What is the term for an attack leveraging a known vulnerability before a patch is available?

The term for an attack that exploits a known vulnerability before a patch is available is known as a zero-day attack. This type of attack takes advantage of the window of opportunity that exists between the time a vulnerability is discovered and the release of a fix or patch for that vulnerability.

During this period, attackers can exploit the vulnerability without any defenses in place, making zero-day attacks particularly dangerous and effective. The name "zero-day" reflects the fact that there are zero days of protection against the vulnerability when it is first exploited. Organizations are often at high risk during this window as their systems remain exposed to potential exploits.

Understanding zero-day attacks is critical in the context of web security, as they highlight the importance of prompt patch management and the need for robust security practices to detect and mitigate potential risks before patches are available.