What is the difference between an exploit and vulnerability in information security?

A vulnerability is a weak point in a system. This implies a risk, especially to confidential information.

An exploit is a means of taking advantage of the vulnerability and using it to take advantage of a system or network.

Just because something has been identified as a vulnerability doesn't mean that it has been used to compromise a system. The presence of the exploit means someone has successfully used that weakness and taken advantage of it.