Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 651 | CVE-2025-1176 |
|
56.8th | 5.0 | A critical heap-based buffer overflow vulnerability in GNU Binutils' linker component (ld) allows re | |
| 652 | CVE-2025-0370 |
|
56.8th | 6.4 | The WP Shortcodes Plugin — Shortcodes Ultimate for WordPress is vulnerable to stored cross-site sc | |
| 653 | CVE-2025-3422 |
|
56.9th | 5.4 | This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to ex | |
| 654 | CVE-2025-24408 |
|
56.8th | 6.5 | Adobe Commerce has an information exposure vulnerability that allows low-privileged attackers to acc | |
| 655 | CVE-2025-20359 |
|
56.8th | 6.5 | A buffer under-read vulnerability in Snort 3's HTTP decoder allows unauthenticated remote attackers | |
| 656 | CVE-2025-0968 |
|
56.6th | 5.3 | The ElementsKit Elementor addons plugin for WordPress has an information disclosure vulnerability th | |
| 657 | CVE-2025-24319 |
|
56.6th | 6.5 | This vulnerability allows attackers to send specific API requests to BIG-IP Next Central Manager tha | |
| 658 | CVE-2025-3664 |
|
56.5th | 5.3 | This critical vulnerability in TOTOLINK A3700R routers allows attackers to bypass access controls on | |
| 659 | CVE-2024-8149 |
|
56.5th | 4.6 | A reflected Cross-Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS allows authenticated | |
| 660 | CVE-2025-1502 |
|
56.5th | 5.3 | The IP2Location Redirection plugin for WordPress has an authentication bypass vulnerability that all | |
| 661 | CVE-2025-11171 |
|
56.4th | 5.3 | The Chartify WordPress plugin has a critical authentication bypass vulnerability that allows unauthe | |
| 662 | CVE-2025-2290 |
|
56.3th | 5.3 | The LifterLMS WordPress plugin has an unauthenticated post trashing vulnerability that allows attack | |
| 663 | CVE-2025-67707 |
|
56.3th | 5.6 | ArcGIS Server versions 11.5 and earlier on Windows and Linux contain a file upload vulnerability tha | |
| 664 | CVE-2025-67706 |
|
56.3th | 5.6 | ArcGIS Server versions 11.5 and earlier on Windows and Linux contain a file upload vulnerability whe | |
| 665 | CVE-2024-54497 |
|
56.2th | 6.5 | This vulnerability in Apple operating systems allows processing malicious web content to cause denia | |
| 666 | CVE-2025-10619 |
|
56.2th | 6.3 | This vulnerability allows remote attackers to execute arbitrary operating system commands via comman | |
| 667 | CVE-2025-63402 |
|
56.2th | 5.5 | This vulnerability in HCLTech GRAGON allows remote attackers to execute arbitrary code by exploiting | |
| 668 | CVE-2025-0237 |
|
56.1th | 5.4 | This vulnerability in Mozilla's WebChannel API allows privilege escalation by accepting arbitrary pr | |
| 669 | CVE-2025-30722 |
|
56.1th | 5.3 | A vulnerability in Oracle MySQL's mysqldump client allows low-privileged attackers with network acce | |
| 670 | CVE-2025-30817 |
|
56th | 5.4 | This CVE describes a missing authorization vulnerability in the wpzita Z Companion WordPress plugin | |
| 671 | CVE-2025-32218 |
|
56th | 5.4 | This CVE describes a missing authorization vulnerability in the TableOn WordPress plugin that allows | |
| 672 | CVE-2025-4054 |
|
56th | 6.1 | The Relevanssi WordPress plugin has a stored XSS vulnerability in its highlights functionality that | |
| 673 | CVE-2025-24908 |
|
56th | 6.8 | This path traversal vulnerability in Hitachi Vantara Pentaho Data Integration & Analytics allows att | |
| 674 | CVE-2025-1805 |
|
55.9th | 5.3 | CVE-2025-1805 is a cryptographic vulnerability in Crypt::Salt for Perl version 0.01 where the insecu | |
| 675 | CVE-2025-8805 |
|
56th | 5.3 | A denial-of-service vulnerability exists in Open5GS SMF component where the smf_gsm_state_wait_pfcp_ | |
| 676 | CVE-2025-8801 |
|
56th | 5.3 | This vulnerability in Open5GS AMF component allows remote attackers to cause denial of service by ex | |
| 677 | CVE-2024-45598 |
|
55.9th | 6.0 | This vulnerability in Cacti allows administrators to read arbitrary local files on the server by man | |
| 678 | CVE-2025-21316 |
|
55.7th | 5.5 | This Windows kernel vulnerability allows attackers to read sensitive memory information from the ker | |
| 679 | CVE-2025-25274 |
|
55.7th | 4.3 | This vulnerability allows authenticated users to execute slash commands in archived Mattermost chann | |
| 680 | CVE-2025-26644 |
|
55.7th | 5.1 | This vulnerability in Windows Hello's automated recognition mechanism allows an unauthorized local a | |
| 681 | CVE-2025-5149 |
|
55.7th | 5.6 | This CVE describes an improper authentication vulnerability in WCMS that allows attackers to bypass | |
| 682 | CVE-2025-7415 |
|
55.7th | 6.3 | This critical vulnerability in Tenda O3V2 routers allows remote attackers to execute arbitrary comma | |
| 683 | CVE-2025-14092 |
|
55.7th | 4.7 | This CVE describes an OS command injection vulnerability in Edimax BR-6478AC V3 routers. Attackers c | |
| 684 | CVE-2025-24988 |
|
55.6th | 6.6 | This vulnerability allows an authorized attacker with physical access to a Windows system to exploit | |
| 685 | CVE-2025-54057 |
|
55.6th | 6.1 | This CVE describes a cross-site scripting (XSS) vulnerability in Apache SkyWalking where malicious s | |
| 686 | CVE-2024-56276 |
|
55.5th | 4.3 | This CVE describes a missing authorization vulnerability in WPForms Contact Form plugin that allows | |
| 687 | CVE-2025-24611 |
|
55.4th | 4.9 | This path traversal vulnerability in WP Ultimate Exporter allows attackers to read arbitrary files o | |
| 688 | CVE-2024-55541 |
|
55.3th | 6.1 | A stored cross-site scripting (XSS) vulnerability in Acronis Cyber Protect 16 allows attackers to in | |
| 689 | CVE-2025-1543 |
|
55.4th | 4.3 | This vulnerability in iteachyou Dreamer CMS 4.1.3 allows remote attackers to perform path traversal | |
| 690 | CVE-2024-13829 |
|
55.3th | 5.3 | The Tripetto WordPress plugin has a vulnerability that allows unauthenticated attackers to access fi | |
| 691 | CVE-2025-34220 |
|
55.3th | 5.3 | An unauthenticated API endpoint in Vasion Print (formerly PrinterLogic) allows remote attackers to e | |
| 692 | CVE-2024-12637 |
|
55.3th | 5.3 | The Moving Users WordPress plugin exposes sensitive user data through predictable JSON file location | |
| 693 | CVE-2024-12713 |
|
55.2th | 5.3 | The SureForms WordPress plugin has an information exposure vulnerability that allows unauthenticated | |
| 694 | CVE-2024-11290 |
|
55.3th | 5.3 | The Member Access WordPress plugin up to version 1.1.6 allows unauthenticated attackers to bypass co | |
| 695 | CVE-2024-12184 |
|
55.3th | 5.3 | This vulnerability in the WordPress Contact Forms by Cimatti plugin allows unauthenticated attackers | |
| 696 | CVE-2025-5525 |
|
55.3th | 5.6 | CVE-2025-5525 is a critical command injection vulnerability in Jrohy trojan versions up to 2.15.3. A | |
| 697 | CVE-2025-66404 |
|
55.3th | 6.4 | This CVE describes a command injection vulnerability in the exec_in_pod tool of mcp-server-kubernete | |
| 698 | CVE-2025-21357 |
|
55.2th | 6.7 | Microsoft Outlook contains a remote code execution vulnerability that allows attackers to execute ar | |
| 699 | CVE-2025-1214 |
|
55.1th | 6.3 | CVE-2025-1214 is a critical missing authorization vulnerability in PiHome 2.0's role-based access co | |
| 700 | CVE-2025-3040 |
|
55.1th | 6.3 | CVE-2025-3040 is a critical unrestricted file upload vulnerability in Project Worlds Online Time Tab |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free