It is a vulnerability discovered in a software by someone who is not authoritative to explore that vulnerability. In testing period of an application, the developer might not be able to fulfill all loopholes but if one of its users discover that vulnerability, then that vulnerability will be declared as a Zero Day.
Debugging Myths About CyberSpace!