The time taken between a vulnerability existing and a patch being released to fix it can be several weeks, months or even years. An exploit written to take advantage of this gap is known as a Zero Day.
The bad guys are particularly interested in carrying out attacks against systems with vulnerabilities but no patches, for obvious reasons: it’s very difficult to defend agaisnt them.
Depending on the level of access the zero day can provide, or the damage a bad actor can cause with it, will have an effect on the value of each zero day attack on the Dark Web. Some may sell for “only” a few thousands of pounds, but some can fetch well into five figures, if not more.
A very famous attack carried out using zero days is explained in the film of the same name. It tells the story of an attempt to disrupt the Iranian nuclear programme some years ago, and is well worth watching.