Common Vulnerabilities and Exposures. The standard public identifier for a disclosed software vulnerability.
CVE is the public catalogue of disclosed software vulnerabilities, maintained by MITRE. Each entry has a stable identifier of the form CVE-YYYY-NNNN, a short description, and references to vendor advisories. NVD enriches the CVE record with CVSS scoring, affected-product CPE strings, and CWE classification.
Cloud-relevant CVEs typically affect the cloud control plane (a vulnerability in a managed service), the cloud-hosted application layer (web servers, identity gateways), or the underlying infrastructure (hypervisors, container runtimes). Most CVEs published each year are endpoint software (Office suites, browsers, operating-system components) and are out of scope for cloud-detection products.