Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 6651 | CVE-2025-9229 |
|
15.3th | 5.3 | An information disclosure vulnerability in MiR robot software allows unauthenticated attackers to ac | |
| 6652 | CVE-2025-5421 |
|
15.3th | 6.3 | This critical vulnerability in juzaweb CMS allows unprivileged users to access the plugin editor pag | |
| 6653 | CVE-2025-23333 |
|
15.3th | 5.9 | CVE-2025-23333 is an out-of-bounds read vulnerability in NVIDIA Triton Inference Server's Python bac | |
| 6654 | CVE-2025-5423 |
|
15.3th | 6.3 | This vulnerability allows unprivileged users to modify general system settings in juzaweb CMS due to | |
| 6655 | CVE-2025-27137 |
|
15.3th | 4.4 | This vulnerability allows authenticated users with SYSTEM_CONFIGURATION permission in Dependency-Tra | |
| 6656 | CVE-2025-59716 |
|
15.5th | 5.3 | This vulnerability in ownCloud Guests allows unauthenticated attackers to enumerate valid pending gu | |
| 6657 | CVE-2025-45388 |
|
15.6th | 6.1 | Wagtail CMS 6.4.1 has a stored XSS vulnerability in document upload functionality where attackers ca | |
| 6658 | CVE-2026-20823 |
|
15.5th | 5.5 | This vulnerability allows an authorized attacker with local access to a Windows system to access sen | |
| 6659 | CVE-2025-34254 |
|
15.3th | 5.3 | This vulnerability allows unauthenticated remote attackers to enumerate valid usernames on D-Link Nu | |
| 6660 | CVE-2025-13097 |
|
15.3th | 5.4 | This vulnerability allows a remote attacker to escape Chrome's sandbox protection through a crafted | |
| 6661 | CVE-2025-34255 |
|
15.3th | 5.3 | This vulnerability allows unauthenticated attackers to enumerate valid email addresses on D-Link Nuc | |
| 6662 | CVE-2026-0831 |
|
15.3th | 5.3 | The Templately WordPress plugin has an arbitrary file write vulnerability that allows unauthenticate | |
| 6663 | CVE-2026-20827 |
|
15.5th | 5.5 | This vulnerability allows an authorized attacker with local access to a Windows system to access sen | |
| 6664 | CVE-2025-5425 |
|
15.3th | 6.3 | CVE-2025-5425 is a critical improper access control vulnerability in juzaweb CMS that allows unprivi | |
| 6665 | CVE-2025-20348 |
|
15.4th | 5.0 | This vulnerability allows authenticated low-privileged attackers to bypass authorization controls on | |
| 6666 | CVE-2025-22030 |
|
15.4th | 5.5 | A deadlock vulnerability in the Linux kernel's zswap memory compression subsystem that can cause sys | |
| 6667 | CVE-2025-5428 |
|
15.3th | 6.3 | This critical vulnerability in juzaweb CMS allows unprivileged users to access and potentially delet | |
| 6668 | CVE-2025-46335 |
|
15.3th | 5.4 | A stored cross-site scripting (XSS) vulnerability in Mobile Security Framework (MobSF) allows attack | |
| 6669 | CVE-2025-58649 |
|
15.3th | 4.3 | This vulnerability in All In One SEO Pack WordPress plugin exposes sensitive embedded data through s | |
| 6670 | CVE-2025-60092 |
|
15.4th | 5.3 | This vulnerability in Shahjada Download Manager WordPress plugin allows unauthorized users to retrie | |
| 6671 | CVE-2025-60095 |
|
15.3th | 4.3 | This vulnerability in the Stackable WordPress plugin allows attackers to retrieve embedded sensitive | |
| 6672 | CVE-2026-20838 |
|
15.5th | 5.5 | This Windows Kernel vulnerability allows authenticated local attackers to extract sensitive informat | |
| 6673 | CVE-2025-67316 |
|
15.3th | 5.4 | This vulnerability allows remote attackers to execute arbitrary code on devices running realme Inter | |
| 6674 | CVE-2025-65237 |
|
15.4th | 6.1 | This reflected cross-site scripting (XSS) vulnerability in OpenCode Systems USSD Gateway allows atta | |
| 6675 | CVE-2025-63420 |
|
15.3th | 4.1 | CVE-2025-63420 is a stored HTML injection vulnerability in CrushFTP11's admin panel that allows atta | |
| 6676 | CVE-2025-12129 |
|
15.4th | 5.3 | The CubeWP WordPress plugin has an information exposure vulnerability that allows unauthenticated at | |
| 6677 | CVE-2025-9031 |
|
15.3th | 4.3 | This CVE describes an Observable Timing Discrepancy vulnerability in DivvyDrive Web that allows atta | |
| 6678 | CVE-2025-4512 |
|
15.4th | 4.3 | This vulnerability allows attackers to inject malicious scripts into the Inetum IODAS web interface | |
| 6679 | CVE-2024-13138 |
|
15.3th | 4.7 | This vulnerability allows remote attackers to upload arbitrary files without restrictions in wangl19 | |
| 6680 | CVE-2025-62292 |
|
15.3th | 4.3 | This vulnerability allows authenticated low-privileged users in SonarQube to access sensitive user i | |
| 6681 | CVE-2026-20862 |
|
15.5th | 5.5 | This vulnerability in Windows Management Services allows an authenticated attacker to access sensiti | |
| 6682 | CVE-2025-13200 |
|
15.3th | 5.3 | This vulnerability in SourceCodester Farm Management System 1.0 allows attackers to remotely view di | |
| 6683 | CVE-2025-9415 |
|
15.4th | 6.3 | This vulnerability in GreenCMS allows attackers to upload arbitrary files without restrictions via t | |
| 6684 | CVE-2025-60125 |
|
15.4th | 5.3 | This vulnerability in the FoodBook WordPress plugin allows attackers to retrieve embedded sensitive | |
| 6685 | CVE-2023-53032 |
|
15.4th | 5.5 | This CVE describes an integer overflow vulnerability in the Linux kernel's netfilter ipset module. W | |
| 6686 | CVE-2025-67427 |
|
15.5th | 6.5 | A Blind Server-Side Request Forgery vulnerability in evershop allows unauthenticated attackers to fo | |
| 6687 | CVE-2025-15414 |
|
15.6th | 4.7 | This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in go-sonic's Theme Fetching A | |
| 6688 | CVE-2025-67958 |
|
15.2th | 6.5 | This CVE describes a Missing Authorization vulnerability in TaxCloud for WooCommerce (simple-sales-t | |
| 6689 | CVE-2025-60140 |
|
15.4th | 5.3 | The Tribal WordPress plugin versions up to 1.3.3 contains a vulnerability where sensitive informatio | |
| 6690 | CVE-2025-13174 |
|
15.5th | 6.3 | This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the WeRSS we-mp-rss Webhook | |
| 6691 | CVE-2025-59714 |
|
15.4th | 6.5 | This vulnerability allows group administrators who are not Grouper system administrators to configur | |
| 6692 | CVE-2025-59715 |
|
15.3th | 4.8 | This reflected cross-site scripting (XSS) vulnerability in SMSEagle allows attackers to inject malic | |
| 6693 | CVE-2026-20932 |
|
15.5th | 5.5 | This vulnerability in Windows File Explorer allows an authorized attacker with local access to a sys | |
| 6694 | CVE-2025-51060 |
|
15.2th | 6.5 | This vulnerability in CPUID cpuz.sys driver allows attackers to execute arbitrary code with kernel p | |
| 6695 | CVE-2025-50074 |
|
15.5th | 4.9 | This vulnerability allows high-privileged attackers with network access via HTTP to access sensitive | |
| 6696 | CVE-2025-50075 |
|
15.4th | 6.5 | This vulnerability in Oracle Financial Services Revenue Management and Billing allows authenticated | |
| 6697 | CVE-2026-20937 |
|
15.5th | 5.5 | This vulnerability allows an authorized attacker with local access to a Windows system to access sen | |
| 6698 | CVE-2025-53035 |
|
15.4th | 6.5 | This vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows authen | |
| 6699 | CVE-2025-69229 |
|
15.3th | 5.3 | AIOHTTP versions 3.13.2 and below contain a vulnerability where handling chunked HTTP messages can c | |
| 6700 | CVE-2026-20939 |
|
15.5th | 5.5 | This vulnerability allows an authorized attacker with local access to a Windows system to access sen |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free