Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 5151 | CVE-2025-7947 |
|
19.5th | 5.4 | CVE-2025-7947 is an improper authorization vulnerability in jshERP's account deletion function that | |
| 5152 | CVE-2025-7627 |
|
19.4th | 6.3 | This critical vulnerability in YiJiuSmile kkFileViewOfficeEdit allows remote attackers to upload arb | |
| 5153 | CVE-2025-47811 |
|
19.6th | 4.1 | Wing FTP Server versions through 7.4.4 run the administrative web interface with root/SYSTEM privile | |
| 5154 | CVE-2025-5372 |
|
19.5th | 5.0 | A vulnerability in libssh versions built with OpenSSL <3.0 causes the ssh_kdf() function to incorrec | |
| 5155 | CVE-2024-8393 |
|
19.5th | 6.6 | The WooCommerce Blocks - Woolook WordPress plugin contains a Local File Inclusion vulnerability that | |
| 5156 | CVE-2025-8991 |
|
19.6th | 4.3 | A business logic vulnerability in linlinjava litemall up to version 1.8.0 allows remote attackers to | |
| 5157 | CVE-2025-8963 |
|
19.5th | 6.3 | A remote deserialization vulnerability exists in jeecgboot JimuReport up to version 2.1.1, specifica | |
| 5158 | CVE-2025-8749 |
|
19.4th | 6.5 | This path traversal vulnerability in MiR robot software allows authenticated users to access arbitra | |
| 5159 | CVE-2025-8559 |
|
19.5th | 6.5 | The All in One Music Player WordPress plugin contains a path traversal vulnerability that allows aut | |
| 5160 | CVE-2025-11034 |
|
19.5th | 4.3 | This CVE describes a path traversal vulnerability in Dibo Data Decision Making System's downloadImpT | |
| 5161 | CVE-2025-10827 |
|
19.5th | 4.3 | This vulnerability allows attackers to inject malicious scripts into the PHPJabbers Restaurant Menu | |
| 5162 | CVE-2025-9215 |
|
19.6th | 6.5 | This vulnerability allows authenticated attackers with Subscriber-level access or higher to perform | |
| 5163 | CVE-2025-56320 |
|
19.4th | 5.4 | Enterprise Contract Management Portal v22.4.0 contains a stored cross-site scripting vulnerability i | |
| 5164 | CVE-2025-11852 |
|
19.5th | 5.3 | This vulnerability allows remote attackers to access the ONVIF service on Apeman ID71 cameras withou | |
| 5165 | CVE-2025-54288 |
|
19.6th | 6.8 | This vulnerability allows attackers with root privileges inside any LXD container to spoof their pro | |
| 5166 | CVE-2025-63212 |
|
19.5th | 6.5 | GatesAir Flexiva-LX devices expose session IDs in publicly accessible log files, allowing unauthenti | |
| 5167 | CVE-2025-56526 |
|
19.5th | 6.1 | A stored cross-site scripting (XSS) vulnerability in Kotaemon 0.11.0 allows attackers to inject mali | |
| 5168 | CVE-2025-6599 |
|
19.5th | 5.3 | An uncontrolled resource consumption vulnerability in Zyxel DX3301-T0 firmware allows attackers to p | |
| 5169 | CVE-2025-64529 |
|
19.5th | 6.5 | SpiceDB versions before 1.45.2 have a vulnerability where WriteRelationships calls with large payloa | |
| 5170 | CVE-2025-12434 |
|
19.6th | 4.2 | A race condition vulnerability in Google Chrome's storage system on Windows allows attackers to perf | |
| 5171 | CVE-2025-65075 |
|
19.5th | 6.5 | This vulnerability allows high-privileged attackers to perform path traversal attacks through the al | |
| 5172 | CVE-2025-14660 |
|
19.6th | 5.6 | This vulnerability in DecoCMS Mesh allows improper access control through manipulation of the domain | |
| 5173 | CVE-2025-46287 |
|
19.7th | 6.5 | This CVE describes a FaceTime caller ID spoofing vulnerability in Apple operating systems. An attack | |
| 5174 | CVE-2025-64667 |
|
19.7th | 5.3 | This CVE describes a UI spoofing vulnerability in Microsoft Exchange Server where an unauthorized at | |
| 5175 | CVE-2024-47570 |
|
19.6th | 6.6 | This vulnerability allows read-only administrators to retrieve API tokens of other administrators by | |
| 5176 | CVE-2025-62408 |
|
19.5th | 5.9 | A denial-of-service vulnerability in c-ares resolver library versions 1.32.3 through 1.34.5 causes q | |
| 5177 | CVE-2025-14219 |
|
19.5th | 4.7 | Campcodes Retro Basketball Shoes Online Store 1.0 has an unrestricted file upload vulnerability in t | |
| 5178 | CVE-2025-20384 |
|
19.5th | 5.3 | An unauthenticated attacker can inject ANSI escape codes into Splunk log files via the /en-US/static | |
| 5179 | CVE-2025-13534 |
|
19.6th | 6.3 | The ELEX WordPress HelpDesk plugin has a privilege escalation vulnerability that allows authenticate | |
| 5180 | CVE-2026-1310 |
|
19.5th | 5.3 | The Simple calendar for Elementor WordPress plugin has a missing authorization vulnerability that al | |
| 5181 | CVE-2026-0927 |
|
19.5th | 5.3 | The KiviCare WordPress plugin allows unauthenticated attackers to upload arbitrary text and PDF file | |
| 5182 | CVE-2026-1245 |
|
19.5th | 6.5 | A code injection vulnerability in binary-parser library versions before 2.3.0 allows attackers to ex | |
| 5183 | CVE-2026-0885 |
|
19.6th | 6.5 | This CVE describes a use-after-free vulnerability in the JavaScript garbage collection component of | |
| 5184 | CVE-2025-67811 |
|
19.4th | 6.5 | CVE-2025-67811 is an SQL injection vulnerability in Area9 Rhapsode 1.47.3 that allows authenticated | |
| 5185 | CVE-2024-14020 |
|
19.6th | 5.0 | This CVE describes a prototype pollution vulnerability in carboneio carbone's Formatter Handler comp | |
| 5186 | CVE-2025-1053 |
|
19.2th | 4.9 | During SANnav installation or upgrade error conditions, the encryption key can be written to and ret | |
| 5187 | CVE-2024-28989 |
|
19.3th | 5.5 | SolarWinds Web Help Desk contains a hardcoded cryptographic key that could allow attackers to decryp | |
| 5188 | CVE-2025-2150 |
|
19.2th | 5.4 | HGiga C&Cm@il has a stored XSS vulnerability where authenticated users can embed malicious JavaScrip | |
| 5189 | CVE-2023-52971 |
|
19.2th | 4.9 | A denial-of-service vulnerability in MariaDB Server causes crashes when processing certain JOIN quer | |
| 5190 | CVE-2025-25617 |
|
19.3th | 4.3 | CVE-2025-25617 is an incorrect access control vulnerability in Unifiedtransform 2.X that allows teac | |
| 5191 | CVE-2025-22077 |
|
19.3th | 5.5 | This CVE describes a Linux kernel vulnerability in the SMB client where a reverted fix incorrectly r | |
| 5192 | CVE-2025-20952 |
|
19.2th | 5.5 | This vulnerability in Mdecservice allows local attackers to bypass access controls and read arbitrar | |
| 5193 | CVE-2025-20120 |
|
19.3th | 6.1 | An unauthenticated remote attacker can inject malicious scripts into Cisco EPNM and Prime Infrastruc | |
| 5194 | CVE-2025-40576 |
|
19.3th | 4.3 | A vulnerability in Siemens SCALANCE LPE9403 industrial switches allows unauthenticated remote attack | |
| 5195 | CVE-2025-43002 |
|
19.3th | 4.3 | This vulnerability in SAP S4CORE allows authenticated attackers to access restricted information thr | |
| 5196 | CVE-2024-45581 |
|
19.2th | 6.6 | This vulnerability allows memory corruption during sound model registration for voice activation in | |
| 5197 | CVE-2023-29113 |
|
19.3th | 6.3 | This vulnerability in MIB3 infotainment units allows attackers with existing system access to bypass | |
| 5198 | CVE-2025-30642 |
|
19.3th | 5.5 | A link following vulnerability in Trend Micro Deep Security 20.0 agents allows local attackers to cr | |
| 5199 | CVE-2025-46884 |
|
19.3th | 4.8 | This stored XSS vulnerability in Adobe Experience Manager allows high-privileged attackers to inject | |
| 5200 | CVE-2025-48996 |
|
19.2th | 5.3 | An unauthenticated information disclosure vulnerability in HAX open-apis allows remote attackers to |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free