Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 7201 | CVE-2025-47489 |
|
14.2th | 6.5 | This stored cross-site scripting (XSS) vulnerability in the Beds24 Online Booking WordPress plugin a | |
| 7202 | CVE-2025-46541 |
|
14.2th | 5.9 | This stored XSS vulnerability in the WP-reCAPTCHA-bp WordPress plugin allows attackers to inject mal | |
| 7203 | CVE-2025-47493 |
|
14.2th | 6.5 | This DOM-based Cross-Site Scripting (XSS) vulnerability in the Ultimate Blocks WordPress plugin allo | |
| 7204 | CVE-2025-12110 |
|
14.4th | 5.4 | This Keycloak vulnerability allows offline sessions to remain valid even after administrators remove | |
| 7205 | CVE-2025-67835 |
|
14.3th | 6.5 | This vulnerability allows authenticated attackers to cause a Denial-of-Service (DoS) condition in Pa | |
| 7206 | CVE-2025-60542 |
|
14.2th | 6.5 | This SQL injection vulnerability in TypeORM allows attackers to execute arbitrary SQL commands by cr | |
| 7207 | CVE-2025-43805 |
|
14.5th | 5.3 | This vulnerability allows remote attackers to view display page templates in Liferay Portal/DXP with | |
| 7208 | CVE-2025-47578 |
|
14.2th | 6.5 | This vulnerability allows attackers to inject malicious scripts into web pages viewed by users of th | |
| 7209 | CVE-2025-47501 |
|
14.2th | 6.5 | A DOM-based cross-site scripting (XSS) vulnerability in the Code Atlantic Content Control WordPress | |
| 7210 | CVE-2024-56776 |
|
14.4th | 5.5 | This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's STI DRM driver. If | |
| 7211 | CVE-2025-47503 |
|
14.2th | 6.5 | This stored cross-site scripting (XSS) vulnerability in the NGG Smart Image Search WordPress plugin | |
| 7212 | CVE-2024-56778 |
|
14.4th | 5.5 | This CVE involves a Linux kernel vulnerability in the STI DRM driver where the drm_atomic_get_crtc_s | |
| 7213 | CVE-2026-0948 |
|
14.2th | 6.5 | This CVE describes an authentication bypass vulnerability in Drupal's Microsoft Entra ID SSO Login m | |
| 7214 | CVE-2025-47505 |
|
14.2th | 6.5 | This stored cross-site scripting (XSS) vulnerability in the Product Time Countdown for WooCommerce W | |
| 7215 | CVE-2025-47507 |
|
14.2th | 6.5 | This DOM-based Cross-Site Scripting (XSS) vulnerability in the Better Search WordPress plugin allows | |
| 7216 | CVE-2026-22851 |
|
14.5th | 5.9 | This CVE describes a heap use-after-free vulnerability in FreeRDP, a free Remote Desktop Protocol im | |
| 7217 | CVE-2025-47515 |
|
14.2th | 6.5 | This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users | |
| 7218 | CVE-2025-69199 |
|
14.3th | 6.5 | This vulnerability allows attackers to perform denial-of-service attacks against Pterodactyl Wings s | |
| 7219 | CVE-2026-1892 |
|
14.6th | 5.0 | This CVE describes an improper authorization vulnerability in WeKan's REST API that allows attackers | |
| 7220 | CVE-2025-36387 |
|
14.2th | 6.5 | This vulnerability in IBM Db2 allows authenticated users to cause denial of service by submitting sp | |
| 7221 | CVE-2025-68148 |
|
14.5th | 4.3 | This vulnerability in FreshRSS allows attackers to globally deny access to RSS feeds by manipulating | |
| 7222 | CVE-2025-25770 |
|
14.2th | 6.8 | Wangmarket v4.10 to v5.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the AgencyUse | |
| 7223 | CVE-2026-0883 |
|
14.3th | 5.3 | This CVE describes an information disclosure vulnerability in the Networking component of Mozilla pr | |
| 7224 | CVE-2025-13231 |
|
14.3th | 6.5 | This vulnerability allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) at | |
| 7225 | CVE-2023-32255 |
|
14.5th | 5.3 | A memory leak vulnerability exists in the Linux kernel's ksmbd component when handling session setup | |
| 7226 | CVE-2025-20246 |
|
14.5th | 6.1 | An unauthenticated remote attacker can exploit this cross-site scripting (XSS) vulnerability in Cisc | |
| 7227 | CVE-2025-0421 |
|
14.3th | 4.7 | This vulnerability allows attackers to overlay malicious iFrames on top of legitimate Shopside appli | |
| 7228 | CVE-2025-20250 |
|
14.5th | 6.1 | An unauthenticated remote attacker can exploit this cross-site scripting (XSS) vulnerability in Cisc | |
| 7229 | CVE-2025-14064 |
|
14.3th | 6.5 | The BuddyTask WordPress plugin has missing capability checks on AJAX endpoints, allowing authenticat | |
| 7230 | CVE-2025-49829 |
|
14.5th | 6.5 | This vulnerability in Conjur secrets management software allows authenticated attackers to inject un | |
| 7231 | CVE-2025-24982 |
|
14.6th | 4.3 | A cross-site request forgery (CSRF) vulnerability in Activity Log WinterLock WordPress plugin versio | |
| 7232 | CVE-2025-47479 |
|
14.2th | 5.3 | A weak authentication vulnerability in AresIT WP Compress WordPress plugin allows attackers to bypas | |
| 7233 | CVE-2025-12773 |
|
14.4th | 6.5 | A vulnerability in Brocade SANnav's update-reports-purge-settings.sh script logs the database passwo | |
| 7234 | CVE-2026-20974 |
|
14.3th | 4.6 | This vulnerability allows physical attackers to bypass carrier lock restrictions on Samsung mobile d | |
| 7235 | CVE-2025-1118 |
|
14.4th | 4.4 | A vulnerability in grub2 allows attackers to bypass lockdown mode and read arbitrary memory contents | |
| 7236 | CVE-2025-36225 |
|
14.4th | 4.3 | IBM Aspera versions 5.0.0 through 5.0.13.1 contain an information disclosure vulnerability where aut | |
| 7237 | CVE-2024-51775 |
|
14.3th | 5.3 | This CVE describes a missing origin validation vulnerability in Apache Zeppelin's WebSocket implemen | |
| 7238 | CVE-2025-5649 |
|
14.3th | 5.3 | This critical vulnerability in SourceCodester Student Result Management System 1.0 allows unauthoriz | |
| 7239 | CVE-2025-65540 |
|
14.4th | 6.1 | Multiple Cross-Site Scripting (XSS) vulnerabilities in xmall v1.1 allow attackers to inject maliciou | |
| 7240 | CVE-2026-1896 |
|
14.6th | 6.3 | This vulnerability in WeKan allows attackers to bypass access controls during board migration operat | |
| 7241 | CVE-2025-10569 |
|
14.3th | 6.5 | This vulnerability allows authenticated users to cause denial of service by sending specially crafte | |
| 7242 | CVE-2026-1898 |
|
14.6th | 6.3 | This vulnerability in WeKan's LDAP user synchronization component allows improper access controls, p | |
| 7243 | CVE-2025-25248 |
|
14.2th | 5.3 | An integer overflow vulnerability in Fortinet SSL-VPN RDP/VNC bookmarks allows authenticated users t | |
| 7244 | CVE-2024-36476 |
|
14.4th | 5.5 | This CVE-2024-36476 is a NULL pointer dereference vulnerability in the Linux kernel's RDMA/rtrs subs | |
| 7245 | CVE-2025-49641 |
|
14.2th | 4.3 | This CVE describes an authorization bypass vulnerability in Zabbix where regular users without prope | |
| 7246 | CVE-2025-14262 |
|
14.4th | 4.3 | This vulnerability in KNIME Business Hub allows authenticated users to save other users' jobs with t | |
| 7247 | CVE-2025-39204 |
|
14.3th | 6.5 | This vulnerability in MicroSCADA X SYS600's web interface allows attackers to craft malicious filter | |
| 7248 | CVE-2025-15043 |
|
14.5th | 5.4 | The Events Calendar WordPress plugin has an authorization bypass vulnerability that allows authentic | |
| 7249 | CVE-2025-15156 |
|
14.5th | 4.3 | A null pointer dereference vulnerability exists in omec-project UPF's PFCP Session Establishment Req | |
| 7250 | CVE-2025-12377 |
|
14.4th | 4.3 | The Envira Photo Gallery WordPress plugin has an authorization vulnerability that allows authenticat |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free