[lcnPylGDnU4H9OF]

It’s a zero-day only at the point when it’s been exploited without having been reported. “Zero” is referring to the number of days since disclosure that an exploit ocurred. If it’s patched before it’s exploited, it wouldn’t be considered a “zero-day exploit”.

[pksebben]

or if it's been reported but not acted on, and gets exploited before that happens.

[lcnPylGDnU4H9OF]

I believe if, say, 10 days had passed since the report, it would be called a “10-day” exploit. But it’s also security research jargon that I’m not familiar with in a practical sense so I may be wrong.