What is a security flaw that is exploited without an available patch called?

A flaw that is exploited without an available patch is referred to as a zero-day vulnerability. This term highlights the fact that the vulnerability is "zero days old" in terms of public knowledge and awareness; it is unknown to the software vendor and, therefore, lacks any defensive measures or patches to address the issue. Attackers can exploit these weaknesses immediately after they are discovered, often leading to significant security incidents before a patch or fix can be developed and deployed.

The understanding of zero-day vulnerabilities is critical for organizations as they represent a significant risk, given their potential for exploitation in the wild before any effective mitigation can be put in place. Response measures often involve enhancing monitoring, intrusion detection systems, and preparing incident response protocols to deal with such threats as they arise.