Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 551 | CVE-2024-13318 |
|
60.9th | 5.3 | The Essential WP Real Estate plugin for WordPress has a vulnerability that allows unauthenticated at | |
| 552 | CVE-2024-57523 |
|
60.8th | 4.5 | This CSRF vulnerability in SourceCodester Packers and Movers Management System allows attackers to c | |
| 553 | CVE-2025-7081 |
|
60.9th | 6.3 | CVE-2025-7081 is a critical OS command injection vulnerability in Belkin F9K1122 routers that allows | |
| 554 | CVE-2025-29836 |
|
60.8th | 6.5 | An out-of-bounds read vulnerability in Windows Routing and Remote Access Service (RRAS) allows unaut | |
| 555 | CVE-2025-7407 |
|
60.8th | 6.3 | This critical vulnerability in Netgear D6400 routers allows remote attackers to execute arbitrary op | |
| 556 | CVE-2025-1181 |
|
60.7th | 5.0 | A critical memory corruption vulnerability in GNU Binutils' linker component (ld) allows remote atta | |
| 557 | CVE-2025-21189 |
|
60.6th | 4.3 | This vulnerability allows attackers to bypass Internet Explorer's security zone restrictions, potent | |
| 558 | CVE-2025-45746 |
|
60.6th | 6.5 | CVE-2025-45746 allows unauthenticated attackers to craft valid JWT tokens using a hardcoded secret, | |
| 559 | CVE-2024-52791 |
|
60.5th | 5.3 | Matrix Media Repo (MMR) versions before 1.3.8 are vulnerable to memory exhaustion attacks when proce | |
| 560 | CVE-2019-8900 |
|
60.5th | 6.8 | A SecureROM vulnerability in certain Apple devices allows unauthenticated local attackers with physi | |
| 561 | CVE-2025-30966 |
|
60.4th | 5.4 | A path traversal vulnerability in the WPJobBoard WordPress plugin allows attackers to access files o | |
| 562 | CVE-2024-13798 |
|
60.2th | 5.3 | The Post Grid and Gutenberg Blocks – ComboBlocks WordPress plugin has an input validation vulnerab | |
| 563 | CVE-2025-2165 |
|
60.2th | 6.1 | The SH Email Alert WordPress plugin has a reflected cross-site scripting vulnerability in all versio | |
| 564 | CVE-2025-2519 |
|
60.2th | 6.5 | The Streamit WordPress theme contains a vulnerability that allows authenticated attackers with subsc | |
| 565 | CVE-2024-45418 |
|
60.1th | 5.4 | This vulnerability in Zoom macOS installers allows authenticated users to escalate privileges via sy | |
| 566 | CVE-2025-2894 |
|
60.1th | 6.6 | The Go1 robotic companion contains an undocumented backdoor that allows remote attackers with the co | |
| 567 | CVE-2024-11044 |
|
60.1th | 6.1 | An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows attacke | |
| 568 | CVE-2025-5145 |
|
60.1th | 6.3 | A critical command injection vulnerability in Netcore networking devices allows remote attackers to | |
| 569 | CVE-2025-1352 |
|
60.1th | 5.0 | A critical memory corruption vulnerability in GNU elfutils' eu-readelf component allows remote attac | |
| 570 | CVE-2025-1013 |
|
59.8th | 6.5 | A race condition vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird could cause private | |
| 571 | CVE-2024-54016 |
|
59.8th | 4.3 | Apache Seata (incubating) has a vulnerability where improper handling of highly compressed data can | |
| 572 | CVE-2022-45830 |
|
59.7th | 6.5 | CVE-2022-45830 is a missing authorization vulnerability in the Analytify WordPress plugin that allow | |
| 573 | CVE-2024-47264 |
|
59.7th | 4.9 | This path traversal vulnerability in Synology Active Backup for Business allows authenticated admini | |
| 574 | CVE-2025-3043 |
|
59.6th | 5.3 | This critical vulnerability in GuoMinJim PersonManage 1.0 allows remote attackers to perform path tr | |
| 575 | CVE-2025-20703 |
|
59.6th | 6.5 | This vulnerability allows remote denial of service attacks against devices with affected MediaTek mo | |
| 576 | CVE-2025-29925 |
|
59.6th | 5.3 | XWiki Platform REST endpoints improperly list protected pages even when users lack view permissions. | |
| 577 | CVE-2025-8531 |
|
59.6th | 6.8 | A remote attacker can send specially crafted packets to cause an integer underflow in Mitsubishi Ele | |
| 578 | CVE-2025-22388 |
|
59.4th | 5.7 | A stored cross-site scripting (XSS) vulnerability in Optimizely EPiServer CMS Core allows attackers | |
| 579 | CVE-2025-31334 |
|
59.4th | 6.8 | This vulnerability allows attackers to bypass Windows' 'Mark of the Web' security warnings by tricki | |
| 580 | CVE-2025-10658 |
|
59.4th | 6.5 | The SupportCandy WordPress plugin has an authentication bypass vulnerability that allows unauthentic | |
| 581 | CVE-2024-50349 |
|
59.3th | 4.7 | This vulnerability allows attackers to craft malicious Git repository URLs containing ANSI escape se | |
| 582 | CVE-2025-2559 |
|
59.3th | 4.9 | This vulnerability in Keycloak allows denial of service through memory exhaustion when JWT tokens wi | |
| 583 | CVE-2024-55213 |
|
59.2th | 6.5 | A directory traversal vulnerability in dhtmlxFileExplorer v8.4.6 allows remote attackers to access s | |
| 584 | CVE-2025-2635 |
|
59.2th | 6.1 | The Digital License Manager WordPress plugin contains a reflected cross-site scripting (XSS) vulnera | |
| 585 | CVE-2025-32209 |
|
59.2th | 6.5 | This path traversal vulnerability in the Total Processing Card Payments for WooCommerce WordPress pl | |
| 586 | CVE-2025-31800 |
|
59.2th | 6.5 | This path traversal vulnerability in the Publitio WordPress plugin allows attackers to read arbitrar | |
| 587 | CVE-2025-30594 |
|
59.2th | 6.5 | This path traversal vulnerability in the WordPress Include URL plugin allows attackers to download a | |
| 588 | CVE-2025-2334 |
|
59.2th | 5.4 | This vulnerability allows remote attackers to delete chat histories they shouldn't have access to du | |
| 589 | CVE-2024-12316 |
|
59.1th | 5.3 | The Jupiter X Core WordPress plugin has an authorization bypass vulnerability that allows unauthenti | |
| 590 | CVE-2025-32910 |
|
59.1th | 6.5 | A NULL pointer dereference vulnerability in libsoup's soup_auth_digest_authenticate() function can c | |
| 591 | CVE-2026-1414 |
|
59.1th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on Sangfor Operation and Ma | |
| 592 | CVE-2025-4187 |
|
59.1th | 5.9 | This vulnerability allows unauthenticated attackers to perform directory traversal attacks via the u | |
| 593 | CVE-2024-12885 |
|
59th | 6.5 | This vulnerability allows authenticated WordPress administrators to delete arbitrary directories on | |
| 594 | CVE-2025-23416 |
|
59th | 4.9 | This path traversal vulnerability (CWE-22) in Ixia/Keysight products allows attackers to delete arbi | |
| 595 | CVE-2025-14567 |
|
59th | 5.3 | This CVE describes an authentication bypass vulnerability in haxxorsid Stock-Management-System that | |
| 596 | CVE-2025-24160 |
|
59th | 4.3 | This vulnerability in Apple operating systems allows parsing a malicious file to cause unexpected ap | |
| 597 | CVE-2025-21490 |
|
58.9th | 4.9 | This vulnerability in MySQL Server's InnoDB component allows high-privileged attackers with network | |
| 598 | CVE-2023-45275 |
|
58.9th | 6.5 | This vulnerability allows attackers to bypass authorization controls in Kali Forms WordPress plugin, | |
| 599 | CVE-2024-12610 |
|
58.9th | 5.3 | This vulnerability in the School Management System for WordPress plugin allows unauthenticated attac | |
| 600 | CVE-2025-3743 |
|
58.8th | 5.3 | The Upsell Funnel Builder for WooCommerce WordPress plugin allows unauthenticated attackers to manip |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free