Paste any CVE. Get the latest EPSS probability and percentile, plus a CISA KEV cross-check — updated daily from FIRST.org. No account, no sign-in.
Description
On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface (lo0). The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This issue does not affect any other EX series devices.
ReferenceWhat is an EPSS score?
EPSS, the Exploit Prediction Scoring System, is a daily-updated probability that a CVE will be exploited in the wild within the next 30 days. Maintained by FIRST.org, it is the de-facto companion to CVSS for prioritizing vulnerability remediation in 2026.
Two numbers come back per CVE:
- Probability — a value between 0 and 1. EPSS 0.95 means a 95% modeled chance the vulnerability will see exploit activity in the next 30 days.
- Percentile — where this CVE ranks against every other CVE in the EPSS dataset. A percentile of 0.99 means the CVE is more likely to be exploited than 99% of all known CVEs.
CVSS tells you how bad a vulnerability could be in theory. EPSS tells you how likely it is to bite you in the next month.
ComparisonEPSS vs CVSS — which should I use?
Both. CVSS measures impact assuming an exploit exists. EPSS measures how likely an exploit is to be deployed.
| Scenario | CVSS | EPSS | Verdict |
|---|
| Dangerous on paper, unlikely in practice | 9.8 | 0.001 | Patch on schedule |
| Less severe but actively exploited | 6.5 | 0.95 | Patch tonight |
| Meaningful threat, contextual urgency | 7.5 | 0.20 | Use environment data |
If you are still patching by CVSS alone in 2026, you are patching the wrong things first.
API
Want this in your SOAR or SIEM?
SARA Open ships an OpenAI-compatible API. Call POST /api/v1/analyze — SARA returns EPSS, CVSS, KEV status, and an analyst-grade written summary in one call.
curl -X POST https://sara-open.sirp.io/api/v1/analyze \
-H "Authorization: Bearer $SARA_API_KEY" \
-H "Content-Type: application/json" \
-d '{"type": "cve", "value": "CVE-2021-44228"}'
Read the API reference →
FAQFrequently asked questions
What is a good EPSS score?
Anything at or above 0.5 means a vulnerability is more likely than not to be exploited in the next 30 days. Most enterprises treat 0.7 and above as a patch-immediately signal. Below 0.1, EPSS treats the vulnerability as low-likelihood — that is not the same as low-severity.
How often is EPSS updated?
Daily, by FIRST.org. This tool always pulls the most recent value with no caching.
Is EPSS free?
Yes. The EPSS dataset and API are free under FIRST.org's terms.
Can I bulk-lookup CVEs with EPSS?
This page handles single CVEs. Bulk lookups are available via the SARA API; Pro and Team plans support up to 200 and 500 requests per hour respectively.
Does EPSS replace CVSS?
No. EPSS measures likelihood. CVSS measures impact. Use both, plus the CISA KEV catalog as a binary signal of confirmed in-the-wild exploitation.
Is EPSS the same as the CISA KEV catalog?
No. EPSS is a probability model. KEV is a binary, evidence-based list of CVEs CISA has confirmed are being exploited. Use both — EPSS for forecasting, KEV for confirmed exploitation.