Being part of an information security field means that you always have to be aware of known and newly discovered vulnerabilities, especially if they pertain to the technologies you work with. Vulnerabilities are weaknesses or bugs which become security problems of any application or operating system that can be used to the advantage of a hacker.
Once vulnerability is discovered, bad guys will try to exploit it and infect your system. The time between the exploit is in the wild and availability of a patch (an update for the system) is known as Zero Day vulnerability. The name says it all; it is a vulnerability that doesn’t have a fix yet.
To discover existing vulnerabilities on your system, you can run a vulnerability scan (external or authenticated). There are many different software available, both proprietary and freeware. Some well known tools are Qualys, Nessus, Metasploit. If you are hosted in public cloud (GCP, Azure, AWS), you can use cloud native services.
Common Vulnerabilities and Exposures (CVE) are:
Backdoors
Denial-of-service attack
Buffer overflow
Direct-access attacks
Eavesdropping
Spoofing
Tampering
Privilege escalation
Phishing
Clickjacking = UI redress attack
Social engineering and Trojans
There are more vulnerability types out there and hackers become more and more creative. It is paramount to the security posture of your organization to stay current and apply security patches as soon as they become available.