Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 6251 | CVE-2025-7449 |
|
16.6th | 6.5 | This vulnerability allows authenticated GitLab users with specific permissions to cause a denial of | |
| 6252 | CVE-2025-12040 |
|
16.2th | 6.5 | The Wishlist for WooCommerce WordPress plugin has an Insecure Direct Object Reference vulnerability | |
| 6253 | CVE-2025-13558 |
|
16.5th | 5.4 | This vulnerability in the Blog2Social WordPress plugin allows authenticated users with Subscriber-le | |
| 6254 | CVE-2025-12747 |
|
16.5th | 5.3 | The Tainacan WordPress plugin exposes private uploaded files to unauthenticated users due to inadequ | |
| 6255 | CVE-2025-53360 |
|
16.5th | 4.3 | The Database Inventory Plugin for GLPI allows any authenticated user to send requests to inventory a | |
| 6256 | CVE-2025-11734 |
|
16.5th | 5.4 | This vulnerability allows authenticated WordPress users with contributor-level permissions or higher | |
| 6257 | CVE-2025-13164 |
|
16.4th | 4.9 | EasyFlow GP software by Digiwin has a vulnerability where insufficient credential protection allows | |
| 6258 | CVE-2025-13163 |
|
16.4th | 4.9 | EasyFlow GP software by Digiwin has a vulnerability where database credentials are insufficiently pr | |
| 6259 | CVE-2025-13179 |
|
16.5th | 4.3 | This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Bdtask/CodeCanyon Wholesale | |
| 6260 | CVE-2025-13119 |
|
16.5th | 4.3 | This CSRF vulnerability in Simple E-Banking System 1.0 allows attackers to trick authenticated users | |
| 6261 | CVE-2025-12681 |
|
16.5th | 5.3 | The Comment Edit Core plugin for WordPress exposes sensitive user data including email addresses, IP | |
| 6262 | CVE-2025-12536 |
|
16.5th | 5.3 | The SureForms WordPress plugin exposes sensitive email notification configuration data to unauthenti | |
| 6263 | CVE-2025-12872 |
|
16.6th | 5.4 | This stored XSS vulnerability in aEnrich's a+HRD and a+HCM software allows authenticated attackers t | |
| 6264 | CVE-2025-12503 |
|
16.3th | 6.5 | EasyFlow .NET and EasyFlow AiNet developed by Digiwin contain a SQL injection vulnerability that all | |
| 6265 | CVE-2025-15394 |
|
16.4th | 4.7 | This vulnerability allows remote attackers to execute arbitrary code on iCMS systems through code in | |
| 6266 | CVE-2025-15148 |
|
16.4th | 4.7 | CVE-2025-15148 is a code injection vulnerability in CmsEasy's backend template management that allow | |
| 6267 | CVE-2025-15129 |
|
16.3th | 6.3 | This vulnerability allows remote attackers to execute arbitrary code through a file upload manipulat | |
| 6268 | CVE-2025-8075 |
|
16.4th | 5.4 | This CVE describes an XML validation vulnerability in unspecified products that could allow cross-si | |
| 6269 | CVE-2025-67846 |
|
16.5th | 4.9 | This vulnerability allows remote attackers to bypass security patches and execute downgrade attacks | |
| 6270 | CVE-2025-65233 |
|
16.6th | 6.1 | This reflected cross-site scripting (XSS) vulnerability in SLiMS allows attackers to inject maliciou | |
| 6271 | CVE-2025-14730 |
|
16.4th | 4.7 | This vulnerability allows remote attackers to execute arbitrary code on CTCMS Content Management Sys | |
| 6272 | CVE-2025-14729 |
|
16.4th | 4.7 | This vulnerability allows remote attackers to execute arbitrary code on CTCMS Content Management Sys | |
| 6273 | CVE-2025-43511 |
|
16.4th | 6.5 | This CVE describes a use-after-free vulnerability in Apple's WebKit browser engine that affects mult | |
| 6274 | CVE-2026-2206 |
|
16.3th | 6.3 | This vulnerability in WeKan allows improper access controls through the Administrative Repair Handle | |
| 6275 | CVE-2025-12687 |
|
16.3th | 6.5 | A vulnerability in TeamViewer DEX Client's Content Distribution Service (NomadBranch.exe) allows att | |
| 6276 | CVE-2025-63737 |
|
16.6th | 6.1 | A cross-site scripting (XSS) vulnerability in Xinhu Rainrock RockOA 2.7.0 allows attackers to inject | |
| 6277 | CVE-2025-65797 |
|
16.3th | 6.5 | This vulnerability allows attackers with low-level privileges in usememos memos v0.25.2 to modify or | |
| 6278 | CVE-2025-14197 |
|
16.4th | 5.3 | An information disclosure vulnerability in Verysync's web administration module allows remote attack | |
| 6279 | CVE-2025-62223 |
|
16.4th | 4.3 | This vulnerability in Microsoft Edge for iOS allows attackers to spoof user interface elements, pote | |
| 6280 | CVE-2025-20381 |
|
16.5th | 5.4 | This vulnerability allows authenticated users of Splunk MCP Server app to bypass SPL command restric | |
| 6281 | CVE-2025-12887 |
|
16.5th | 5.4 | The Post SMTP WordPress plugin has an authorization bypass vulnerability that allows authenticated a | |
| 6282 | CVE-2025-12585 |
|
16.5th | 5.3 | The MxChat WordPress plugin exposes sensitive session information through uploaded filenames, allowi | |
| 6283 | CVE-2025-71004 |
|
16.5th | 6.5 | A segmentation violation vulnerability in OneFlow's logical_or component allows attackers to crash t | |
| 6284 | CVE-2026-22469 |
|
16.6th | 5.3 | This Cross-Site Scripting (XSS) vulnerability in the DeepDigital WordPress theme allows attackers to | |
| 6285 | CVE-2025-14978 |
|
16.6th | 5.3 | The PeachPay WooCommerce plugin has a missing capability check on its ConvesioPay webhook endpoint, | |
| 6286 | CVE-2025-14075 |
|
16.5th | 5.3 | The WP Hotel Booking WordPress plugin exposes sensitive customer information to unauthenticated atta | |
| 6287 | CVE-2026-23511 |
|
16.5th | 5.3 | CVE-2026-23511 is a user enumeration vulnerability in ZITADEL identity management platform that allo | |
| 6288 | CVE-2026-0716 |
|
16.3th | 4.8 | A buffer read vulnerability in libsoup's WebSocket frame processing allows reading memory outside in | |
| 6289 | CVE-2025-3654 |
|
16.3th | 5.3 | This vulnerability allows attackers to retrieve device hardware information like serial numbers and | |
| 6290 | CVE-2025-68273 |
|
16.5th | 5.3 | Signal K Server versions before 2.19.0 have an unauthenticated information disclosure vulnerability | |
| 6291 | CVE-2025-13187 |
|
16.4th | 5.3 | This vulnerability in Intelbras ICIP 2.0.20 allows remote attackers to access plaintext admin creden | |
| 6292 | CVE-2025-60925 |
|
16.3th | 5.3 | codeshare v1.0.0 contains an information leakage vulnerability that allows unauthorized access to us | |
| 6293 | CVE-2025-36428 |
|
16.5th | 5.3 | This vulnerability in IBM Db2 allows authenticated users to cause a denial of service by exploiting | |
| 6294 | CVE-2025-36427 |
|
16.5th | 6.5 | IBM Db2 databases are vulnerable to denial of service attacks when processing specially crafted quer | |
| 6295 | CVE-2025-36424 |
|
16.5th | 6.5 | This vulnerability in IBM Db2 allows authenticated users to cause denial of service by submitting sp | |
| 6296 | CVE-2025-69618 |
|
16.5th | 6.5 | This vulnerability in Tarot, Astro & Healing v11.4.0 allows attackers to overwrite arbitrary files d | |
| 6297 | CVE-2024-28770 |
|
16.1th | 4.8 | This vulnerability allows attackers to steal session cookies or authorization tokens from IBM Securi | |
| 6298 | CVE-2024-57947 |
|
16th | 5.5 | A memory initialization flaw in the Linux kernel's netfilter pipapo set implementation allows incorr | |
| 6299 | CVE-2024-55922 |
|
15.9th | 5.4 | This CSRF vulnerability in TYPO3's backend allows attackers to manipulate or delete form definitions | |
| 6300 | CVE-2024-56442 |
|
16th | 5.5 | This vulnerability involves improper implementation of native APIs in the NFC service module, allowi |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free