There are a number of resources by which the security community tracks and notifies people of exploits (Bugtraq was the big one in my day) so they can patch their software or otherwise defend against them. A zero-day exploit is one that is so new (as in, discovered the day it is used) that it hasn’t been disseminated through these resources and thus there is no patch against it yet.