A known vulnerability refers to a vulnerability that has been identified and documented, making it more likely for an attacker to be aware of its existence and attempt to exploit it. This can happen in several ways, including being assigned a CVE (Common Vulnerabilities and Exposures) number, being disclosed on the internet through open source projects or issue reports, being stored in public vulnerability databases such as NVD or other public databases like VictimsDB, RedHat, or Openwall, or being captured in closed vulnerability databases that are accessible to customers. The likelihood of an attacker using a known vulnerability is higher than an unsurfaced or zero-day vulnerability, which may not be publicly known but can still pose a significant risk if discovered by attackers. Prioritizing the fix of known vulnerabilities over others is recommended to ensure timely patching and minimize the attack surface.