Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
6301	CVE-2022-49710	0.05%	16.1th	5.5	This CVE describes a memory access vulnerability in the Linux kernel's device mapper mirror logging
6302	CVE-2022-49665	0.05%	16th	5.5	This CVE describes a memory leak vulnerability in the Linux kernel's ThinkPad ACPI driver. When the
6303	CVE-2022-49565	0.05%	16th	5.5	This CVE describes a Linux kernel vulnerability where improper initialization order in the Performan
6304	CVE-2022-49271	0.05%	16.1th	5.5	A NULL pointer dereference vulnerability in the Linux kernel's CIFS/SMB2 implementation allows local
6305	CVE-2022-49259	0.05%	16.1th	5.5	This CVE describes a kernel-level race condition in the Linux block subsystem where a parent kobject
6306	CVE-2022-49206	0.05%	16.1th	5.5	This CVE describes a memory leak vulnerability in the Linux kernel's RDMA/mlx5 driver. When the seco
6307	CVE-2022-49197	0.05%	16.2th	5.5	This is a Linux kernel vulnerability in the netlink subsystem where an out-of-bounds shift occurs wh
6308	CVE-2022-49175	0.05%	16.2th	5.5	This CVE describes a race condition vulnerability in the Linux kernel's power management subsystem w
6309	CVE-2022-49161	0.05%	16th	5.5	This CVE describes a memory leak vulnerability in the Linux kernel's MediaTek ASoC driver. When the
6310	CVE-2022-49139	0.05%	16.1th	5.5	A NULL pointer dereference vulnerability in the Linux kernel's Bluetooth subsystem allows local atta
6311	CVE-2022-49121	0.05%	16.1th	5.5	This CVE describes a memory leak vulnerability in the Linux kernel's pm8001 SCSI driver where alloca
6312	CVE-2022-49119	0.05%	16.1th	5.5	This CVE describes a memory leak vulnerability in the Linux kernel's pm8001 SCSI driver. When firmwa
6313	CVE-2022-49115	0.05%	16.1th	5.5	This CVE-2022-49115 is a memory leak vulnerability in the Linux kernel's PCI endpoint subsystem caus
6314	CVE-2022-49104	0.05%	16.1th	5.5	This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's vchiq_core compone
6315	CVE-2022-49077	0.05%	16.2th	5.5	A Linux kernel vulnerability where mremap() with old_size=0 triggers unnecessary invalidate_range_st
6316	CVE-2022-49074	0.05%	16.1th	5.5	This CVE describes a bug in the Linux kernel's GICv3 interrupt controller driver where incorrect pol
6317	CVE-2022-49072	0.05%	16.1th	5.5	A race condition vulnerability in the Linux kernel's GPIO subsystem allows uninitialized interrupt r
6318	CVE-2024-27137	0.05%	16.1th	5.3	This vulnerability allows a local attacker to perform a man-in-the-middle attack on Apache Cassandra
6319	CVE-2025-24210	0.05%	16.1th	5.5	A logic error in image parsing across multiple Apple operating systems could lead to disclosure of u
6320	CVE-2022-49743	0.05%	16th	5.5	This CVE addresses a memory corruption vulnerability in the Linux kernel's OverlayFS filesystem impl
6321	CVE-2021-26087	0.05%	16.2th	4.3	This vulnerability allows attackers to inject malicious scripts into the FortiWLC web interface, whi
6322	CVE-2025-25452	0.05%	16.1th	5.1	This vulnerability allows remote attackers to bypass two-factor authentication and deactivate it in
6323	CVE-2025-25450	0.05%	16.1th	5.1	This vulnerability allows remote attackers to bypass two-factor authentication (2FA) in MyTaag softw
6324	CVE-2025-28076	0.05%	16.2th	6.5	Multiple SQL injection vulnerabilities in EasyVirt DCScope and CO2Scope allow authenticated attacker
6325	CVE-2025-46545	0.05%	16.1th	4.4	This vulnerability allows stored cross-site scripting (XSS) attacks in Sherpa Orchestrator version 1
6326	CVE-2024-22351	0.05%	16.1th	6.3	IBM InfoSphere Information Server 11.7 fails to properly invalidate user sessions after logout, allo
6327	CVE-2025-22125	0.05%	16.2th	5.5	A vulnerability in the Linux kernel's RAID1 and RAID10 implementations causes incorrect handling of
6328	CVE-2024-11129	0.05%	16.2th	6.3	This vulnerability in GitLab EE allows attackers to perform targeted searches with sensitive keyword
6329	CVE-2025-24375	0.05%	16th	5.0	The Charmed MySQL K8s operator versions before revision 221 (Kubernetes) and revision 338 (machine o
6330	CVE-2025-26654	0.05%	16th	6.8	SAP Commerce Cloud (Public Cloud) has a vulnerability where HTTP port 80 cannot be fully disabled, o
6331	CVE-2025-26401	0.05%	16.2th	6.5	A weak password encoding vulnerability in JTEKT's HMI ViewJet C-more series allows local authenticat
6332	CVE-2024-7487	0.05%	16.2th	5.8	This vulnerability allows attackers to bypass app-native authentication in WSO2 Identity Server 7.0.
6333	CVE-2025-48260	0.05%	16.1th	4.3	This CVE describes a missing authorization vulnerability in the Ninja Team GDPR CCPA Compliance Supp
6334	CVE-2024-8286	0.05%	16th	6.5	This Cross-Site Request Forgery (CSRF) vulnerability in the WebToffee GDPR Cookie Consent WordPress
6335	CVE-2023-34732	0.05%	16.1th	5.4	This vulnerability in Flytxt NEON-dX allows attackers to perform brute force attacks against the cha
6336	CVE-2025-43878	0.05%	16.2th	6.0	This vulnerability allows authenticated attackers with Administrator or Resource Administrator roles
6337	CVE-2025-47484	0.05%	16.1th	6.4	This SSRF vulnerability in the Oliver Campion Display Remote Posts Block WordPress plugin allows att
6338	CVE-2025-6865	0.05%	16.2th	4.3	This Cross-Site Request Forgery (CSRF) vulnerability in DaiCuo CMS allows attackers to trick authent
6339	CVE-2025-53097	0.05%	16.1th	5.9	In Roo Code versions before 3.20.3, the AI agent's search_files tool could read sensitive files outs
6340	CVE-2025-53266	0.05%	16.1th	4.3	CVE-2025-53266 is a missing authorization vulnerability in the EdwardBock Cron Logger WordPress plug
6341	CVE-2025-50009	0.05%	16.1th	5.4	This CVE describes a Missing Authorization vulnerability in the Kata Plus WordPress plugin by Climax
6342	CVE-2025-49998	0.05%	16.1th	5.4	This CVE describes a missing authorization vulnerability in the WooCommerce Fortnox Integration plug
6343	CVE-2025-49978	0.05%	16.1th	4.3	This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the eyecix JobSearch
6344	CVE-2025-6106	0.05%	16.2th	4.3	This CSRF vulnerability in WukongCRM 9.0 allows attackers to trick authenticated administrators into
6345	CVE-2025-5876	0.05%	16th	5.3	This vulnerability allows remote attackers to bypass authentication on Lucky Technology LM-520 serie
6346	CVE-2025-5872	0.05%	16th	5.3	CVE-2025-5872 is an authentication bypass vulnerability in eGauge EG3000 Energy Monitor's Setting Ha
6347	CVE-2025-24485	0.05%	16th	5.8	An unauthenticated server-side request forgery vulnerability in MedDream PACS Premium allows attacke
6348	CVE-2025-29630	0.05%	16th	6.6	A vulnerability in Gardyn 4 allows remote attackers with the corresponding SSH private key to gain r
6349	CVE-2025-53662	0.05%	16.1th	6.5	The Jenkins IFTTT Build Notifier Plugin stores sensitive IFTTT Maker Channel Keys unencrypted in con
6350	CVE-2025-53656	0.05%	16.1th	6.5	The Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores sensitive credentials unencry

← Previous Page 127 of 331 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free