What is a cybersecurity vulnerability?

A flaw or weakness in software, hardware, or an IT system that can be exploited by an attacker to compromise security, gain unauthorized access, or disrupt operations.

How do vulnerabilities differ from exploits?

A vulnerability is the *weakness* itself, while an exploit is the *tool or technique* used to take advantage of that weakness to achieve a malicious outcome.

What are common examples of software vulnerabilities?

Common examples include SQL injection, Cross-Site Scripting (XSS), buffer overflows, broken authentication, and misconfigurations in applications or systems.

How are vulnerabilities typically discovered and reported?

They are often found by security researchers, ethical hackers, or software vendors themselves, then reported through responsible disclosure programs or public advisories.

What is a 'Zero-Day' vulnerability?

It's a newly discovered flaw that the vendor is unaware of, or has not yet patched, making it highly dangerous as there is no immediate fix available to users.