Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 7051 | CVE-2025-22408 |
|
36.6th | 9.8 | CVE-2025-22408 is a critical use-after-free vulnerability in Android's Bluetooth stack that allows r | |
| 7052 | CVE-2025-27129 |
|
36.7th | 9.8 | An authentication bypass vulnerability in Tenda AC6 routers allows attackers to bypass HTTP authenti | |
| 7053 | CVE-2025-60801 |
|
36.7th | 8.2 | jshERP up to commit fbda24da contains an unauthenticated remote code execution vulnerability in the | |
| 7054 | CVE-2025-61132 |
|
36.6th | 7.1 | A Host Header Injection vulnerability in levlaz braindump v0.4.14 allows attackers to manipulate pas | |
| 7055 | CVE-2025-62417 |
|
36.6th | 7.8 | Bagisto eCommerce platform versions before 2.3.8 accept product data starting with spreadsheet formu | |
| 7056 | CVE-2025-12021 |
|
36.7th | 6.1 | The WP-OAuth WordPress plugin contains a reflected cross-site scripting (XSS) vulnerability in the ' | |
| 7057 | CVE-2025-13383 |
|
36.7th | 6.1 | This stored XSS vulnerability in the Job Board WordPress plugin allows unauthenticated attackers to | |
| 7058 | CVE-2025-12746 |
|
36.7th | 6.1 | The Tainacan WordPress plugin is vulnerable to Reflected Cross-Site Scripting (XSS) via the 'search' | |
| 7059 | CVE-2025-11093 |
|
36.7th | 8.4 | This CVE describes an arbitrary code execution vulnerability in WSO2 integration products where auth | |
| 7060 | CVE-2025-11920 |
|
36.7th | 8.8 | The WPCOM Member WordPress plugin has a Local File Inclusion vulnerability that allows authenticated | |
| 7061 | CVE-2024-45539 |
|
36.7th | 7.5 | An out-of-bounds write vulnerability in CGI components of Synology DiskStation Manager (DSM) and Uni | |
| 7062 | CVE-2025-66032 |
|
36.7th | 9.8 | CVE-2025-66032 is a command injection vulnerability in Claude Code that allows bypassing read-only v | |
| 7063 | CVE-2025-57156 |
|
36.7th | 7.5 | A NULL pointer dereference vulnerability in owntone-server's DACP reply handling allows remote attac | |
| 7064 | CVE-2025-67268 |
|
36.6th | 9.8 | This vulnerability in gpsd allows attackers to trigger heap-based out-of-bounds writes by sending sp | |
| 7065 | CVE-2025-22303 |
|
36.6th | 5.3 | This vulnerability in WP Mailster WordPress plugin allows attackers to retrieve embedded sensitive d | |
| 7066 | CVE-2024-12439 |
|
36.5th | 6.4 | The Marketplace Items WordPress plugin has a stored XSS vulnerability that allows authenticated atta | |
| 7067 | CVE-2024-11887 |
|
36.5th | 6.4 | The Geo Content WordPress plugin has a stored XSS vulnerability in its 'geotargetlygeocontent' short | |
| 7068 | CVE-2024-12445 |
|
36.5th | 6.4 | The RightMessage WordPress plugin has a stored cross-site scripting (XSS) vulnerability that allows | |
| 7069 | CVE-2025-22208 |
|
36.6th | 4.7 | A SQL injection vulnerability in the JS Jobs plugin for Joomla allows authenticated administrator us | |
| 7070 | CVE-2025-1970 |
|
36.6th | 7.6 | This Server-Side Request Forgery vulnerability in the Export and Import Users and Customers WordPres | |
| 7071 | CVE-2024-13771 |
|
36.5th | 9.8 | This vulnerability allows unauthenticated attackers to reset passwords for any user account in the C | |
| 7072 | CVE-2025-23360 |
|
36.6th | 7.1 | CVE-2025-23360 is a relative path traversal vulnerability in NVIDIA Nemo Framework that allows authe | |
| 7073 | CVE-2025-26702 |
|
36.6th | 4.9 | An improper input validation vulnerability in ZTE GoldenDB allows attackers to manipulate input data | |
| 7074 | CVE-2025-24341 |
|
36.5th | 6.5 | A vulnerability in ctrlX OS web application allows authenticated low-privileged attackers to cause d | |
| 7075 | CVE-2025-3487 |
|
36.6th | 6.4 | This vulnerability allows authenticated WordPress users with Contributor-level access or higher to i | |
| 7076 | CVE-2025-39396 |
|
36.5th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7077 | CVE-2025-39364 |
|
36.5th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7078 | CVE-2025-48136 |
|
36.5th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7079 | CVE-2025-39507 |
|
36.5th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7080 | CVE-2025-47653 |
|
36.5th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7081 | CVE-2025-47531 |
|
36.5th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7082 | CVE-2025-47510 |
|
36.5th | 7.5 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 7083 | CVE-2025-47508 |
|
36.5th | 7.5 | This CVE describes a PHP Local File Inclusion vulnerability in the GamiPress WordPress plugin. Attac | |
| 7084 | CVE-2025-47498 |
|
36.5th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7085 | CVE-2025-47496 |
|
36.5th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7086 | CVE-2025-47494 |
|
36.5th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7087 | CVE-2025-47439 |
|
36.5th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7088 | CVE-2023-47031 |
|
36.5th | 9.8 | This vulnerability allows remote attackers to escalate privileges in NCR Terminal Handler v1.5.1 by | |
| 7089 | CVE-2025-29828 |
|
36.5th | 8.1 | This memory leak vulnerability in Windows Cryptographic Services allows remote attackers to execute | |
| 7090 | CVE-2025-50173 |
|
36.6th | 7.8 | CVE-2025-50173 is a Windows Installer vulnerability where weak authentication mechanisms allow authe | |
| 7091 | CVE-2025-10224 |
|
36.6th | 5.4 | This vulnerability in AxxonSoft Axxon One (C-Werk) allows authenticated remote attackers to bypass p | |
| 7092 | CVE-2025-59429 |
|
36.6th | 5.4 | This CVE describes a reflected cross-site scripting (XSS) vulnerability in FreePBX, an open-source G | |
| 7093 | CVE-2025-53412 |
|
36.6th | 6.5 | A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated remote attacker | |
| 7094 | CVE-2025-53408 |
|
36.6th | 6.5 | A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated attackers to ca | |
| 7095 | CVE-2025-47207 |
|
36.6th | 6.5 | A NULL pointer dereference vulnerability in QNAP File Station allows authenticated attackers to caus | |
| 7096 | CVE-2025-20343 |
|
36.6th | 8.6 | An unauthenticated remote attacker can cause Cisco Identity Services Engine (ISE) to restart unexpec | |
| 7097 | CVE-2026-24036 |
|
36.6th | 5.3 | This vulnerability in Horilla HRMS allows unauthenticated attackers to view unpublished job postings | |
| 7098 | CVE-2025-11250 |
|
36.5th | 9.1 | This authentication bypass vulnerability in ManageEngine ADSelfService Plus allows attackers to circ | |
| 7099 | CVE-2025-23012 |
|
36.4th | 7.5 | Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials that | |
| 7100 | CVE-2024-38337 |
|
36.5th | 9.1 | IBM Sterling Secure Proxy versions 6.0.0.0 through 6.2.0.0 contain incorrect permission assignments |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free