log4Shell vulnerability is tracked publicly as CVE-2021-44228, so every vendor advisory and patch can reference the same identifier.