A security flaw, glitch, or weakness found in software code that could be exploited by an attacker (threat source).
Sources:
NISTIR 8011 Vol. 4
under software vulnerability
from
NIST SP 800-163 Rev.1 - Adapted