Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
6601	CVE-2024-44647	0.05%	15.6th	6.1	PHPGurukul Small CRM 3.0 contains a stored cross-site scripting vulnerability in the ticket manageme
6602	CVE-2025-63725	0.05%	15.6th	6.1	This reflected XSS vulnerability in SVX Portal 2.7A allows attackers to inject malicious scripts via
6603	CVE-2024-44635	0.05%	15.6th	6.1	This vulnerability allows attackers to inject malicious scripts into the PHPGurukul Student Record S
6604	CVE-2025-64384	0.05%	15.6th	6.3	This CVE describes a missing authorization vulnerability in the JetFormBuilder WordPress plugin that
6605	CVE-2025-12815	0.05%	15.6th	4.3	An ownership verification flaw in AWS Research and Engineering Studio (RES) Virtual Desktop preview
6606	CVE-2025-6027	0.05%	15.6th	6.3	The Ace User Management WordPress plugin through version 2.0.3 contains an authentication bypass vul
6607	CVE-2025-63593	0.05%	15.6th	6.1	Grav CMS version 1.7.49.5 contains a cross-site scripting (XSS) vulnerability that allows attackers
6608	CVE-2025-50363	0.05%	15.6th	5.4	CVE-2025-50363 is a stored cross-site scripting (XSS) vulnerability in Phpgurukul Maid Hiring Manage
6609	CVE-2025-63443	0.05%	15.6th	5.4	School Management System PHP v1.0 has a cross-site scripting vulnerability in the login page that al
6610	CVE-2025-68214	0.05%	15.6th	4.7	A race condition in the Linux kernel's timer_shutdown_sync() function can cause a kernel warning (WA
6611	CVE-2025-14446	0.05%	15.8th	6.5	The Popup Builder (Easy Notify Lite) WordPress plugin has a missing capability check vulnerability t
6612	CVE-2025-66033	0.05%	15.7th	5.3	The Okta Java Management SDK versions 21.0.0 through 24.0.0 have a memory management vulnerability i
6613	CVE-2024-2105	0.05%	15.9th	6.5	This vulnerability allows an unauthorized attacker within Bluetooth range to send specially crafted
6614	CVE-2025-67528	0.05%	15.9th	5.1	This vulnerability allows attackers to include local files on the server through improper filename c
6615	CVE-2026-2108	0.05%	15.8th	5.3	An unauthenticated denial-of-service vulnerability in jsbroks COCO Annotator allows remote attackers
6616	CVE-2025-65231	0.05%	15.6th	6.1	Barix Instreamer v04.06 and earlier contains a stored cross-site scripting (XSS) vulnerability in th
6617	CVE-2025-12994	0.05%	15.6th	5.3	Medtronic CareLink Network has an information disclosure vulnerability where unauthenticated remote
6618	CVE-2025-65215	0.05%	15.6th	6.1	This CVE describes a stored cross-site scripting (XSS) vulnerability in the Sourcecodester Web-based
6619	CVE-2025-65186	0.05%	15.6th	6.1	Grav CMS 1.7.49 contains a stored cross-site scripting vulnerability in its page editor. Authenticat
6620	CVE-2025-65187	0.05%	15.6th	6.1	A stored cross-site scripting (XSS) vulnerability in CiviCRM allows authenticated users to inject ma
6621	CVE-2025-63317	0.05%	15.6th	5.4	Todoist v8896 contains a stored cross-site scripting (XSS) vulnerability in its file upload API. Att
6622	CVE-2026-22764	0.05%	15.7th	4.3	Dell OpenManage Network Integration versions before 3.9 have an improper authentication vulnerabilit
6623	CVE-2026-1425	0.05%	15.9th	5.6	A stack-based buffer overflow vulnerability exists in pymumu SmartDNS versions up to 47.1, specifica
6624	CVE-2026-25123	0.05%	15.9th	5.3	This vulnerability in Homarr dashboard allows unauthenticated attackers to trigger server-side reque
6625	CVE-2025-69001	0.05%	15.7th	5.3	This CVE describes a code injection vulnerability in the FluentForm WordPress plugin that allows att
6626	CVE-2026-25597	0.05%	15.8th	5.3	PrestaShop versions before 8.2.4 and 9.0.3 have a time-based user enumeration vulnerability in authe
6627	CVE-2025-49643	0.05%	15.6th	6.5	An authenticated Zabbix user (including Guest accounts) can send specially crafted parameters to /im
6628	CVE-2025-51602	0.05%	15.7th	4.8	This vulnerability in VLC media player allows an out-of-bounds read and denial of service when proce
6629	CVE-2026-22916	0.05%	15.6th	4.3	This vulnerability allows low-privileged attackers to trigger critical system functions like reboot
6630	CVE-2026-0531	0.05%	15.8th	6.5	CVE-2026-0531 is a resource exhaustion vulnerability in Kibana Fleet where specially crafted bulk re
6631	CVE-2026-0530	0.05%	15.8th	6.5	This vulnerability in Kibana Fleet allows attackers to send specially crafted requests that cause ex
6632	CVE-2026-0528	0.05%	15.7th	6.5	This CVE describes two denial-of-service vulnerabilities in Metricbeat where specially crafted paylo
6633	CVE-2025-14172	0.05%	15.8th	6.5	The WP Page Permalink Extension plugin for WordPress has a missing authorization vulnerability that
6634	CVE-2025-66838	0.05%	15.7th	6.5	This vulnerability allows attackers to upload files at an unrestricted rate in Aris software, potent
6635	CVE-2025-15235	0.05%	15.9th	6.5	This vulnerability in QOCA aim AI Medical Cloud Platform allows authenticated attackers to modify ne
6636	CVE-2021-47843	0.05%	15.6th	5.4	Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject m
6637	CVE-2025-63883	0.05%	15.6th	5.4	A DOM-based XSS vulnerability in electic-shop v1.0 allows attackers to execute arbitrary JavaScript
6638	CVE-2025-36366	0.05%	15.8th	6.5	IBM Db2 databases are vulnerable to denial of service attacks when users execute queries containing
6639	CVE-2024-53869	0.05%	15.4th	5.5	The NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uni
6640	CVE-2024-13138	0.05%	15.3th	4.7	This vulnerability allows remote attackers to upload arbitrary files without restrictions in wangl19
6641	CVE-2024-53839	0.05%	15.4th	5.5	This vulnerability allows an attacker to read memory beyond intended boundaries in the GetCellInfoLi
6642	CVE-2025-27137	0.05%	15.3th	4.4	This vulnerability allows authenticated users with SYSTEM_CONFIGURATION permission in Dependency-Tra
6643	CVE-2025-1364	0.05%	15.3th	5.3	A critical stack-based buffer overflow vulnerability in MicroWord eScan Antivirus 7.0.32 on Linux al
6644	CVE-2023-53032	0.05%	15.4th	5.5	This CVE describes an integer overflow vulnerability in the Linux kernel's netfilter ipset module. W
6645	CVE-2024-11922	0.05%	15.3th	6.3	This cross-site scripting (XSS) vulnerability in Fortra's GoAnywhere web client allows authenticated
6646	CVE-2024-52888	0.05%	15.3th	5.4	This CVE describes a cross-site scripting (XSS) vulnerability in a Check Point portal where authenti
6647	CVE-2025-32984	0.05%	15.4th	6.1	This stored XSS vulnerability in NETSCOUT nGeniusONE allows attackers to inject malicious scripts vi
6648	CVE-2022-44759	0.05%	15.3th	4.6	This vulnerability in HCL Leap allows attackers to inject malicious scripts into SVG files, which th
6649	CVE-2025-3901	0.05%	15.4th	6.1	This Cross-Site Scripting (XSS) vulnerability in Drupal's Bootstrap Site Alert module allows attacke
6650	CVE-2025-22030	0.05%	15.4th	5.5	A deadlock vulnerability in the Linux kernel's zswap memory compression subsystem that can cause sys

← Previous Page 133 of 331 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free