Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1 | CVE-2023-28322 |
|
65.5th | 3.7 | This vulnerability in curl versions before 8.1.0 causes information disclosure when reusing a handle | |
| 2 | CVE-2025-15116 |
|
41.1th | 3.7 | A race condition vulnerability exists in OpenCart's Single-Use Coupon Handler component, allowing at | |
| 3 | CVE-2025-12923 |
|
40.6th | 2.7 | This vulnerability in ChestnutCMS allows attackers to perform path traversal attacks via the resourc | |
| 4 | CVE-2025-15244 |
|
37th | 3.7 | A race condition vulnerability exists in PHPEMS's Purchase Request Handler component, allowing attac | |
| 5 | CVE-2025-14954 |
|
33.9th | 3.7 | This vulnerability in Open5GS allows remote attackers to trigger reachable assertions in PFCP (Packe | |
| 6 | CVE-2026-1685 |
|
33.1th | 3.7 | This vulnerability in D-Link DIR-823X routers allows attackers to bypass authentication attempt limi | |
| 7 | CVE-2025-48985 |
|
30.6th | 3.7 | This vulnerability in Vercel's AI SDK allows users to bypass filetype whitelists when uploading file | |
| 8 | CVE-2025-60912 |
|
29.2th | 3.3 | phpIPAM v1.7.3 contains a CSRF vulnerability in the database export functionality that allows attack | |
| 9 | CVE-2026-23739 |
|
28.7th | 2.0 | This CVE describes an XML External Entity (XXE) vulnerability in Asterisk's XML parsing function. It | |
| 10 | CVE-2025-15187 |
|
28.5th | 3.8 | This vulnerability in GreenCMS allows remote attackers to perform path traversal attacks by manipula | |
| 11 | CVE-2025-15245 |
|
28.1th | 3.5 | This vulnerability allows local network attackers to perform path traversal attacks via the firmware | |
| 12 | CVE-2025-52666 |
|
26.6th | 2.7 | This vulnerability in Revive Adserver allows authenticated administrator users to cause a fatal PHP | |
| 13 | CVE-2025-43531 |
|
25.1th | 3.1 | This CVE describes a race condition vulnerability in Apple's web content processing that could allow | |
| 14 | CVE-2025-15284 |
|
24.6th | 3.7 | This vulnerability allows attackers to bypass array size limits in the qs parsing library, enabling | |
| 15 | CVE-2025-47279 |
|
23.4th | 3.1 | Undici HTTP client for Node.js versions before 5.29.0, 6.21.2, and 7.5.0 have a memory leak vulnerab | |
| 16 | CVE-2025-54559 |
|
23.4th | 3.7 | This path traversal vulnerability in Desktop Alert PingAlert allows attackers to load arbitrary exte | |
| 17 | CVE-2025-13058 |
|
23.4th | 3.5 | This CVE describes a cross-site scripting (XSS) vulnerability in soerennb eXtplorer file manager up | |
| 18 | CVE-2025-13879 |
|
23.2th | 2.7 | A directory traversal vulnerability in SOLIDserver IPAM v8.2.3 allows authenticated administrators t | |
| 19 | CVE-2025-14953 |
|
22.6th | 3.1 | A null pointer dereference vulnerability in Open5GS's PFCP handler allows remote attackers to cause | |
| 20 | CVE-2026-24934 |
|
22.6th | 3.7 | This CVE describes an insecure DDNS implementation in ASUSTOR ADM software where HTTP connections la | |
| 21 | CVE-2025-13015 |
|
22.2th | 3.4 | This CVE describes a spoofing vulnerability in Mozilla Firefox and Thunderbird that could allow an a | |
| 22 | CVE-2025-12854 |
|
20.7th | 3.7 | This vulnerability in newbee-mall-plus allows attackers to bypass authorization by manipulating the | |
| 23 | CVE-2026-0992 |
|
20.7th | 2.9 | This vulnerability in libxml2 allows remote attackers to cause denial-of-service by sending crafted | |
| 24 | CVE-2025-12817 |
|
20.3th | 3.1 | A missing authorization vulnerability in PostgreSQL's CREATE STATISTICS command allows table owners | |
| 25 | CVE-2025-69873 |
|
20.2th | 2.9 | CVE-2025-69873 is a Regular Expression Denial of Service (ReDoS) vulnerability in ajv (Another JSON | |
| 26 | CVE-2025-57812 |
|
19.5th | 3.7 | This vulnerability allows an attacker to trigger out-of-bounds memory read/write operations by submi | |
| 27 | CVE-2025-55249 |
|
19.5th | 3.5 | HCL AION web applications are vulnerable due to missing standard security HTTP response headers. Thi | |
| 28 | CVE-2026-1532 |
|
19.5th | 2.4 | This CVE describes a path traversal vulnerability in D-Link DCS-700L IP cameras running firmware ver | |
| 29 | CVE-2025-14636 |
|
19.6th | 3.7 | This vulnerability in Tenda AX9 routers allows attackers to exploit weak hash functions in the firmw | |
| 30 | CVE-2026-0925 |
|
19.3th | 2.7 | CVE-2026-0925 is an improper input validation vulnerability in Tanium Discover that could allow atta | |
| 31 | CVE-2025-15200 |
|
19.2th | 2.4 | This vulnerability allows attackers to inject malicious scripts into SohuTV CacheCloud web interface | |
| 32 | CVE-2025-31964 |
|
19.3th | 2.2 | This vulnerability in HCL BigFix IVR 4.2 allows privileged attackers to disrupt service availability | |
| 33 | CVE-2025-52660 |
|
18.7th | 2.7 | HCL AION has an unrestricted file upload vulnerability that allows attackers to upload malicious fil | |
| 34 | CVE-2025-66062 |
|
18.5th | 3.7 | This CVE describes an open redirect vulnerability in the WP YouTube Lyte WordPress plugin that allow | |
| 35 | CVE-2025-12623 |
|
18.3th | 3.1 | This CVE describes an authorization bypass vulnerability in the fushengqian fuint software's authent | |
| 36 | CVE-2025-12920 |
|
18.2th | 2.4 | This is a cross-site scripting (XSS) vulnerability in FoxCMS up to version 1.2.16 that allows attack | |
| 37 | CVE-2026-0989 |
|
18.2th | 3.7 | A denial-of-service vulnerability exists in libxml2's RelaxNG parser where nested <include> directiv | |
| 38 | CVE-2025-8998 |
|
17.9th | 3.1 | This vulnerability allows authenticated users with operator or administrator privileges to upload sp | |
| 39 | CVE-2026-25224 |
|
17.8th | 3.7 | A denial-of-service vulnerability in Fastify's Web Streams response handling allows remote clients t | |
| 40 | CVE-2025-65942 |
|
17.8th | 2.7 | VictoriaMetrics versions 1.0.0-1.110.22, 1.111.0-1.122.7, and 1.123.0-1.129.0 are vulnerable to deni | |
| 41 | CVE-2026-25764 |
|
17.4th | 3.5 | OpenProject versions before 16.6.7 and 17.0.3 contain an HTML injection vulnerability in the time tr | |
| 42 | CVE-2025-12919 |
|
17.3th | 3.7 | This vulnerability in EverShop allows attackers to manipulate order UUID parameters to access unauth | |
| 43 | CVE-2026-25517 |
|
17.3th | 2.7 | This CVE describes a missing authorization vulnerability in Wagtail CMS preview endpoints. Authentic | |
| 44 | CVE-2026-2110 |
|
17.5th | 3.7 | This vulnerability allows attackers to perform unlimited authentication attempts against the SwiftBu | |
| 45 | CVE-2025-20378 |
|
17.1th | 3.1 | This vulnerability allows unauthenticated attackers to craft malicious URLs that exploit an unvalida | |
| 46 | CVE-2025-13083 |
|
17.1th | 3.7 | This vulnerability in Drupal core allows attackers to exploit web browser caching to access sensitiv | |
| 47 | CVE-2025-14457 |
|
17.2th | 3.7 | This vulnerability allows unauthenticated attackers to delete arbitrary files uploaded through the D | |
| 48 | CVE-2025-67500 |
|
16.6th | 3.7 | This vulnerability in Mastodon allows attackers to confirm the existence of private statuses by send | |
| 49 | CVE-2025-13352 |
|
16.6th | 3.0 | This vulnerability allows attackers to hijack Mattermost's GitHub reaction feature by exploiting imp | |
| 50 | CVE-2026-20732 |
|
16.6th | 3.1 | This vulnerability in an undisclosed BIG-IP Configuration utility page allows attackers to spoof err |
Page 1 of 9
Next →
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free