Glossary · Vulnerability Management

EPSS

Also known as: Exploit Prediction Scoring System

Exploit Prediction Scoring System — probabilistic likelihood that a CVE will be exploited.

EPSS produces a 0–1 probability that a given CVE will see active exploitation in the next 30 days. It is increasingly used alongside CVSS severity to prioritise patching and TARA updates — a high-CVSS / low-EPSS issue may be lower-priority than a medium-CVSS / high-EPSS one.

Related terms

CVE
Common Vulnerabilities and Exposures — public identifier for a disclosed security flaw.
CISA KEV
CISA's Known Exploited Vulnerabilities catalog — CVEs confirmed to be exploited in the wild.

Need help applying EPSS on a programme? Use the contact form or request a KAVACH demo.

EPSS

CVE

CISA KEV