Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 5751 | CVE-2025-11509 |
|
17.6th | 6.3 | This SQL injection vulnerability in code-projects E-Commerce Website 1.0 allows attackers to manipul | |
| 5752 | CVE-2025-11431 |
|
17.6th | 6.3 | This SQL injection vulnerability in code-projects Web-Based Inventory and POS System 1.0 allows atta | |
| 5753 | CVE-2025-11281 |
|
17.7th | 5.0 | This vulnerability in Frappe LMS 2.35.0 allows attackers to bypass access controls on unpublished co | |
| 5754 | CVE-2025-59792 |
|
17.6th | 5.3 | The CVE-2025-59792 vulnerability in Apache Kvrocks allows attackers to obtain plaintext credentials | |
| 5755 | CVE-2025-12525 |
|
17.7th | 5.3 | The Locker Content WordPress plugin version 1.0.0 contains a sensitive information exposure vulnerab | |
| 5756 | CVE-2026-23685 |
|
17.7th | 4.4 | This CVE describes a deserialization vulnerability in SAP NetWeaver's JMS service that allows authen | |
| 5757 | CVE-2025-12894 |
|
17.7th | 5.3 | The Import WP plugin for WordPress exposes sensitive data through unprotected directories. Unauthent | |
| 5758 | CVE-2025-62709 |
|
17.5th | 6.8 | ClipBucket v5.5.2 has a host header injection vulnerability that allows attackers to manipulate pass | |
| 5759 | CVE-2025-13250 |
|
17.5th | 6.3 | This vulnerability in WeiYe-Jing datax-web up to version 2.1.2 allows remote attackers to bypass acc | |
| 5760 | CVE-2025-12098 |
|
17.7th | 5.3 | This vulnerability in the Academy LMS WordPress plugin exposes sensitive information including Faceb | |
| 5761 | CVE-2025-12909 |
|
17.6th | 5.3 | This vulnerability allows a remote attacker to leak cross-origin data through Chrome DevTools due to | |
| 5762 | CVE-2025-64327 |
|
17.5th | 5.3 | ThinkDashboard versions 0.6.7 and below contain a blind SSRF vulnerability in the /api/ping?url= end | |
| 5763 | CVE-2025-12192 |
|
17.7th | 5.3 | The Events Calendar WordPress plugin versions up to 6.15.9 have an information disclosure vulnerabil | |
| 5764 | CVE-2025-62275 |
|
17.8th | 5.3 | This vulnerability allows remote attackers to view images in blog entries without proper permission | |
| 5765 | CVE-2025-62122 |
|
17.7th | 5.3 | A missing authorization vulnerability in the WordPress Trash Duplicate and 301 Redirect plugin allow | |
| 5766 | CVE-2025-66080 |
|
17.7th | 5.3 | This vulnerability allows attackers to bypass authorization controls in the WP Cookie Notice plugin, | |
| 5767 | CVE-2025-15130 |
|
17.7th | 4.7 | This vulnerability allows remote attackers to execute arbitrary code through the addPost function in | |
| 5768 | CVE-2025-68382 |
|
17.6th | 6.5 | An out-of-bounds read vulnerability in the NFS protocol dissector allows unauthenticated remote atta | |
| 5769 | CVE-2025-68381 |
|
17.6th | 6.5 | A buffer overflow vulnerability in Packetbeat allows remote unauthenticated attackers to crash the a | |
| 5770 | CVE-2025-54743 |
|
17.7th | 5.3 | This CVE describes a Missing Authorization vulnerability in the WordPress Download After Email plugi | |
| 5771 | CVE-2025-66924 |
|
17.8th | 6.1 | This Cross-site scripting (XSS) vulnerability in Open Source Point of Sale allows attackers to injec | |
| 5772 | CVE-2025-65581 |
|
17.7th | 5.3 | An open redirect vulnerability in Volosoft ABP Framework's Account module allows attackers to redire | |
| 5773 | CVE-2025-65076 |
|
17.6th | 6.1 | CVE-2025-65076 is a path traversal vulnerability in WaveView client's ilog script that allows high-p | |
| 5774 | CVE-2025-64253 |
|
17.6th | 4.9 | This path traversal vulnerability in WordPress Health Check & Troubleshooting plugin allows attacker | |
| 5775 | CVE-2025-64898 |
|
17.7th | 4.3 | ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier have an insufficient credential protection | |
| 5776 | CVE-2025-42873 |
|
17.6th | 5.9 | This CVE describes a denial-of-service vulnerability in SAPUI5/OpenUI5 where malformed markdown inpu | |
| 5777 | CVE-2025-14004 |
|
17.7th | 4.7 | This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in dayrui XunRuiCMS up to vers | |
| 5778 | CVE-2025-13948 |
|
17.6th | 5.6 | This vulnerability in opsre go-ldap-admin allows attackers to manipulate JWT secret keys, potentiall | |
| 5779 | CVE-2025-13877 |
|
17.6th | 5.6 | This vulnerability in NocoBase involves the use of a hard-coded cryptographic key in the JWT Service | |
| 5780 | CVE-2025-41066 |
|
17.7th | 5.3 | Horde Groupware v5.2.22 contains a user enumeration vulnerability that allows unauthenticated attack | |
| 5781 | CVE-2025-58480 |
|
17.7th | 4.3 | A heap-based buffer overflow vulnerability in Samsung's libimagecodec.quram.so library allows remote | |
| 5782 | CVE-2026-24050 |
|
17.6th | 5.4 | This stored cross-site scripting (XSS) vulnerability in Zulip allows attackers to inject malicious s | |
| 5783 | CVE-2025-27448 |
|
17.8th | 6.8 | This cross-site scripting (XSS) vulnerability allows attackers to inject malicious JavaScript into d | |
| 5784 | CVE-2021-47768 |
|
17.5th | 6.1 | CVE-2021-47768 is a persistent HTML injection vulnerability in ImportExportTools NG 10.0.4 for Thund | |
| 5785 | CVE-2026-20958 |
|
17.8th | 5.4 | This Server-Side Request Forgery (SSRF) vulnerability in Microsoft Office SharePoint allows authenti | |
| 5786 | CVE-2026-20825 |
|
17.6th | 4.4 | This CVE describes an improper access control vulnerability in Windows Hyper-V that allows an authen | |
| 5787 | CVE-2025-68158 |
|
17.5th | 5.7 | This CSRF vulnerability in Authlib allows attackers to bypass Cross-Site Request Forgery protections | |
| 5788 | CVE-2025-61645 |
|
17.6th | 6.1 | This is a cross-site scripting (XSS) vulnerability in MediaWiki's CodexTablePager component that all | |
| 5789 | CVE-2025-22917 |
|
17.2th | 5.4 | A reflected cross-site scripting (XSS) vulnerability in Audemium ERP allows attackers to inject mali | |
| 5790 | CVE-2024-13354 |
|
17.3th | 6.4 | This vulnerability allows authenticated WordPress users with Contributor-level access or higher to i | |
| 5791 | CVE-2024-12043 |
|
17.3th | 6.4 | This stored XSS vulnerability in the Prime Slider WordPress plugin allows authenticated attackers wi | |
| 5792 | CVE-2024-57719 |
|
17.4th | 6.5 | Lunasvg v3.0.0 contains a NULL pointer dereference vulnerability in the blend_transformed_tiled_argb | |
| 5793 | CVE-2025-0604 |
|
17.4th | 5.4 | This vulnerability allows Active Directory users with expired or disabled accounts to bypass AD rest | |
| 5794 | CVE-2023-52923 |
|
17.3th | 5.5 | This CVE addresses a vulnerability in the Linux kernel's netfilter nf_tables subsystem where imprope | |
| 5795 | CVE-2025-21646 |
|
17.5th | 5.5 | A Linux kernel vulnerability in the AFS filesystem where overly long cell names (256+ bytes) cause a | |
| 5796 | CVE-2025-21593 |
|
17.5th | 6.5 | An unauthenticated attacker can send malformed BGP UPDATE packets to Juniper devices with SRv6 enabl | |
| 5797 | CVE-2025-0197 |
|
17.5th | 6.3 | This critical SQL injection vulnerability in code-projects Point of Sales and Inventory Management S | |
| 5798 | CVE-2025-0195 |
|
17.5th | 6.3 | This critical SQL injection vulnerability in Point of Sales and Inventory Management System 1.0 allo | |
| 5799 | CVE-2024-44754 |
|
17.5th | 6.8 | This vulnerability allows physically proximate attackers to extract cryptographic keys from the inte | |
| 5800 | CVE-2024-58022 |
|
17.4th | 5.5 | This CVE fixes a NULL pointer dereference vulnerability in the TH1520 mailbox driver in the Linux ke |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free