Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
6751	CVE-2025-58225	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6752	CVE-2025-53449	0.17%	37.5th	8.1	This CVE describes a PHP Local File Inclusion vulnerability in the Convex WordPress theme. Attackers
6753	CVE-2025-53448	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6754	CVE-2025-53447	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6755	CVE-2025-53446	0.17%	37.5th	8.1	This CVE describes a PHP Local File Inclusion vulnerability in the Beautique WordPress theme. Attack
6756	CVE-2025-53445	0.17%	37.5th	8.1	This vulnerability allows attackers to include local PHP files through improper filename control in
6757	CVE-2025-53443	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6758	CVE-2025-53442	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through PHP's include/requi
6759	CVE-2025-53441	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6760	CVE-2025-53439	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6761	CVE-2025-53438	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through PHP's include/requi
6762	CVE-2025-53437	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6763	CVE-2025-53436	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6764	CVE-2025-53435	0.17%	37.5th	8.1	This CVE describes a PHP Local File Inclusion vulnerability in the Plan My Day WordPress theme. Atta
6765	CVE-2025-53434	0.17%	37.5th	8.1	This vulnerability allows attackers to include local PHP files through improper filename control in
6766	CVE-2025-53433	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
6767	CVE-2025-53432	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6768	CVE-2025-53431	0.17%	37.5th	8.1	This CVE describes a PHP Local File Inclusion vulnerability in the Emberlyn WordPress theme, allowin
6769	CVE-2025-53430	0.17%	37.5th	8.1	This vulnerability allows attackers to include local PHP files through improper filename control in
6770	CVE-2025-53429	0.17%	37.5th	8.1	This vulnerability allows attackers to include arbitrary local files on the server through the Exit
6771	CVE-2025-52768	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through PHP's include/requi
6772	CVE-2025-52745	0.17%	37.5th	8.1	This CVE describes a PHP Local File Inclusion vulnerability in the Farm Agrico WordPress theme. Atta
6773	CVE-2025-49943	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6774	CVE-2025-49942	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6775	CVE-2025-49941	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6776	CVE-2025-49371	0.17%	37.5th	8.1	This vulnerability allows attackers to include and execute arbitrary local files on servers running
6777	CVE-2025-49370	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6778	CVE-2025-49369	0.17%	37.5th	8.1	This CVE describes a PHP Local File Inclusion vulnerability in the Lettuce WordPress theme. Attacker
6779	CVE-2025-49368	0.17%	37.5th	8.1	This vulnerability allows attackers to include local PHP files through improper filename control in
6780	CVE-2025-49367	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6781	CVE-2025-67174	0.17%	37.6th	7.5	This CVE describes a local file inclusion vulnerability in RiteCMS v3.1.0 that allows attackers to r
6782	CVE-2025-67532	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
6783	CVE-2025-67531	0.17%	37.5th	9.8	This CVE describes a PHP Local File Inclusion vulnerability in the Turitor WordPress theme. Attacker
6784	CVE-2025-67530	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
6785	CVE-2025-67529	0.17%	37.5th	9.8	This vulnerability allows attackers to include arbitrary local files via PHP's include/require state
6786	CVE-2025-67527	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
6787	CVE-2025-67526	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
6788	CVE-2025-67525	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
6789	CVE-2025-67524	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
6790	CVE-2025-67523	0.17%	37.5th	9.8	This CVE describes a PHP Local File Inclusion vulnerability in the Exhibz WordPress theme that allow
6791	CVE-2025-67522	0.17%	37.5th	9.8	This CVE describes a PHP Local File Inclusion vulnerability in the NooTheme Jobmonster WordPress the
6792	CVE-2025-67521	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
6793	CVE-2025-67515	0.17%	37.5th	9.8	This CVE describes a PHP Local File Inclusion vulnerability in the Wilmër WordPress theme by Mikado
6794	CVE-2025-53912	0.17%	37.6th	9.6	This vulnerability allows attackers to read arbitrary files on MedDream PACS Premium servers by send
6795	CVE-2025-14242	0.17%	37.6th	6.5	This vulnerability in vsftpd allows a remote authenticated attacker to cause a denial of service (Do
6796	CVE-2026-20875	0.17%	37.6th	7.5	A null pointer dereference vulnerability in Windows LSASS allows attackers to cause a denial of serv
6797	CVE-2025-69258	0.17%	37.5th	9.8	An unauthenticated remote attacker can exploit a LoadLibraryEX vulnerability in Trend Micro Apex Cen
6798	CVE-2025-67937	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6799	CVE-2025-67936	0.17%	37.5th	8.1	This CVE describes a PHP Local File Inclusion vulnerability in the Curly WordPress theme by Mikado-T
6800	CVE-2025-67935	0.17%	37.5th	8.1	This vulnerability allows attackers to include local PHP files on servers running the Optimize WordP

← Previous Page 136 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free