A vulnerability is a weakness in software, hardware, configuration, or process that attackers can exploit to gain unauthorized access, execute malicious code, or disrupt operations. Vulnerabilities matter because even strong security programs can fail if exposed weaknesses remain unpatched, misconfigured, or poorly prioritized.
What is a Vulnerability?
In cybersecurity, a vulnerability is any flaw or weakness that can reduce the security of a system, application, device, or business process. Vulnerabilities can come from coding mistakes, missing patches, insecure default settings, weak access controls, outdated software, or poor operational practices.
Attackers look for vulnerabilities because they create a path to compromise. Once a weakness is identified, it may be used to escalate privileges, move laterally, steal data, deploy malware, or interrupt critical business operations.
Common Vulnerability Examples
Common examples include unpatched software, weak passwords, exposed services, insecure APIs, misconfigured cloud storage, outdated plugins, and application flaws such as SQL injection or cross-site scripting. Some vulnerabilities are publicly known and cataloged, while others remain unknown until discovered by researchers, vendors, or attackers.
Vulnerability vs. Threat
A vulnerability is a weakness that can be exploited. A threat is the actor, event, or condition that may exploit that weakness. Risk emerges when vulnerabilities, threats, and business impact intersect.
Frequently Asked Questions
Are all vulnerabilities equally dangerous?
No. Severity depends on exploitability, exposure, attacker interest, existing controls, and the importance of the affected asset.
How are vulnerabilities usually discovered?
They may be found through scanning, testing, code review, research, bug bounty programs, vendor discovery, or active incident investigation.
Related Cybersecurity Terms
