A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application.
Per OWASP https://owasp.org/www-community/vulnerabilities/#:~:text=A%20vulnerability%20is%20a%20hole,that%20rely%20on%20the%20application.
- What is a vulnerability
- Examples of vulernerabilities
- List of Vulnerabilities
OWASP Top 10 – The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. https://owasp.org/www-project-top-ten/
Common Vulnerabilities and Exposures (CVE) – is a list of entries – each containing an identification number, a description, and at least one public reference for publicly known cybersecurity vulnerabilities. https://cve.mitre.org/
National Institute of Standards and Technology (NIST) – National Vulnerabilities Database (NVD) – The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics. https://nvd.nist.gov/
US Cybersecurity & Infrastructure Security Agency ( US-CERT) – https://us-cert.cisa.gov/
Threatpost – Vulnerabilities is a blog that provides current news and information around recently discovered and disclosed vulnerabilities. https://threatpost.com/category/vulnerabilities/