Known vulnerabilities account for the vast majority of successful exploits. Many known vulnerabilities don’t have a CVE at all. A vulnerability in an open database is nearly as known as those with a CVE. Unsurfaced vulnerabilities are also known, and could be considered worse than those with an ID. The National Vulnerability Database (NVD) is the most official vulnerability database, but other databases do exist. The only difference between NVD and these databases is the filtering process to get in, which differs from DB to DB.”]
Source: https://www.csoonline.com/article/3243013/what-s-a-known-vulnerability.html