Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
6701	CVE-2025-0434	0.17%	37.6th	8.8	This vulnerability allows a remote attacker to trigger out-of-bounds memory access in Chrome's V8 Ja
6702	CVE-2024-56113	0.17%	37.6th	7.5	This vulnerability exposes sensitive configuration information from Django settings files when debug
6703	CVE-2024-13276	0.17%	37.6th	7.5	This vulnerability in Drupal File Entity module allows attackers to access sensitive files through f
6704	CVE-2025-20060	0.17%	37.6th	7.5	This vulnerability in the Dario Health Android application allows attackers to access cross-user per
6705	CVE-2022-25773	0.17%	37.5th	4.3	CVE-2022-25773 is a path traversal vulnerability in Mautic's asset upload functionality that allows
6706	CVE-2024-34896	0.17%	37.6th	7.5	The Nedis SmartLife Video Doorbell fails to properly terminate peer-to-peer connections, allowing pr
6707	CVE-2025-24556	0.17%	37.6th	7.5	This vulnerability in the DualCube MooWoodle WordPress plugin allows attackers to retrieve sensitive
6708	CVE-2025-29314	0.17%	37.6th	8.1	This vulnerability allows attackers to intercept and access sensitive information transmitted via in
6709	CVE-2025-26852	0.17%	37.6th	10.0	DESCOR INFOCAD versions 3.5.1 and earlier contain a SQL injection vulnerability that allows attacker
6710	CVE-2025-1916	0.17%	37.6th	8.8	A use-after-free vulnerability in Google Chrome's Profiles component allows attackers to potentially
6711	CVE-2025-3687	0.17%	37.5th	4.3	This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Sticky Notes Handler com
6712	CVE-2025-32479	0.17%	37.6th	7.1	A Cross-Site Request Forgery (CSRF) vulnerability in the Flags Widget WordPress plugin allows attack
6713	CVE-2025-32112	0.17%	37.6th	7.1	A Cross-Site Request Forgery (CSRF) vulnerability in the OTWthemes Sidebar Manager Light WordPress p
6714	CVE-2025-31485	0.17%	37.5th	7.5	This vulnerability in API Platform Core allows GraphQL property grants to be cached with incorrect o
6715	CVE-2025-4545	0.17%	37.5th	5.4	This vulnerability allows authenticated attackers to delete arbitrary files on CTCMS Content Managem
6716	CVE-2025-5671	0.17%	37.6th	8.8	A critical buffer overflow vulnerability in TOTOLINK N302R Plus routers allows remote attackers to e
6717	CVE-2025-46359	0.17%	37.6th	7.2	A path traversal vulnerability in PowerCMS backup/restore feature allows product administrators to e
6718	CVE-2025-9971	0.17%	37.6th	9.8	Planet Technology Industrial Cellular Gateways have a missing authentication vulnerability that allo
6719	CVE-2025-7388	0.17%	37.6th	8.4	This vulnerability allows authenticated users to execute arbitrary operating system commands on Open
6720	CVE-2025-68987	0.17%	37.5th	9.8	This vulnerability allows attackers to include and execute arbitrary local files on servers running
6721	CVE-2025-68985	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
6722	CVE-2025-68984	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
6723	CVE-2025-68983	0.17%	37.5th	9.8	This vulnerability allows attackers to include local PHP files through improper filename control in
6724	CVE-2025-68974	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through the WordPress Socia
6725	CVE-2025-68563	0.17%	37.5th	9.8	This CVE describes a PHP Local File Inclusion vulnerability in the WordPress Subscribe to Unlock Lit
6726	CVE-2025-68540	0.17%	37.5th	9.8	This vulnerability allows attackers to include arbitrary local files through PHP's include/require s
6727	CVE-2025-68537	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
6728	CVE-2025-68530	0.17%	37.5th	9.8	This CVE describes a PHP Local File Inclusion vulnerability in the Bookory WordPress theme. Attacker
6729	CVE-2025-68506	0.17%	37.5th	9.8	This CVE describes a PHP Local File Inclusion vulnerability in the Docket Cache WordPress plugin. At
6730	CVE-2025-14738	0.17%	37.6th	7.5	An improper authentication vulnerability in TP-Link WA850RE Wi-Fi range extenders allows unauthentic
6731	CVE-2025-6326	0.17%	37.5th	8.1	This vulnerability allows attackers to include arbitrary local files through PHP's include/require s
6732	CVE-2025-64377	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper input vali
6733	CVE-2025-64223	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6734	CVE-2025-60061	0.17%	37.5th	8.1	This CVE describes a PHP Local File Inclusion vulnerability in the Kicker WordPress theme by axiomth
6735	CVE-2025-60060	0.17%	37.5th	8.1	This CVE describes a PHP Local File Inclusion vulnerability in the Pubzinne WordPress theme. Attacke
6736	CVE-2025-60059	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6737	CVE-2025-60058	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6738	CVE-2025-60057	0.17%	37.5th	8.1	This CVE describes a PHP Local File Inclusion vulnerability in the DJ Rainflow WordPress theme. Atta
6739	CVE-2025-60056	0.17%	37.5th	8.1	This vulnerability allows attackers to include local PHP files through improper filename control in
6740	CVE-2025-58928	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6741	CVE-2025-58927	0.17%	37.5th	8.1	This CVE describes a PHP Local File Inclusion vulnerability in the Stallion WordPress theme. Attacke
6742	CVE-2025-58926	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6743	CVE-2025-58925	0.17%	37.5th	8.1	This CVE describes a PHP Local File Inclusion vulnerability in the Neptunus WordPress theme. Attacke
6744	CVE-2025-58923	0.17%	37.5th	8.1	This vulnerability allows attackers to include and execute arbitrary local files on servers running
6745	CVE-2025-58901	0.17%	37.5th	8.1	This vulnerability allows attackers to include local PHP files through improper filename control in
6746	CVE-2025-58900	0.17%	37.5th	8.1	This vulnerability allows attackers to include local PHP files through improper filename control in
6747	CVE-2025-58899	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6748	CVE-2025-58709	0.17%	37.5th	8.1	This CVE describes a PHP Local File Inclusion vulnerability in the Legacy WordPress theme by axiomth
6749	CVE-2025-58708	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6750	CVE-2025-58706	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through PHP's include/requi

← Previous Page 135 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free