Glossary

Common Vulnerabilities and Exposures (CVE) is a database of publicly disclosed IT security flaws and issues. It provides a central point of reference for entities to exchange information about vulnerabilities and exposures that might impact others. This database contains only publicly reported CVEs, however, and therefore isn’t a complete reference of all vulnerabilities and exposures in existence. It’s maintained by the National Cybersecurity FFRDC (Federally Funded Research and Development Center) and operated by the MITRE Corporation. CVE is sponsored by the U.S. Government with funding from the US Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA).