Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 6101 | CVE-2025-65020 |
|
16.7th | 6.5 | An Insecure Direct Object Reference (IDOR) vulnerability in Rallly's poll duplication endpoint allow | |
| 6102 | CVE-2025-13287 |
|
16.8th | 6.3 | CVE-2025-13287 is a SQL injection vulnerability in itsourcecode Online Voting System 1.0 that allows | |
| 6103 | CVE-2025-13279 |
|
16.8th | 6.3 | CVE-2025-13279 is an SQL injection vulnerability in Nero Social Networking Site 1.0 that allows remo | |
| 6104 | CVE-2025-13185 |
|
16.8th | 4.7 | This vulnerability allows remote attackers to upload arbitrary files to the Bdtask/CodeCanyon News36 | |
| 6105 | CVE-2025-20346 |
|
16.6th | 4.3 | This vulnerability in Cisco Catalyst Center allows authenticated users with read-only (Observer) pri | |
| 6106 | CVE-2025-11820 |
|
16.7th | 6.4 | The Graphina WordPress plugin has a stored XSS vulnerability that allows authenticated attackers wit | |
| 6107 | CVE-2025-43385 |
|
16.7th | 4.3 | This CVE describes an out-of-bounds memory access vulnerability in Apple's media file processing com | |
| 6108 | CVE-2025-43384 |
|
16.7th | 4.3 | This CVE describes an out-of-bounds memory access vulnerability in Apple's media file processing. At | |
| 6109 | CVE-2025-43383 |
|
16.7th | 4.3 | This CVE describes an out-of-bounds memory access vulnerability in Apple's media file processing. At | |
| 6110 | CVE-2025-15393 |
|
16.9th | 6.3 | This vulnerability allows remote attackers to execute arbitrary code on Kohana KodiCMS systems throu | |
| 6111 | CVE-2025-14280 |
|
16.8th | 5.3 | The PixelYourSite WordPress plugin exposes sensitive information through publicly accessible log fil | |
| 6112 | CVE-2025-60458 |
|
16.6th | 6.5 | UxPlay 1.72 contains a double free vulnerability in RTSP request handling. Attackers can send specia | |
| 6113 | CVE-2025-1721 |
|
16.8th | 5.9 | IBM Concert versions 1.0.0 through 2.1.0 contain a heap memory clearing vulnerability that could all | |
| 6114 | CVE-2024-40317 |
|
16.7th | 6.1 | This reflected cross-site scripting (XSS) vulnerability in MyNET allows attackers to inject maliciou | |
| 6115 | CVE-2023-53961 |
|
16.9th | 4.3 | This cross-site request forgery (CSRF) vulnerability in SOUND4 radio processing software allows atta | |
| 6116 | CVE-2025-65790 |
|
16.7th | 6.1 | A reflected cross-site scripting vulnerability in FuguHub 8.1 allows attackers to execute arbitrary | |
| 6117 | CVE-2025-14442 |
|
16.8th | 5.3 | The Secure Copy Content Protection and Content Locking WordPress plugin stores exported CSV files in | |
| 6118 | CVE-2025-13211 |
|
16.6th | 5.3 | This vulnerability in IBM Aspera Orchestrator allows authenticated users to cause denial of service | |
| 6119 | CVE-2025-67716 |
|
16.6th | 5.7 | The Auth0 Next.js SDK versions 4.9.0 through 4.12.1 have an input validation flaw in the returnTo pa | |
| 6120 | CVE-2022-47425 |
|
16.9th | 4.3 | This CVE describes a missing authorization vulnerability in the ARMember WordPress plugin that allow | |
| 6121 | CVE-2025-13642 |
|
16.7th | 5.4 | This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to ex | |
| 6122 | CVE-2025-59391 |
|
16.8th | 6.5 | A memory disclosure vulnerability in libcoap's OSCORE configuration parser allows attackers to read | |
| 6123 | CVE-2025-14214 |
|
16.8th | 6.3 | This vulnerability allows remote attackers to execute arbitrary SQL commands via the ID parameter in | |
| 6124 | CVE-2025-14008 |
|
16.8th | 4.7 | This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in dayrui XunRuiCMS up to vers | |
| 6125 | CVE-2025-58113 |
|
16.7th | 6.5 | An out-of-bounds read vulnerability in PDF-XChange Editor's EMF functionality allows attackers to re | |
| 6126 | CVE-2025-13796 |
|
16.7th | 6.3 | This Server-Side Request Forgery (SSRF) vulnerability in deco-cx apps allows attackers to manipulate | |
| 6127 | CVE-2025-15491 |
|
16.7th | 5.5 | The Post Slides WordPress plugin through version 1.0.1 contains a Local File Inclusion (LFI) vulnera | |
| 6128 | CVE-2023-37525 |
|
16.8th | 5.3 | This vulnerability in HCL BigFix Compliance allows remote attackers to access sensitive files in the | |
| 6129 | CVE-2026-23961 |
|
16.7th | 5.3 | This CVE describes a logic error in Mastodon's user suspension feature that allows posts from suspen | |
| 6130 | CVE-2025-15104 |
|
16.7th | 5.3 | The Nu Html Checker (validator.nu) contains a server-side request forgery (SSRF) vulnerability that | |
| 6131 | CVE-2025-15526 |
|
16.7th | 5.3 | The Fancy Product Designer WordPress plugin up to version 6.4.8 exposes server filesystem paths and | |
| 6132 | CVE-2026-22918 |
|
16.8th | 4.3 | This CVE describes a clickjacking vulnerability where attackers can trick users into performing unin | |
| 6133 | CVE-2026-20935 |
|
16.9th | 6.2 | This vulnerability allows an unauthorized local attacker to read sensitive information from Windows | |
| 6134 | CVE-2026-20851 |
|
16.9th | 6.2 | This vulnerability allows an unauthorized local attacker to read memory outside the intended buffer | |
| 6135 | CVE-2026-20824 |
|
16.6th | 5.5 | This vulnerability allows an unauthorized attacker to bypass a local security feature in Windows Rem | |
| 6136 | CVE-2026-22773 |
|
16.7th | 6.5 | This vulnerability allows remote attackers to crash vLLM servers running multimodal models with Idef | |
| 6137 | CVE-2026-21874 |
|
16.8th | 5.3 | This vulnerability allows unauthenticated attackers to exhaust Redis connections by repeatedly openi | |
| 6138 | CVE-2025-14984 |
|
16.7th | 6.4 | The Gutenverse Form WordPress plugin allows authenticated attackers with Author-level access or high | |
| 6139 | CVE-2025-12648 |
|
16.8th | 5.3 | The WP-Members WordPress plugin stores user-uploaded files in predictable directories without proper | |
| 6140 | CVE-2025-15312 |
|
16.9th | 6.6 | An improper output sanitization vulnerability in Tanium Appliance could allow attackers to inject ma | |
| 6141 | CVE-2025-20908 |
|
16.7th | 6.5 | This vulnerability in Samsung's Auracast feature allows nearby attackers to access Auracast broadcas | |
| 6142 | CVE-2025-52871 |
|
16.7th | 6.5 | An out-of-bounds read vulnerability in QNAP License Center allows authenticated remote attackers to | |
| 6143 | CVE-2026-25518 |
|
16.7th | 5.9 | This vulnerability in cert-manager allows attackers to cause denial-of-service by poisoning DNS cach | |
| 6144 | CVE-2024-10705 |
|
16.3th | 5.4 | The Multiple Page Generator Plugin (MPG) for WordPress versions up to 4.0.5 contains a Server-Side R | |
| 6145 | CVE-2024-55928 |
|
16.2th | 6.5 | Xerox Workplace Suite stores sensitive secrets like passwords and API keys in unencrypted plain text | |
| 6146 | CVE-2024-45102 |
|
16.4th | 6.8 | This privilege escalation vulnerability allows authenticated Lenovo XClarity Administrator (LXCA) us | |
| 6147 | CVE-2024-56438 |
|
16.3th | 6.0 | This vulnerability in Huawei's HUKS (Hardware Unified Key Store) module allows improper memory addre | |
| 6148 | CVE-2024-20145 |
|
16.4th | 6.6 | This vulnerability in V6 DA allows local privilege escalation through an out-of-bounds write due to | |
| 6149 | CVE-2024-20143 |
|
16.4th | 6.6 | This CVE describes an out-of-bounds write vulnerability in V6 DA (likely a MediaTek component) that | |
| 6150 | CVE-2025-21823 |
|
16.4th | 5.5 | A race condition vulnerability in the Linux kernel's batman-adv module could lead to memory corrupti |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free