Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 5951 | CVE-2025-20335 |
|
17th | 5.3 | An authentication bypass vulnerability in Cisco desk and IP phones allows unauthenticated remote att | |
| 5952 | CVE-2025-58458 |
|
17th | 4.3 | This vulnerability in Jenkins Git client Plugin allows attackers with Overall/Read permission to det | |
| 5953 | CVE-2025-57109 |
|
17.2th | 6.5 | CVE-2025-57109 is a heap use-after-free vulnerability in Kitware VTK's GLTF file importer that could | |
| 5954 | CVE-2025-52180 |
|
17th | 6.1 | This cross-site scripting vulnerability in Zucchetti Ad Hoc Infinity allows unauthenticated attacker | |
| 5955 | CVE-2025-62607 |
|
17th | 5.3 | An information disclosure vulnerability in Nautobot SSoT app versions before 3.10.0 allows unauthent | |
| 5956 | CVE-2025-5983 |
|
16.9th | 6.5 | The Meta Tag Manager WordPress plugin before version 3.3 allows users with any role to create http-e | |
| 5957 | CVE-2025-61797 |
|
17th | 5.4 | Adobe Experience Manager versions 11.6 and earlier contain a stored XSS vulnerability that allows lo | |
| 5958 | CVE-2025-61796 |
|
17th | 5.4 | Adobe Experience Manager versions 11.6 and earlier contain a stored XSS vulnerability that allows lo | |
| 5959 | CVE-2025-54272 |
|
17th | 5.4 | Adobe Experience Manager versions 11.6 and earlier contain a stored XSS vulnerability where low-priv | |
| 5960 | CVE-2025-9496 |
|
17.2th | 6.4 | This vulnerability allows authenticated WordPress users with contributor-level access or higher to i | |
| 5961 | CVE-2025-9550 |
|
17th | 6.1 | This Cross-Site Scripting (XSS) vulnerability in Drupal Facets allows attackers to inject malicious | |
| 5962 | CVE-2023-49883 |
|
17th | 5.9 | IBM Transformation Extender Advanced 10.0.1 does not enforce strong password requirements by default | |
| 5963 | CVE-2025-56379 |
|
17.2th | 5.4 | A stored cross-site scripting (XSS) vulnerability in ERPNEXT v15.67.0 allows attackers to inject mal | |
| 5964 | CVE-2025-51736 |
|
17.1th | 6.3 | This CVE describes a file upload vulnerability in HCL Unica 12.0.0 that allows attackers to upload m | |
| 5965 | CVE-2025-13414 |
|
17th | 5.3 | The Chamber Dashboard Business Directory WordPress plugin has an authorization bypass vulnerability | |
| 5966 | CVE-2025-13389 |
|
17th | 5.3 | The WooCommerce OrderConvo plugin has an authorization bypass vulnerability that allows unauthentica | |
| 5967 | CVE-2025-12628 |
|
17.1th | 6.3 | The WP 2FA WordPress plugin generates backup codes with insufficient entropy, allowing attackers to | |
| 5968 | CVE-2025-37160 |
|
17th | 5.3 | This broken access control vulnerability allows authenticated low-privilege users to access sensitiv | |
| 5969 | CVE-2026-25598 |
|
17.2th | 5.3 | Harden-Runner GitHub Action versions before 2.14.2 fail to log outbound network connections using se | |
| 5970 | CVE-2025-24834 |
|
17.1th | 6.5 | An information disclosure vulnerability in Intel CIP software allows unprivileged local attackers to | |
| 5971 | CVE-2025-11532 |
|
17.1th | 5.3 | The Wisly WordPress plugin has an Insecure Direct Object Reference vulnerability that allows unauthe | |
| 5972 | CVE-2025-20375 |
|
17.2th | 6.5 | This vulnerability allows authenticated administrators on Cisco Unified CCX systems to upload and ex | |
| 5973 | CVE-2025-21074 |
|
17th | 4.3 | An out-of-bounds read vulnerability in Samsung's libimagecodec.quram.so library allows remote attack | |
| 5974 | CVE-2025-11835 |
|
17.1th | 5.3 | This vulnerability in the Paid Membership Subscriptions WordPress plugin allows unauthenticated atta | |
| 5975 | CVE-2025-28973 |
|
17.2th | 6.5 | This path traversal vulnerability in the AA-Team Pro Bulk Watermark WordPress plugin allows attacker | |
| 5976 | CVE-2025-68480 |
|
17.2th | 5.3 | Marshmallow library versions 3.0.0rc1-3.26.1 and 4.0.0-4.1.1 contain a denial of service vulnerabili | |
| 5977 | CVE-2025-13220 |
|
17th | 6.4 | This vulnerability allows authenticated WordPress users with Contributor-level access or higher to i | |
| 5978 | CVE-2025-68383 |
|
17.1th | 6.5 | This vulnerability allows attackers to trigger a buffer overflow in Filebeat's Syslog parser or Libb | |
| 5979 | CVE-2025-64235 |
|
17.2th | 6.5 | This path traversal vulnerability in the AmentoTech Tuturn WordPress plugin allows attackers to down | |
| 5980 | CVE-2025-54748 |
|
17.2th | 6.5 | This path traversal vulnerability in the MapSVG WordPress plugin allows attackers to download arbitr | |
| 5981 | CVE-2025-36360 |
|
17th | 5.0 | This CVE describes a race condition vulnerability in IBM UrbanCode Deploy and DevOps Deploy where HT | |
| 5982 | CVE-2025-12408 |
|
17th | 5.3 | This vulnerability in the WordPress Events Manager plugin allows unauthenticated attackers to access | |
| 5983 | CVE-2025-14345 |
|
17.1th | 4.2 | A post-authentication flaw in MongoDB's two-phase commit protocol for cross-shard transactions can c | |
| 5984 | CVE-2025-14255 |
|
17th | 6.5 | Vitals ESP software from Galaxy Software Services contains a SQL injection vulnerability that allows | |
| 5985 | CVE-2025-14254 |
|
17th | 6.5 | Vitals ESP software from Galaxy Software Services contains a SQL injection vulnerability that allows | |
| 5986 | CVE-2025-66200 |
|
17.2th | 5.4 | This vulnerability allows users with htaccess file access to bypass mod_userdir+suexec restrictions | |
| 5987 | CVE-2025-13620 |
|
17.1th | 5.3 | This vulnerability allows unauthenticated attackers to clear or overwrite the social counter cache i | |
| 5988 | CVE-2025-29843 |
|
17.1th | 5.4 | This vulnerability in Synology FileStation's thumb.cgi component allows authenticated users to read | |
| 5989 | CVE-2025-39665 |
|
17th | 5.3 | CVE-2025-39665 is an information disclosure vulnerability in Nagvis' Checkmk MultisiteAuth plugin th | |
| 5990 | CVE-2025-58479 |
|
17th | 4.3 | An out-of-bounds read vulnerability in libimagecodec.quram.so allows remote attackers to access memo | |
| 5991 | CVE-2026-24127 |
|
17th | 5.4 | A reflected Cross-Site Scripting (XSS) vulnerability exists in Typemill CMS versions 2.19.1 and belo | |
| 5992 | CVE-2026-20936 |
|
17.1th | 4.3 | This vulnerability is an out-of-bounds read in Windows NDIS (Network Driver Interface Specification) | |
| 5993 | CVE-2026-0842 |
|
17.2th | 6.3 | CVE-2026-0842 is an authentication bypass vulnerability in Flycatcher Toys smART Sketcher's Bluetoot | |
| 5994 | CVE-2025-67279 |
|
17.1th | 5.3 | This vulnerability in TIM BPM Suite & TIM FLOW allows remote attackers to escalate privileges by exp | |
| 5995 | CVE-2025-46256 |
|
16.9th | 6.4 | This path traversal vulnerability in Advanced Database Cleaner PRO WordPress plugin allows attackers | |
| 5996 | CVE-2026-0566 |
|
17th | 4.7 | This vulnerability allows remote attackers to upload arbitrary files to the code-projects CMS 1.0 sy | |
| 5997 | CVE-2025-54166 |
|
17.1th | 4.9 | An out-of-bounds read vulnerability in QNAP operating systems allows remote attackers with administr | |
| 5998 | CVE-2025-54165 |
|
17.1th | 4.9 | An out-of-bounds read vulnerability in QNAP operating systems allows remote attackers with administr | |
| 5999 | CVE-2025-54164 |
|
17.1th | 4.9 | An out-of-bounds read vulnerability in QNAP operating systems allows remote attackers with administr | |
| 6000 | CVE-2025-53591 |
|
17.1th | 6.5 | A format string vulnerability in QNAP operating systems allows attackers with administrator access t |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free