Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 5251 | CVE-2025-5486 |
|
44.1th | 9.8 | The WP Email Debug plugin for WordPress has a privilege escalation vulnerability that allows unauthe | |
| 5252 | CVE-2025-4797 |
|
44.1th | 9.8 | This vulnerability allows unauthenticated attackers to log in as any WordPress user, including admin | |
| 5253 | CVE-2025-7778 |
|
44th | 9.8 | The Icons Factory WordPress plugin contains an arbitrary file deletion vulnerability that allows una | |
| 5254 | CVE-2025-58116 |
|
44th | 7.2 | This CVE describes an OS command injection vulnerability in I-O DATA WN-7D36QR and WN-7D36QR/UE wire | |
| 5255 | CVE-2025-55679 |
|
44th | 5.1 | This Windows Kernel vulnerability allows local attackers to read sensitive kernel memory due to impr | |
| 5256 | CVE-2025-44014 |
|
44.1th | 8.8 | An out-of-bounds write vulnerability in Qsync Central allows authenticated remote attackers to modif | |
| 5257 | CVE-2026-2097 |
|
44.1th | 8.8 | Agentflow software by Flowring contains an arbitrary file upload vulnerability that allows authentic | |
| 5258 | CVE-2025-34434 |
|
44.1th | 9.1 | AVideo versions before 20.1 with the ImageGallery plugin enabled are vulnerable to unauthenticated f | |
| 5259 | CVE-2025-13516 |
|
44.1th | 8.1 | The SureMail WordPress plugin allows unauthenticated attackers to upload malicious PHP files through | |
| 5260 | CVE-2025-40805 |
|
44.1th | 10.0 | This critical vulnerability allows unauthenticated remote attackers to bypass authentication on spec | |
| 5261 | CVE-2024-11628 |
|
44th | 4.1 | This CVE describes a prototype pollution vulnerability in Progress Telerik Kendo UI for Vue componen | |
| 5262 | CVE-2025-24968 |
|
44th | 8.8 | This vulnerability in reNgine allows attackers with penetration_tester or auditor roles to delete al | |
| 5263 | CVE-2024-58128 |
|
44th | 5.5 | This vulnerability allows attackers with admin privileges in MISP to inject malicious scripts via me | |
| 5264 | CVE-2024-55073 |
|
44th | 7.6 | A Broken Object Level Authorization vulnerability in Mealie v2.2.0 allows authenticated users to mod | |
| 5265 | CVE-2025-2847 |
|
44th | 6.3 | A critical SQL injection vulnerability exists in Codezips Gym Management System 1.0 through the /das | |
| 5266 | CVE-2024-54546 |
|
44th | 7.5 | This vulnerability allows a malicious application to cause kernel memory corruption or system crashe | |
| 5267 | CVE-2025-32782 |
|
43.9th | 5.3 | Ash Authentication's account confirmation flow uses GET requests triggered by email links. Email cli | |
| 5268 | CVE-2025-3559 |
|
44th | 6.3 | This critical SQL injection vulnerability in ghostxbh uzy-ssm-mall 1.0.0 allows remote attackers to | |
| 5269 | CVE-2025-3553 |
|
44th | 6.3 | This critical SQL injection vulnerability in phpshe 1.8 allows remote attackers to execute arbitrary | |
| 5270 | CVE-2025-3305 |
|
43.9th | 4.3 | CVE-2025-3305 is an improper access control vulnerability in IKUN_Library 1.0 that allows remote att | |
| 5271 | CVE-2025-49656 |
|
43.9th | 7.5 | This vulnerability allows administrators in Apache Jena Fuseki to create database files outside the | |
| 5272 | CVE-2024-33507 |
|
44th | 7.4 | This CVE describes two vulnerabilities in FortiIsolator's authentication mechanism: insufficient ses | |
| 5273 | CVE-2025-9710 |
|
43.9th | 6.3 | This vulnerability in the Responsive Lightbox & Gallery WordPress plugin allows unauthenticated atta | |
| 5274 | CVE-2023-53875 |
|
44th | 8.8 | GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer compo | |
| 5275 | CVE-2025-63365 |
|
43.9th | 7.1 | SoftSea EPUB File Reader 1.0.0.0 contains a directory traversal vulnerability in its EPUB file proce | |
| 5276 | CVE-2024-35278 |
|
43.8th | 4.3 | This SQL injection vulnerability in Fortinet FortiPortal allows authenticated attackers to view serv | |
| 5277 | CVE-2025-23037 |
|
43.8th | 5.4 | A stored cross-site scripting (XSS) vulnerability in WeGIA's control.php endpoint allows attackers t | |
| 5278 | CVE-2025-23035 |
|
43.8th | 5.4 | A stored cross-site scripting (XSS) vulnerability in WeGIA's adicionar_tipo_quadro_horario.php endpo | |
| 5279 | CVE-2025-23033 |
|
43.8th | 5.4 | This stored XSS vulnerability in WeGIA allows attackers to inject malicious scripts through the 'sit | |
| 5280 | CVE-2025-23031 |
|
43.8th | 5.4 | A stored cross-site scripting (XSS) vulnerability in WeGIA's adicionar_alergia.php endpoint allows a | |
| 5281 | CVE-2025-22613 |
|
43.8th | 5.4 | This stored XSS vulnerability in WeGIA allows attackers to inject malicious scripts into the 'descri | |
| 5282 | CVE-2025-22142 |
|
43.8th | 5.4 | This is a stored cross-site scripting (XSS) vulnerability in NamelessMC where administrators can add | |
| 5283 | CVE-2024-13109 |
|
43.9th | 5.3 | This vulnerability allows unauthorized access to the /doc.html endpoint in Beijing Yunfan Internet T | |
| 5284 | CVE-2025-22869 |
|
43.8th | 7.5 | SSH servers implementing file transfer protocols (like SFTP/SCP) are vulnerable to a resource exhaus | |
| 5285 | CVE-2025-27609 |
|
43.8th | 5.4 | CVE-2025-27609 is a cross-site scripting (XSS) vulnerability in Icinga Web 2 that allows attackers t | |
| 5286 | CVE-2025-29782 |
|
43.8th | 5.4 | A stored XSS vulnerability in WeGIA's 'adicionar_tipo_docs_atendido.php' endpoint allows attackers t | |
| 5287 | CVE-2025-25191 |
|
43.8th | 5.4 | This stored cross-site scripting (XSS) vulnerability in Group-Office allows attackers to inject mali | |
| 5288 | CVE-2025-1532 |
|
43.9th | 8.1 | The Phoneservice module contains a code injection vulnerability (CWE-94) that allows attackers to ex | |
| 5289 | CVE-2025-30960 |
|
43.9th | 8.3 | This CVE describes a Missing Authorization vulnerability in the FS Poster WordPress plugin that allo | |
| 5290 | CVE-2025-33026 |
|
43.9th | 6.1 | This vulnerability allows attackers to bypass Windows' Mark-of-the-Web protection in PeaZip when ext | |
| 5291 | CVE-2025-31415 |
|
43.9th | 7.6 | This CVE describes a Missing Authorization vulnerability in the YayCommerce YayExtra WordPress plugi | |
| 5292 | CVE-2025-6097 |
|
43.9th | 5.3 | This vulnerability allows remote attackers to change the administrator password without verification | |
| 5293 | CVE-2025-41715 |
|
43.8th | 9.8 | This vulnerability exposes a web application's database without authentication, allowing unauthentic | |
| 5294 | CVE-2025-61770 |
|
43.8th | 7.5 | This vulnerability in Rack (Ruby web server interface) allows remote attackers to cause denial of se | |
| 5295 | CVE-2025-62222 |
|
43.8th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable v | |
| 5296 | CVE-2025-13329 |
|
43.8th | 9.8 | The File Uploader for WooCommerce WordPress plugin allows unauthenticated attackers to upload arbitr | |
| 5297 | CVE-2025-13427 |
|
43.8th | N/A | An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allows unauthenticate | |
| 5298 | CVE-2025-67822 |
|
43.8th | 9.4 | An authentication bypass vulnerability in Mitel MiVoice MX-ONE Provisioning Manager allows unauthent | |
| 5299 | CVE-2023-48758 |
|
43.7th | 7.1 | This CVE describes a missing authorization vulnerability in Crocoblock's JetEngine WordPress plugin | |
| 5300 | CVE-2025-25289 |
|
43.8th | 5.3 | A Regular Expression Denial of Service (ReDoS) vulnerability exists in @octokit/request-error versio |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free