Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 6851 | CVE-2024-54171 |
|
37.3th | 7.1 | IBM EntireX 11.1 has an XML external entity injection vulnerability that allows authenticated attack | |
| 6852 | CVE-2024-29409 |
|
37.3th | 5.5 | A file upload vulnerability in NestJS allows remote attackers to execute arbitrary code by manipulat | |
| 6853 | CVE-2025-30389 |
|
37.3th | 8.7 | An improper authorization vulnerability in Azure Bot Framework SDK allows unauthorized attackers to | |
| 6854 | CVE-2025-46481 |
|
37.3th | 7.2 | This vulnerability allows attackers to inject malicious objects through deserialization of untrusted | |
| 6855 | CVE-2025-46473 |
|
37.3th | 7.2 | This vulnerability allows attackers to inject malicious objects through deserialization of untrusted | |
| 6856 | CVE-2025-3275 |
|
37.3th | 6.4 | This vulnerability allows authenticated WordPress users with Contributor-level access or higher to i | |
| 6857 | CVE-2025-3247 |
|
37.3th | 5.3 | The Contact Form 7 WordPress plugin has an order replay vulnerability that allows unauthenticated at | |
| 6858 | CVE-2025-2314 |
|
37.3th | 6.4 | This vulnerability allows authenticated WordPress users with contributor-level access or higher to i | |
| 6859 | CVE-2024-49706 |
|
37.3th | 6.1 | This CVE describes an open redirect vulnerability in Internet Starter, a module of the SoftCOM iKSOR | |
| 6860 | CVE-2024-13673 |
|
37.3th | 6.4 | The Big Boom Directory WordPress plugin has a stored XSS vulnerability in its 'bbd-search' shortcode | |
| 6861 | CVE-2025-31081 |
|
37.3th | 7.1 | This vulnerability allows attackers to inject malicious scripts into web pages generated by the Enab | |
| 6862 | CVE-2025-44879 |
|
37.3th | 7.5 | A buffer overflow vulnerability exists in the upload.cgi component of WS-WN572HP3 devices, allowing | |
| 6863 | CVE-2025-31219 |
|
37.3th | 7.1 | This is a memory corruption vulnerability in Apple operating systems that could allow an attacker to | |
| 6864 | CVE-2025-20949 |
|
37.3th | 5.1 | A path traversal vulnerability in Samsung Members app allows attackers to read and write arbitrary f | |
| 6865 | CVE-2025-40736 |
|
37.3th | 9.8 | This critical vulnerability in SINEC NMS allows unauthenticated attackers to reset the superadmin pa | |
| 6866 | CVE-2025-48501 |
|
37.3th | 9.8 | This CVE describes an OS command injection vulnerability in Nimesa Backup and Recovery software vers | |
| 6867 | CVE-2025-8492 |
|
37.3th | 5.3 | The Salon Booking System WordPress plugin has an authorization bypass vulnerability that allows unau | |
| 6868 | CVE-2025-26416 |
|
37.3th | 9.8 | This critical vulnerability in Android's Skia graphics library allows remote attackers to execute ar | |
| 6869 | CVE-2025-12260 |
|
37.3th | 8.8 | A stack-based buffer overflow vulnerability in TOTOLINK A3300R routers allows remote attackers to ex | |
| 6870 | CVE-2025-12258 |
|
37.3th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on TOTOLINK A3300R routers by e | |
| 6871 | CVE-2025-12241 |
|
37.3th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on TOTOLINK A3300R routers by e | |
| 6872 | CVE-2025-15440 |
|
37.3th | 7.2 | The iONE360 configurator WordPress plugin has a stored XSS vulnerability in its contact form paramet | |
| 6873 | CVE-2025-13081 |
|
37.2th | 5.9 | This CVE describes an object injection vulnerability in Drupal core that allows attackers to modify | |
| 6874 | CVE-2024-47866 |
|
37.3th | 7.5 | This vulnerability in Ceph's RGW (RADOS Gateway) allows attackers to cause a denial-of-service by se | |
| 6875 | CVE-2022-50591 |
|
37.3th | 9.8 | This vulnerability allows remote attackers to bypass authentication and execute SQL injection attack | |
| 6876 | CVE-2025-65868 |
|
37.3th | 7.5 | This XML external entity (XXE) injection vulnerability in eyoucms v1.7.1 allows remote attackers to | |
| 6877 | CVE-2025-0841 |
|
37.1th | 7.3 | This critical vulnerability in Aridius XYZ for OpenCart allows remote attackers to execute arbitrary | |
| 6878 | CVE-2024-10001 |
|
37.1th | 7.1 | A code injection vulnerability in GitHub Enterprise Server allows attackers to inject malicious code | |
| 6879 | CVE-2025-24734 |
|
37.2th | 8.8 | CVE-2025-24734 is a missing authorization vulnerability in the CodeSolz Better Find and Replace Word | |
| 6880 | CVE-2024-43707 |
|
37.1th | 7.7 | This CVE describes an information disclosure vulnerability in Kibana where users without Fleet privi | |
| 6881 | CVE-2024-10497 |
|
37.2th | 8.8 | This CVE describes an authorization bypass vulnerability in Schneider Electric devices where authent | |
| 6882 | CVE-2025-23528 |
|
37.2th | 8.8 | This vulnerability in the Wouter Dijkstra DD Roles WordPress plugin allows attackers to escalate pri | |
| 6883 | CVE-2024-57775 |
|
37.2th | 8.8 | This SQL injection vulnerability in JFinalOA allows attackers to execute arbitrary SQL commands thro | |
| 6884 | CVE-2024-57770 |
|
37.2th | 8.8 | This SQL injection vulnerability in JFinalOA allows attackers to execute arbitrary SQL commands thro | |
| 6885 | CVE-2025-0518 |
|
37.2th | 5.3 | This CVE describes an unchecked return value and out-of-bounds read vulnerability in FFmpeg's pan au | |
| 6886 | CVE-2025-0066 |
|
37.2th | 9.9 | This critical vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform's Internet Communication | |
| 6887 | CVE-2023-42228 |
|
37.2th | 8.8 | This vulnerability allows low-privileged users in Pat Infinite Solutions HelpdeskAdvanced to modify | |
| 6888 | CVE-2024-54818 |
|
37.2th | 8.8 | CVE-2024-54818 is an incorrect access control vulnerability in SourceCodester Computer Laboratory Ma | |
| 6889 | CVE-2024-55517 |
|
37.2th | 8.8 | This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the grou | |
| 6890 | CVE-2025-25761 |
|
37.1th | 7.2 | HkCms v2.3.2.240702 contains an arbitrary file write vulnerability in Appcenter.php that allows atta | |
| 6891 | CVE-2025-26305 |
|
37.2th | 8.2 | A memory leak vulnerability in libming's SWF parser allows attackers to cause denial of service by s | |
| 6892 | CVE-2024-39327 |
|
37.2th | 9.9 | This vulnerability in Atos Eviden IDRA (Identity and Access Management solution) allows attackers to | |
| 6893 | CVE-2025-1191 |
|
37.1th | 6.3 | This vulnerability allows remote attackers to execute SQL injection attacks via the 'breject_id' par | |
| 6894 | CVE-2025-21375 |
|
37.2th | 7.8 | This vulnerability in the Kernel Streaming WOW Thunk Service Driver allows attackers to escalate pri | |
| 6895 | CVE-2025-30112 |
|
37.2th | 7.1 | This vulnerability allows attackers to bypass the physical button pairing requirement on 70mai Dash | |
| 6896 | CVE-2025-30168 |
|
37.1th | 6.9 | Parse Server versions before 7.5.2 and 8.0.2 have an authentication vulnerability where third-party | |
| 6897 | CVE-2024-7983 |
|
37.1th | 7.5 | This vulnerability in open-webui version 0.3.8 exposes an unauthenticated markdown-to-HTML conversio | |
| 6898 | CVE-2024-12534 |
|
37.1th | 7.5 | This vulnerability in open-webui/open-webui allows unauthenticated attackers to submit extremely lar | |
| 6899 | CVE-2025-30137 |
|
37.1th | 9.8 | This vulnerability allows attackers to gain unauthorized access to G-Net GNET dashcam systems using | |
| 6900 | CVE-2024-30143 |
|
37.2th | 4.3 | This vulnerability in HCL AppScan Traffic Recorder allows attackers to bypass directory restrictions |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free