SECURITY researchers face a daily CVE flood, with EPSS proposed as a complementary way to gauge exploit risk beyond CVSS, as outlined in SANS ISC’s Handling the CVE Flood With EPSS. The piece notes that CVEs published in 2023 were over 29,000 and in 2024 over 40,000, with about 110 new CVEs per day and roughly 5–7% exploited in the wild.
EPSS, developed by FIRST, asks a probabilistic question—P(exploitation within 30 days | CVE is published)—and ranges from 0.00001 to 1.0, using a gradient-boosted model with around 1,400 daily signals. An example shows how to query EPSS scores via an API and explains an integration where a Python script enriches vulnerability alerts in Wazuh with EPSS data, including a simple risk-labelling scheme (low, medium, high, critical).
The article cites sources and references, including cvedetails and FIRST, and notes EPSS’s public API and the existence of example code and alert rules. Published on 20 April 2026, according to FIRST.