Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
6201	CVE-2025-54790	0.05%	16.5th	6.5	This SQL injection vulnerability in the HumHub Files module allows attackers to execute arbitrary SQ
6202	CVE-2025-56764	0.05%	16.4th	5.3	This vulnerability allows attackers to enumerate valid usernames on Trivision NC-227WF devices by ex
6203	CVE-2025-26258	0.05%	16.4th	6.1	CVE-2025-26258 is a cross-site scripting vulnerability in Sourcecodester Employee Management System
6204	CVE-2025-6396	0.05%	16.4th	6.1	This is a cross-site scripting (XSS) vulnerability in Webbeyaz Website Design Website Software that
6205	CVE-2025-9800	0.05%	16.6th	6.3	This vulnerability allows remote attackers to upload arbitrary files to SimStudioAI sim applications
6206	CVE-2023-7320	0.05%	16.5th	5.3	The WooCommerce plugin for WordPress versions up to 7.8.2 has improper CORS handling on Store API RE
6207	CVE-2025-62781	0.05%	16.6th	5.0	This vulnerability allows attackers with stolen session tokens to maintain access to PILOS accounts
6208	CVE-2025-40643	0.05%	16.6th	5.4	A stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 allows attackers to inject mal
6209	CVE-2025-62820	0.05%	16.5th	4.9	Slack Nebula versions before 1.9.7 incorrectly handle CIDR configurations, allowing arbitrary source
6210	CVE-2025-11738	0.05%	16.5th	5.3	The Media Library Assistant WordPress plugin has a vulnerability that allows unauthenticated attacke
6211	CVE-2025-52583	0.05%	16.6th	6.1	This reflected cross-site scripting (XSS) vulnerability in desknet's Web Server allows attackers to
6212	CVE-2025-0277	0.05%	16.5th	6.5	HCL BigFix Mobile 3.3 and earlier have an insecure Content Security Policy (CSP) that doesn't proper
6213	CVE-2025-0276	0.05%	16.5th	6.5	HCL BigFix Modern Client Management (MCM) versions 3.3 and earlier have an insecure Content Security
6214	CVE-2025-55083	0.05%	16.4th	5.3	This vulnerability in NetX Duo (part of Eclipse ThreadX) allows attackers to read two bytes beyond a
6215	CVE-2025-10869	0.05%	16.4th	6.1	A stored cross-site scripting vulnerability in Oct8ne Chatbot v2.3 allows attackers to inject malici
6216	CVE-2025-55082	0.05%	16.4th	5.3	This vulnerability in NetX Duo's TLS implementation allows attackers to cause an out-of-bounds read
6217	CVE-2025-10357	0.05%	16.4th	6.1	The Simple SEO WordPress plugin before version 2.0.32 contains a stored Cross-Site Scripting (XSS) v
6218	CVE-2025-35057	0.05%	16.5th	5.3	This vulnerability in Newforma Info Exchange (NIX) allows remote, unauthenticated attackers to force
6219	CVE-2025-59452	0.05%	16.3th	5.8	The YoSmart YoLink API uses predictable endpoint URLs derived from device MAC addresses and MD5 hash
6220	CVE-2025-41350	0.05%	16.6th	5.4	A stored Cross-site Scripting (XSS) vulnerability in WinPlus v24.11.27 allows attackers to inject ma
6221	CVE-2025-59774	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS v25.03 allows attackers t
6222	CVE-2025-59773	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS v25.03 allows attackers t
6223	CVE-2025-59772	0.05%	16.4th	6.1	This is a reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS version 25.03 that a
6224	CVE-2025-59771	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to injec
6225	CVE-2025-59770	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to injec
6226	CVE-2025-59769	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to injec
6227	CVE-2025-59768	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to injec
6228	CVE-2025-59767	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to injec
6229	CVE-2025-59766	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS v25.03 allows attackers t
6230	CVE-2025-59765	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to injec
6231	CVE-2025-59764	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to injec
6232	CVE-2025-59763	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to injec
6233	CVE-2025-59762	0.05%	16.4th	6.1	This is a reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS v25.03 that allows a
6234	CVE-2025-59761	0.05%	16.4th	6.1	This is a reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS v25.03 that allows a
6235	CVE-2025-59760	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to injec
6236	CVE-2025-59759	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to injec
6237	CVE-2025-59758	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to injec
6238	CVE-2025-59757	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to execu
6239	CVE-2025-59756	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS v25.03 allows attackers t
6240	CVE-2025-59755	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS v25.03 allows attackers t
6241	CVE-2025-59754	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to injec
6242	CVE-2025-59753	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to injec
6243	CVE-2025-59752	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to injec
6244	CVE-2025-59751	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS v25.03 allows attackers t
6245	CVE-2025-59750	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS v25.03 allows attackers t
6246	CVE-2025-59749	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS v25.03 allows attackers t
6247	CVE-2025-59748	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to execu
6248	CVE-2025-59747	0.05%	16.4th	6.1	This is a reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS v25.03 that allows a
6249	CVE-2025-59746	0.05%	16.4th	6.1	This reflected cross-site scripting (XSS) vulnerability in AndSoft's e-TMS allows attackers to execu
6250	CVE-2025-66386	0.05%	16.4th	4.1	This CVE describes a path traversal vulnerability in MISP's EventReport.php that allows site-admin u

← Previous Page 125 of 331 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free