Upon discovering multiple software vulnerabilities, prioritizing a zero-day vulnerability should generally take precedence over established vulnerabilities with known patches available.
When prioritizing vulnerabilities, a zero-day vulnerability—one that is not yet publicly known or for which a patch is not available—often presents a greater threat than known vulnerabilities with available patches. This is due to the lack of defenses against it, and the potential it has to be exploited by attackers who discover it independently. This makes it critical to prioritize addressing such vulnerabilities immediately, often above others that can be mitigated through existing patches or controls.