Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
7001	CVE-2025-2255	0.16%	36.9th	8.7	This vulnerability allows Cross-Site Scripting (XSS) attacks through error messages in GitLab's AppS
7002	CVE-2025-0811	0.16%	36.9th	8.7	This cross-site scripting vulnerability in GitLab allows attackers to inject malicious scripts throu
7003	CVE-2025-2690	0.16%	36.8th	6.3	This critical vulnerability in Yii2 PHP framework allows remote attackers to execute arbitrary code
7004	CVE-2025-2219	0.16%	36.9th	7.3	This critical vulnerability in LoveCardsV2 allows unauthenticated attackers to upload arbitrary file
7005	CVE-2025-27526	0.16%	36.8th	6.5	This CVE describes a deserialization vulnerability in Apache InLong that allows attackers to bypass
7006	CVE-2025-31213	0.16%	36.9th	7.6	This CVE describes a logging vulnerability in Apple's iCloud Keychain where sensitive data (username
7007	CVE-2024-4025	0.16%	36.8th	6.5	A Denial of Service vulnerability in GitLab allows attackers to crash the application by uploading s
7008	CVE-2025-8213	0.16%	36.9th	7.2	The NinjaScanner WordPress plugin contains an arbitrary file deletion vulnerability that allows auth
7009	CVE-2025-49831	0.16%	36.9th	9.8	This vulnerability allows attackers to reroute authentication requests from Secrets Manager to malic
7010	CVE-2025-62260	0.16%	36.9th	7.5	This vulnerability allows remote attackers to perform denial-of-service attacks against Liferay Port
7011	CVE-2025-60553	0.16%	36.8th	9.8	This vulnerability allows remote attackers to execute arbitrary code on D-Link DIR600L routers via a
7012	CVE-2025-60548	0.16%	36.8th	9.8	This vulnerability allows remote attackers to execute arbitrary code on D-Link DIR600L routers by ex
7013	CVE-2025-53410	0.16%	36.9th	6.5	This vulnerability in QNAP File Station 5 allows authenticated remote attackers to exhaust system re
7014	CVE-2025-13434	0.16%	36.9th	5.3	CVE-2025-13434 is a vulnerability in jameschz Hush Framework 2.0 where improper neutralization of th
7015	CVE-2025-12819	0.16%	36.8th	7.5	This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands during PgBounc
7016	CVE-2026-22238	0.16%	36.9th	9.8	This critical vulnerability in BLUVOYIX allows unauthenticated attackers to create admin users via s
7017	CVE-2026-22236	0.16%	36.9th	9.8	This critical authentication bypass vulnerability in BLUVOYIX allows unauthenticated attackers to se
7018	CVE-2026-1632	0.16%	36.9th	9.1	MOMA Seismic Station versions v2.4.2520 and earlier expose their web management interface without re
7019	CVE-2024-57723	0.16%	36.7th	6.5	CVE-2024-57723 is a segmentation violation vulnerability in lunasvg's composition_source_over compon
7020	CVE-2024-57721	0.16%	36.7th	6.5	Lunasvg v3.0.0 contains a segmentation violation vulnerability in the plutovg_path_add_path componen
7021	CVE-2025-0534	0.16%	36.6th	7.3	This critical SQL injection vulnerability in the 1000 Projects Campaign Management System Platform f
7022	CVE-2024-54660	0.16%	36.8th	8.7	This JNDI injection vulnerability in Cloudera JDBC connectors allows attackers to inject malicious p
7023	CVE-2025-23514	0.16%	36.7th	5.3	This CVE describes a Missing Authorization vulnerability in the Sanjaysolutions Loginplus WordPress
7024	CVE-2025-21340	0.16%	36.7th	5.5	This vulnerability allows attackers to bypass Windows Virtualization-Based Security (VBS) protection
7025	CVE-2025-25477	0.16%	36.7th	8.1	A host header injection vulnerability in SysPass 3.2x allows attackers to inject malicious JavaScrip
7026	CVE-2025-1293	0.16%	36.6th	8.2	CVE-2025-1293 is an authentication bypass vulnerability in Hermes versions up to 0.4.0 that improper
7027	CVE-2025-1426	0.16%	36.6th	8.8	A heap buffer overflow vulnerability in Google Chrome's GPU component on Android allows remote attac
7028	CVE-2025-1133	0.16%	36.6th	7.2	This vulnerability allows authenticated administrators in ChurchCRM versions 5.13.0 and earlier to e
7029	CVE-2025-26376	0.16%	36.7th	6.5	This vulnerability allows authenticated low-privileged attackers to modify user data in Q-Free MaxTi
7030	CVE-2025-26367	0.16%	36.7th	4.3	This vulnerability allows authenticated low-privileged attackers to create arbitrary user groups in
7031	CVE-2024-45386	0.16%	36.8th	8.8	This vulnerability allows session hijacking in Siemens industrial control software. An attacker who
7032	CVE-2025-24029	0.16%	36.6th	5.3	CVE-2025-24029 is an improper permissions vulnerability in Tuleap that allows users (including anony
7033	CVE-2024-7990	0.16%	36.8th	8.4	A stored XSS vulnerability in open-webui version 0.3.8 allows attackers to inject malicious scripts
7034	CVE-2024-52961	0.16%	36.6th	8.8	This CVE describes an OS command injection vulnerability in Fortinet FortiSandbox that allows authen
7035	CVE-2025-30202	0.16%	36.6th	7.5	CVE-2025-30202 exposes vLLM's internal state data and enables denial of service attacks in multi-nod
7036	CVE-2021-47662	0.16%	36.6th	7.5	This vulnerability allows unauthenticated remote attackers to trigger a shutdown button via HTTPS co
7037	CVE-2025-0272	0.16%	36.8th	5.4	HCL DevOps Deploy/Launch is vulnerable to HTML injection, allowing authenticated users to embed arbi
7038	CVE-2025-47453	0.16%	36.7th	8.1	This vulnerability allows attackers to include and execute arbitrary local PHP files on WordPress si
7039	CVE-2025-46444	0.16%	36.7th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
7040	CVE-2025-39494	0.16%	36.7th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
7041	CVE-2025-32309	0.16%	36.7th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
7042	CVE-2025-32294	0.16%	36.7th	8.1	This vulnerability allows attackers to include local files on the server through improper input vali
7043	CVE-2025-32289	0.16%	36.7th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
7044	CVE-2025-31912	0.16%	36.7th	8.1	This vulnerability allows attackers to include arbitrary local files through PHP's include/require s
7045	CVE-2025-31633	0.16%	36.7th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
7046	CVE-2025-31064	0.16%	36.7th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
7047	CVE-2025-31237	0.16%	36.7th	7.5	A vulnerability in macOS AFP (Apple Filing Protocol) allows attackers to cause system termination (k
7048	CVE-2025-6882	0.16%	36.7th	8.8	A critical buffer overflow vulnerability in D-Link DIR-513 router firmware allows remote attackers t
7049	CVE-2025-5520	0.16%	36.7th	5.3	A reachable assertion vulnerability in Open5GS AMF/MME components allows remote attackers to cause d
7050	CVE-2025-43728	0.16%	36.7th	9.6	Dell ThinOS 10 contains a protection mechanism failure vulnerability that allows unauthenticated rem

← Previous Page 141 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free