Glossary
CWE (Common Weakness Enumeration)
What Is CWE (Common Weakness Enumeration)?
A CWE (Common Weakness Enumeration) is a category of underlying software flaw — like buffer overflow, SQL injection, or insecure deserialization — that can lead to vulnerabilities, used to describe the kind of weakness present even when no specific CVE has been published.
CWEs identify the patterns that produce vulnerabilities, while CVEs identify specific instances of those patterns in specific software.
Zero-day vulnerabilities are the sharpest expression of that distinction. A zero-day is a vulnerability that exists in deployed software but has not yet been publicly disclosed — the underlying weakness is present, exploitable, and unpatched, but no CVE has been issued and no defender knows to look for it. Every zero-day begins as a CWE pattern in the code before it ever becomes a CVE.
NetRise ZeroLens uses AI to detect CWEs in compiled software before they become published CVEs — giving security teams a head start on remediation before the weakness is publicly disclosed and exploited.
Related Terms
CVE · CPE · NetRise ZeroLens · Zero-Day Vulnerability · Vulnerability Management


