Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 5851 | CVE-2025-7762 |
|
40.9th | 8.8 | This critical vulnerability in D-Link DI-8100 routers allows remote attackers to execute arbitrary c | |
| 5852 | CVE-2025-53085 |
|
40.9th | 8.8 | A heap-based buffer overflow vulnerability in the SAIL Image Decoding Library's PSD RLE decoding fun | |
| 5853 | CVE-2025-55294 |
|
40.9th | 9.8 | CVE-2025-55294 is a command injection vulnerability in screenshot-desktop npm package that allows at | |
| 5854 | CVE-2025-37123 |
|
40.9th | 8.8 | This vulnerability allows authenticated remote attackers to escalate privileges on HPE Aruba EdgeCon | |
| 5855 | CVE-2025-62402 |
|
40.9th | 5.4 | This vulnerability allows authenticated API users to execute arbitrary Dag code in the context of th | |
| 5856 | CVE-2021-47724 |
|
41th | 6.5 | STVS ProVision 5.9.10 contains an authenticated path traversal vulnerability in its archive download | |
| 5857 | CVE-2024-38657 |
|
40.8th | 4.9 | This vulnerability allows remote authenticated attackers with admin privileges to write arbitrary fi | |
| 5858 | CVE-2024-57248 |
|
40.8th | 6.3 | CVE-2024-57248 is a directory traversal vulnerability in Gleamtech FileVista 9.2.0.0 that allows att | |
| 5859 | CVE-2025-0256 |
|
40.8th | 4.3 | This vulnerability in HCL DevOps Deploy/Launch allows authenticated users to access sensitive inform | |
| 5860 | CVE-2025-2538 |
|
40.8th | 9.8 | A hardcoded credential vulnerability in Esri Portal for ArcGIS versions 11.4 and below allows remote | |
| 5861 | CVE-2025-30485 |
|
40.8th | 6.2 | A UNIX symbolic link following vulnerability in FutureNet NXR, VXR, and WXR series routers allows lo | |
| 5862 | CVE-2021-25255 |
|
40.8th | 7.5 | This vulnerability in Yandex Browser Lite for Android allows remote attackers to cause a denial of s | |
| 5863 | CVE-2023-51328 |
|
40.8th | 5.4 | PHPJabbers Cleaning Business Software v1.0 contains stored cross-site scripting vulnerabilities in t | |
| 5864 | CVE-2025-20672 |
|
40.8th | 9.8 | This CVE describes a critical Bluetooth driver vulnerability in MediaTek chipsets where an incorrect | |
| 5865 | CVE-2025-54593 |
|
40.8th | 7.2 | This vulnerability allows authenticated administrator users in FreshRSS versions 1.26.1 and below to | |
| 5866 | CVE-2025-9515 |
|
40.9th | 7.2 | The Multi Step Form WordPress plugin allows authenticated administrators to upload arbitrary files d | |
| 5867 | CVE-2023-53871 |
|
40.8th | 9.8 | Soosyze 2.0.0 contains an unrestricted file upload vulnerability that allows attackers to upload HTM | |
| 5868 | CVE-2026-22022 |
|
40.8th | 8.2 | Apache Solr deployments using RuleBasedAuthorizationPlugin with specific configurations are vulnerab | |
| 5869 | CVE-2026-20860 |
|
40.8th | 7.8 | This vulnerability is a type confusion flaw in Windows Ancillary Function Driver for WinSock that al | |
| 5870 | CVE-2026-25117 |
|
40.7th | N/A | This CVE describes a sandbox escape vulnerability in pwn.college DOJO education platform where chall | |
| 5871 | CVE-2025-5192 |
|
40.8th | 7.5 | This vulnerability allows remote attackers to bypass authentication in Soar Cloud HRD Human Resource | |
| 5872 | CVE-2024-57547 |
|
40.7th | 7.5 | CMSimple v5.16 has an insecure permissions vulnerability that allows remote attackers to download PH | |
| 5873 | CVE-2024-55488 |
|
40.7th | 6.5 | A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows authenticated attack | |
| 5874 | CVE-2025-2955 |
|
40.7th | 5.3 | This vulnerability allows remote attackers to improperly access the IBMS configuration file handler | |
| 5875 | CVE-2025-22454 |
|
40.7th | 7.8 | This CVE describes a local privilege escalation vulnerability in Ivanti Secure Access Client where i | |
| 5876 | CVE-2024-48246 |
|
40.7th | 5.4 | Vehicle Management System 1.0 contains a stored cross-site scripting vulnerability in the booking.ph | |
| 5877 | CVE-2023-38693 |
|
40.7th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Lucee Server by exploiting a | |
| 5878 | CVE-2025-27684 |
|
40.7th | 7.5 | Vasion Print (formerly PrinterLogic) debug bundles contain sensitive data that could be accessed by | |
| 5879 | CVE-2025-24850 |
|
40.6th | 5.3 | This vulnerability allows an attacker to export other users' plant information from affected systems | |
| 5880 | CVE-2025-11521 |
|
40.7th | 8.1 | The Astra Security Suite WordPress plugin has an arbitrary file upload vulnerability that allows una | |
| 5881 | CVE-2025-67506 |
|
40.7th | 9.8 | CVE-2025-67506 is a path traversal vulnerability in PipesHub that allows unauthenticated attackers t | |
| 5882 | CVE-2025-66960 |
|
40.6th | 7.5 | A vulnerability in ollama v0.12.10 allows remote attackers to cause denial of service by sending spe | |
| 5883 | CVE-2025-66959 |
|
40.6th | 7.5 | A vulnerability in ollama's GGUF decoder allows remote attackers to trigger a denial of service by s | |
| 5884 | CVE-2026-22082 |
|
40.7th | N/A | This vulnerability in Tenda wireless routers allows attackers to hijack administrative sessions by i | |
| 5885 | CVE-2025-15455 |
|
40.7th | 6.5 | This vulnerability in MiniCMS allows attackers to bypass authentication and delete pages remotely wi | |
| 5886 | CVE-2026-25116 |
|
40.7th | 7.6 | CVE-2026-25116 is an unauthenticated path traversal vulnerability in Runtipi homeserver orchestrator | |
| 5887 | CVE-2024-49249 |
|
40.5th | 8.6 | This path traversal vulnerability in SMSA Express SMSA Shipping WordPress plugin allows attackers to | |
| 5888 | CVE-2025-26752 |
|
40.5th | 8.6 | This path traversal vulnerability in VideoWhisper Live Streaming Integration allows attackers to del | |
| 5889 | CVE-2025-22663 |
|
40.5th | 8.6 | This path traversal vulnerability in the Paid Videochat Turnkey Site WordPress plugin allows attacke | |
| 5890 | CVE-2024-57068 |
|
40.6th | 7.5 | This CVE describes a prototype pollution vulnerability in the @tanstack/form-core library that allow | |
| 5891 | CVE-2025-31539 |
|
40.6th | 6.5 | This CVE describes a Missing Authorization vulnerability in the Blocksera Cryptocurrency Widgets Pac | |
| 5892 | CVE-2024-10986 |
|
40.5th | 8.8 | GPT Academic version 3.83 contains a Local File Inclusion vulnerability in its HotReload function th | |
| 5893 | CVE-2025-27395 |
|
40.6th | 7.2 | This vulnerability in Siemens SCALANCE LPE9403 industrial routers allows authenticated high-privileg | |
| 5894 | CVE-2024-44192 |
|
40.6th | 5.5 | This vulnerability allows malicious web content to cause unexpected process crashes in Apple's WebKi | |
| 5895 | CVE-2025-26534 |
|
40.5th | 8.6 | This path traversal vulnerability in the Helloprint WordPress plugin allows attackers to delete arbi | |
| 5896 | CVE-2025-30195 |
|
40.6th | 7.5 | This vulnerability in PowerDNS Recursor allows attackers to publish malicious DNS zones containing s | |
| 5897 | CVE-2025-1986 |
|
40.6th | 4.1 | The Gutentor WordPress plugin before version 3.4.7 contains a SQL injection vulnerability due to ins | |
| 5898 | CVE-2023-28905 |
|
40.6th | 8.0 | A heap buffer overflow vulnerability in the image processing component of Volkswagen MIB3 infotainme | |
| 5899 | CVE-2025-5509 |
|
40.6th | 6.3 | This critical vulnerability in quequnlong shiyi-blog allows remote attackers to perform path travers | |
| 5900 | CVE-2025-53781 |
|
40.6th | 7.7 | This vulnerability in Azure Virtual Machines allows an authorized attacker to access sensitive infor |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free