When prioritizing vulnerabilities, a zero-day vulnerability—one that is not yet publicly known or for which a patch is not available—often presents a greater threat than known vulnerabilities with available patches. This is due to the lack of defenses against it, and the potential it has to be exploited by attackers who discover it independently. This makes it critical to prioritize addressing such vulnerabilities immediately, often above others that can be mitigated through existing patches or controls.