Which standard uses publicly disclosed cybersecurity vulnerabilities with unique identifiers?

The concept being tested is the system that uniquely identifies publicly disclosed vulnerabilities. This standard assigns a distinct ID to every vulnerability, making it easy to reference across advisories, databases, tools, and reports. That unique identifier and its accompanying record (such as the description, affected products, references, and severity context) are what enable consistent communication about a vulnerability from vendors to researchers to responders. In practice, you’ll see identifiers like CVE-YYYY-NNNN, which come from the Common Vulnerabilities and Exposures system maintained to standardize these references. This is different from other catalogs: CWE focuses on types of software weaknesses rather than individual vulnerabilities; CPE identifies products and platforms rather than flaws; and CIS provides security controls and benchmarks rather than a vulnerability-ID catalog. Using CVEs lets you quickly and accurately cross-check vulnerability details, patches, and exploit information across sources, which is essential in forensic reporting and incident response.