A zero-day vulnerability is one that is known to the software vendor but has not yet been patched or for which a patch is not yet widely available. These vulnerabilities are highly critical because they can be exploited by attackers while there is still no widely available or implemented solution to mitigate them. Understanding the correct term is essential for clear communication in reporting vulnerabilities. 'Unidentified' implies that the vulnerability is not known, which is incorrect for a zero-day. 'Known issue' does not necessarily indicate that there is no patch available, and 'under review' suggests that the vulnerability is being evaluated but does not convey the urgency or lack of available patch.