Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
6801	CVE-2022-49155	0.05%	15.1th	5.5	This CVE involves a kernel bug in the QLogic Fibre Channel driver (qla2xxx) where smp_processor_id()
6802	CVE-2025-14455	0.05%	15.1th	5.4	This vulnerability allows authenticated WordPress users with Contributor-level access or higher to b
6803	CVE-2025-6920	0.05%	14.9th	5.3	CVE-2025-6920 is an authentication bypass vulnerability in ai-inference-server's model inference API
6804	CVE-2025-12305	0.05%	15th	6.3	This vulnerability allows remote attackers to execute arbitrary code through insecure deserializatio
6805	CVE-2025-65553	0.05%	15.2th	6.5	The D3D Wi-Fi Home Security System ZX-G12 v2.1.17 is vulnerable to RF jamming attacks on its 433 MHz
6806	CVE-2025-63848	0.05%	15.2th	6.1	This stored cross-site scripting (XSS) vulnerability in SWI-Prolog allows attackers to inject malici
6807	CVE-2025-4021	0.05%	15th	6.3	CVE-2025-4021 is a critical SQL injection vulnerability in code-projects Patient Record Management S
6808	CVE-2025-59686	0.05%	15th	6.5	Kazaar 1.25.12 has an authorization bypass vulnerability where attackers can access order documents
6809	CVE-2025-49755	0.05%	15th	4.3	This CVE describes a UI spoofing vulnerability in Microsoft Edge for Android where an attacker can m
6810	CVE-2026-23963	0.05%	15th	4.3	Mastodon servers prior to patched versions allow users to set arbitrarily long names for lists/filte
6811	CVE-2025-8581	0.05%	15.2th	4.3	This vulnerability in Google Chrome extensions allows attackers to leak cross-origin data by trickin
6812	CVE-2022-49180	0.05%	15th	5.5	This Linux kernel vulnerability involves incorrect error handling in the LSM (Linux Security Module)
6813	CVE-2026-24855	0.05%	15.2th	5.4	ChurchCRM versions before 6.7.2 have a stored XSS vulnerability in the calendar event description fi
6814	CVE-2025-60161	0.05%	15th	5.4	This Server-Side Request Forgery (SSRF) vulnerability in BdThemes ZoloBlocks WordPress plugin allows
6815	CVE-2025-65516	0.05%	15.2th	6.1	A stored cross-site scripting (XSS) vulnerability in Seafile Community Edition allows attackers to u
6816	CVE-2025-53042	0.05%	15th	4.9	This vulnerability in Oracle MySQL Server's optimizer component allows high-privileged attackers wit
6817	CVE-2025-47730	0.05%	15th	4.8	This CVE describes a hardcoded credential vulnerability in TeleMessage's archiving backend that acce
6818	CVE-2025-21990	0.05%	15.1th	5.5	A NULL pointer dereference vulnerability in the AMD GPU driver of the Linux kernel could cause a ker
6819	CVE-2025-45819	0.05%	15th	6.5	This SQL injection vulnerability in SLiMS 9 Bulian allows attackers to execute arbitrary SQL command
6820	CVE-2025-53045	0.05%	15th	4.9	This vulnerability allows high-privileged attackers with network access to cause a denial of service
6821	CVE-2025-9650	0.05%	15th	5.4	This CVE describes a path traversal vulnerability in yeqifu carRental software that allows remote at
6822	CVE-2025-60646	0.05%	15th	6.1	This stored XSS vulnerability in Xxl-api v1.3.0 allows attackers to inject malicious scripts into th
6823	CVE-2025-53046	0.05%	15th	4.9	This vulnerability allows high-privileged attackers with network access via HTTP to cause a denial o
6824	CVE-2025-7101	0.05%	15.1th	6.3	This critical vulnerability in BoyunCMS allows remote attackers to execute arbitrary code by manipul
6825	CVE-2025-15487	0.05%	15th	4.9	The Code Explorer WordPress plugin up to version 1.4.6 contains a path traversal vulnerability in th
6826	CVE-2025-53053	0.05%	15th	5.5	This vulnerability in MySQL Server's DML component allows authenticated high-privilege attackers to
6827	CVE-2025-31482	0.05%	15.1th	4.3	FreshRSS versions before 1.26.2 contain a cross-site request forgery (CSRF) vulnerability that allow
6828	CVE-2025-53054	0.05%	15th	5.5	A vulnerability in MySQL Server's InnoDB component allows high-privileged attackers with network acc
6829	CVE-2025-60181	0.05%	15th	5.4	This Server-Side Request Forgery (SSRF) vulnerability in Silencesoft RSS Reader allows attackers to
6830	CVE-2025-65427	0.05%	14.9th	6.5	This vulnerability allows attackers to perform unlimited password guessing attempts against the Dbit
6831	CVE-2025-8934	0.05%	15.1th	4.3	This vulnerability allows attackers to inject malicious scripts into the 1000 Projects Sales Managem
6832	CVE-2025-53062	0.05%	15th	4.9	This vulnerability in MySQL Server's InnoDB component allows authenticated high-privileged attackers
6833	CVE-2025-22011	0.05%	15.1th	5.5	This vulnerability in the Linux kernel's ARM device tree for Raspberry Pi CM4 causes a crash in the
6834	CVE-2025-54971	0.05%	15.1th	4.3	This vulnerability allows read-only administrators in Fortinet FortiADC to access external resource
6835	CVE-2025-48937	0.05%	15.1th	4.9	This vulnerability in matrix-rust-sdk allows malicious homeserver operators to modify encrypted even
6836	CVE-2025-53069	0.05%	15th	4.9	This vulnerability in Oracle MySQL Server allows high-privileged attackers with network access to ca
6837	CVE-2025-22017	0.05%	15.1th	5.5	This Linux kernel vulnerability in the devlink subsystem involves improper error handling when xa_al
6838	CVE-2025-22128	0.05%	15.1th	5.5	This CVE describes a kernel warning issue in the ath12k WiFi driver for Linux when handling IRQ affi
6839	CVE-2025-57240	0.05%	15.2th	6.1	This cross-site scripting (XSS) vulnerability in the 17gz International Student service system allow
6840	CVE-2025-53514	0.05%	15.1th	5.9	The Mattermost Confluence Plugin before version 1.5.0 contains an improper input validation vulnerab
6841	CVE-2025-8335	0.05%	15th	4.3	A Cross-Site Request Forgery (CSRF) vulnerability in Simple Car Rental System 1.0 allows attackers t
6842	CVE-2025-63514	0.05%	15th	6.1	The Hospital Management System by kishan0725 contains a stored Cross-Site Scripting (XSS) vulnerabil
6843	CVE-2025-54463	0.05%	15.1th	5.9	The Mattermost Confluence Plugin before version 1.5.0 contains an improper input validation vulnerab
6844	CVE-2025-62255	0.05%	15.1th	6.1	This CVE describes a self cross-site scripting (XSS) vulnerability in Liferay Portal and DXP that al
6845	CVE-2026-25540	0.05%	15th	6.5	Mastodon servers with AUTHORIZED_FETCH enabled are vulnerable to web cache poisoning where ActivityP
6846	CVE-2026-1977	0.05%	15th	6.3	This CVE describes a code injection vulnerability in the mcp-vegalite-server component that allows r
6847	CVE-2025-62476	0.05%	15th	4.9	This vulnerability allows authenticated high-privilege attackers with network access via HTTP to cau
6848	CVE-2025-62477	0.05%	15th	4.9	This vulnerability allows high-privileged attackers with network access via HTTP to cause denial of
6849	CVE-2025-62478	0.05%	15th	4.9	This vulnerability in Oracle ZFS Storage Appliance Kit allows high-privileged attackers with network
6850	CVE-2025-47548	0.05%	14.9th	5.4	This Server-Side Request Forgery (SSRF) vulnerability in the Wbcom Designs Activity Link Preview For

← Previous Page 137 of 332 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free