Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
6851	CVE-2026-1895	0.05%	15.1th	6.3	CVE-2026-1895 is an improper access control vulnerability in WeKan's attachment storage handler that
6852	CVE-2025-31987	0.05%	15.1th	4.8	CVE-2025-31987 is a resource exhaustion vulnerability in HCL Connections Docs where improper validat
6853	CVE-2025-14798	0.05%	15.2th	5.3	The LearnPress WordPress plugin up to version 4.3.2.4 has an API endpoint that doesn't properly chec
6854	CVE-2025-13255	0.05%	15.2th	6.3	This SQL injection vulnerability in Advanced Library Management System 1.0 allows attackers to manip
6855	CVE-2025-5116	0.05%	14.9th	6.4	The WP Plugin Info Card WordPress plugin has a stored cross-site scripting vulnerability in all vers
6856	CVE-2025-21902	0.05%	15.1th	5.5	This Linux kernel vulnerability in the UCSI (USB Type-C Connector System Software Interface) ACPI ba
6857	CVE-2025-33116	0.05%	15th	4.4	IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data contains a cross-site scripting (XSS) vuln
6858	CVE-2025-21907	0.05%	15.1th	5.5	A Linux kernel memory management vulnerability where poisoned memory pages aren't properly handled d
6859	CVE-2025-4671	0.05%	14.9th	6.4	The Profile Builder WordPress plugin has a stored XSS vulnerability in its user_meta and compare sho
6860	CVE-2025-15246	0.05%	15th	6.3	This vulnerability allows remote attackers to execute arbitrary code through deserialization attacks
6861	CVE-2025-54287	0.05%	15th	6.5	This vulnerability allows attackers with instance configuration permissions in Canonical LXD to perf
6862	CVE-2025-12748	0.05%	15.1th	5.5	A vulnerability in libvirt's XML processing allows authenticated users with limited permissions to c
6863	CVE-2022-49279	0.05%	15th	5.5	This CVE describes an integer overflow vulnerability in the Linux kernel's NFSD (Network File System
6864	CVE-2025-21940	0.05%	15.1th	5.5	A NULL pointer dereference vulnerability exists in the Linux kernel's AMD KFD (Kernel Fusion Driver)
6865	CVE-2025-13275	0.05%	15.2th	4.7	This vulnerability allows remote attackers to upload arbitrary files to the Iqbolshoh php-business-w
6866	CVE-2025-61427	0.05%	15.2th	6.1	This reflected cross-site scripting (XSS) vulnerability in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0 al
6867	CVE-2025-8357	0.05%	15.1th	4.3	The Media Library Assistant WordPress plugin allows authenticated attackers with Author-level permis
6868	CVE-2025-14229	0.05%	15.1th	4.7	This CSV injection vulnerability in SourceCodester Inventory Management System 1.0 allows attackers
6869	CVE-2025-22006	0.05%	15.1th	5.5	A race condition vulnerability in the Linux kernel's TI AM65 CPSW Ethernet driver causes a NULL poin
6870	CVE-2025-1826	0.05%	15th	5.4	This stored XSS vulnerability in IBM Engineering Requirements Management DOORS Next allows authentic
6871	CVE-2024-6986	0.05%	14.9th	5.4	A stored Cross-site Scripting (XSS) vulnerability in parisneo/lollms-webui allows attackers to injec
6872	CVE-2025-54859	0.05%	15.1th	4.8	This stored XSS vulnerability in desknet's NEO allows attackers to inject malicious JavaScript that
6873	CVE-2025-58005	0.05%	15th	5.4	This Server-Side Request Forgery (SSRF) vulnerability in the DriCub WordPress theme allows attackers
6874	CVE-2025-21954	0.05%	15.1th	5.5	This Linux kernel vulnerability allows unreadable network memory packets to be incorrectly transmitt
6875	CVE-2026-21483	0.05%	15.1th	5.4	This is a stored cross-site scripting (XSS) vulnerability in listmonk that allows lower-privileged u
6876	CVE-2025-12869	0.05%	15.1th	4.8	This is a stored cross-site scripting (XSS) vulnerability in a+HRD software developed by aEnrich. It
6877	CVE-2025-3435	0.05%	15th	4.4	The Mang Board WP plugin for WordPress has a stored cross-site scripting vulnerability that allows a
6878	CVE-2024-13805	0.05%	15.2th	6.4	This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to up
6879	CVE-2025-21972	0.05%	15.1th	5.5	A memory management vulnerability in the Linux kernel's MCTP (Management Component Transport Protoco
6880	CVE-2021-47715	0.05%	14.9th	5.3	CVE-2021-47715 is a server-side request forgery vulnerability in Hasura GraphQL Engine that allows a
6881	CVE-2025-11080	0.05%	15th	4.3	This CVE describes an improper authorization vulnerability in the wisdom-education software up to ve
6882	CVE-2022-49066	0.05%	15.1th	5.5	A kernel panic vulnerability in the Linux kernel's veth driver occurs when processing specially craf
6883	CVE-2025-21977	0.05%	15.1th	5.5	A race condition in the Linux kernel's hyperv_fb driver causes system hangs during kdump kernel exec
6884	CVE-2025-24712	0.05%	14.8th	5.4	A Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme's Radius Blocks WordPress plugin al
6885	CVE-2025-27344	0.05%	14.8th	4.3	This CSRF vulnerability in Phee's LinkPreview WordPress plugin allows attackers to trick authenticat
6886	CVE-2025-24714	0.05%	14.8th	5.4	This CSRF vulnerability in the Bubble Menu WordPress plugin allows attackers to trick authenticated
6887	CVE-2025-11104	0.05%	14.9th	6.3	This SQL injection vulnerability in CodeAstro Electricity Billing System 1.0 allows attackers to man
6888	CVE-2025-24716	0.05%	14.8th	5.4	A Cross-Site Request Forgery (CSRF) vulnerability in the Wow-Company Herd Effects WordPress plugin a
6889	CVE-2025-61789	0.05%	14.8th	5.3	This vulnerability in Icinga DB Web allows authorized users to bypass variable protection mechanisms
6890	CVE-2025-27353	0.05%	14.8th	4.3	A Cross-Site Request Forgery (CSRF) vulnerability in the Namaste! LMS WordPress plugin allows attack
6891	CVE-2025-8048	0.05%	14.8th	6.5	This path traversal vulnerability in OpenText Flipper allows attackers to access arbitrary files on
6892	CVE-2025-24340	0.05%	14.7th	6.5	A vulnerability in ctrlX OS allows authenticated low-privileged users to recover plaintext passwords
6893	CVE-2024-11734	0.05%	14.9th	6.5	A denial-of-service vulnerability in Keycloak allows administrative users with realm settings modifi
6894	CVE-2025-11114	0.05%	14.9th	6.3	This SQL injection vulnerability in CodeAstro Online Leave Application 1.0 allows attackers to manip
6895	CVE-2024-57996	0.05%	14.7th	5.5	A Linux kernel vulnerability in the Stochastic Fair Queueing (SFQ) network scheduler allows an array
6896	CVE-2024-53685	0.05%	14.9th	5.5	A denial-of-service vulnerability in the Linux kernel's Ceph filesystem driver where ceph_mdsc_build
6897	CVE-2025-5403	0.05%	14.9th	6.3	This critical SQL injection vulnerability in Blogbook's admin interface allows attackers to manipula
6898	CVE-2025-24738	0.05%	14.8th	4.3	A Cross-Site Request Forgery (CSRF) vulnerability in the NowButtons.com Call Now Button WordPress pl
6899	CVE-2025-66309	0.05%	14.7th	6.1	This reflected XSS vulnerability in Grav's admin plugin allows attackers to inject malicious scripts
6900	CVE-2025-22704	0.05%	14.8th	5.4	A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Signature plugin allows attackers

← Previous Page 138 of 332 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free