Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
6801	CVE-2025-67925	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6802	CVE-2025-67920	0.17%	37.5th	9.8	This vulnerability allows attackers to include local PHP files through improper filename control in
6803	CVE-2025-22712	0.17%	37.5th	9.8	This vulnerability allows attackers to include arbitrary local files through PHP's include/require s
6804	CVE-2025-22708	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
6805	CVE-2025-22707	0.17%	37.5th	9.8	This vulnerability allows attackers to include arbitrary local files through PHP's include/require s
6806	CVE-2025-22509	0.17%	37.5th	9.8	This vulnerability allows attackers to include arbitrary local files through PHP's include/require s
6807	CVE-2025-14431	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
6808	CVE-2025-14430	0.17%	37.5th	9.8	This CVE describes a PHP Local File Inclusion vulnerability in the Brook WordPress theme that allows
6809	CVE-2025-14429	0.17%	37.5th	9.8	This vulnerability allows attackers to include local PHP files through improper filename control in
6810	CVE-2025-14359	0.17%	37.5th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
6811	CVE-2025-12550	0.17%	37.5th	9.8	This CVE describes a PHP Local File Inclusion vulnerability in the OchaHouse WordPress theme that al
6812	CVE-2025-12549	0.17%	37.5th	9.8	This CVE describes a PHP Local File Inclusion vulnerability in the Rozy - Flower Shop WordPress them
6813	CVE-2025-69081	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6814	CVE-2025-69080	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6815	CVE-2025-69086	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6816	CVE-2025-69083	0.17%	37.5th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
6817	CVE-2024-57437	0.16%	37.5th	6.5	RuoYi v4.8.0 contains a SQL injection vulnerability in the orderby parameter at the /monitor/online/
6818	CVE-2025-22146	0.16%	37.5th	9.1	A critical SAML SSO vulnerability in Sentry allows attackers to take over any user account by using
6819	CVE-2025-0355	0.16%	37.4th	7.5	A missing authentication vulnerability in multiple NEC Aterm router models allows attackers to retri
6820	CVE-2025-0910	0.16%	37.4th	8.8	This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable v
6821	CVE-2025-0901	0.16%	37.4th	8.8	This vulnerability in PDF-XChange Editor allows remote attackers to execute arbitrary code by tricki
6822	CVE-2025-0899	0.16%	37.4th	8.8	A use-after-free vulnerability in PDF-XChange Editor's AcroForm handling allows remote attackers to
6823	CVE-2024-38316	0.16%	37.4th	4.3	IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 have an email rate limiting vulnerability that a
6824	CVE-2025-31606	0.16%	37.4th	4.8	This CVE describes a Missing Authorization vulnerability in the SP Blog Designer WordPress plugin th
6825	CVE-2024-12776	0.16%	37.4th	8.1	This vulnerability allows attackers to reset any user's password without verifying the reset code, e
6826	CVE-2025-2450	0.16%	37.4th	8.8	This vulnerability allows remote attackers to execute arbitrary code on systems running NI Vision Bu
6827	CVE-2024-13650	0.16%	37.4th	6.4	This vulnerability allows authenticated WordPress users with Contributor-level access or higher to i
6828	CVE-2025-30964	0.16%	37.4th	5.4	This SSRF vulnerability in the Photography WordPress theme allows attackers to make the server send
6829	CVE-2025-3622	0.16%	37.4th	5.5	A critical deserialization vulnerability in Xorbits Inference allows attackers to execute arbitrary
6830	CVE-2025-2222	0.16%	37.5th	7.8	This CVE describes a vulnerability where files or directories are accessible over HTTPS to external
6831	CVE-2024-13898	0.16%	37.4th	4.4	This stored XSS vulnerability in the Simple Banner WordPress plugin allows authenticated administrat
6832	CVE-2025-2874	0.16%	37.4th	4.4	This stored XSS vulnerability in the User Submitted Posts WordPress plugin allows authenticated admi
6833	CVE-2025-1512	0.16%	37.4th	6.4	This vulnerability allows authenticated WordPress users with Contributor-level access or higher to i
6834	CVE-2025-8320	0.16%	37.5th	8.8	Network-adjacent attackers can execute arbitrary code on Tesla Wall Connector devices without authen
6835	CVE-2025-43234	0.16%	37.5th	9.8	This CVE describes memory corruption vulnerabilities in Apple's graphics processing that could allow
6836	CVE-2025-7911	0.16%	37.4th	8.8	A critical stack-based buffer overflow vulnerability in D-Link DI-8100 routers allows remote attacke
6837	CVE-2025-20292	0.16%	37.4th	4.4	This vulnerability allows authenticated local attackers on Cisco NX-OS devices to execute command in
6838	CVE-2025-45326	0.16%	37.5th	6.5	This vulnerability allows remote attackers to execute arbitrary code on PocketVJ CP systems via the
6839	CVE-2024-47856	0.16%	37.5th	9.8	This vulnerability allows attackers to execute arbitrary code with SYSTEM privileges on Windows syst
6840	CVE-2025-13565	0.16%	37.4th	5.3	This vulnerability allows unauthenticated attackers to perform weak password recovery attacks on Sou
6841	CVE-2023-53923	0.16%	37.5th	9.8	CVE-2023-53923 is a critical privilege escalation vulnerability in UliCMS that allows unauthenticate
6842	CVE-2025-14727	0.16%	37.5th	8.3	A vulnerability in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation allows
6843	CVE-2025-41742	0.16%	37.5th	9.8	Sprecher Automations SPRECON-E devices use default cryptographic keys that allow unauthorized remote
6844	CVE-2026-20868	0.16%	37.5th	8.8	A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allow
6845	CVE-2025-68619	0.16%	37.4th	7.2	Signal K Server versions before 2.19.0 allow authenticated administrators to install npm packages fr
6846	CVE-2026-20418	0.16%	37.4th	9.8	CVE-2026-20418 is a critical out-of-bounds write vulnerability in Thread protocol implementations th
6847	CVE-2024-13300	0.16%	37.2th	6.6	This vulnerability in Drupal's Print Anything module allows attackers to execute arbitrary code on a
6848	CVE-2024-10536	0.16%	37.3th	4.3	The FancyPost WordPress plugin has an authorization vulnerability that allows authenticated users wi
6849	CVE-2025-25297	0.16%	37.3th	8.6	Label Studio versions before 1.16.0 contain a Server-Side Request Forgery (SSRF) vulnerability in th
6850	CVE-2024-13850	0.16%	37.3th	5.5	This stored XSS vulnerability in the Simple add pages or posts WordPress plugin allows authenticated

← Previous Page 137 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free