Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 7301 | CVE-2025-66379 |
|
35.8th | 7.5 | CVE-2025-66379 is an improper input validation vulnerability in Pexip Infinity's media implementatio | |
| 7302 | CVE-2025-49088 |
|
35.8th | 5.9 | This vulnerability in Pexip Infinity's OTJ service allows remote attackers to cause denial of servic | |
| 7303 | CVE-2023-53942 |
|
35.7th | 8.8 | File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers | |
| 7304 | CVE-2026-24531 |
|
35.8th | 9.8 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7305 | CVE-2026-1364 |
|
35.8th | 9.8 | CVE-2026-1364 is a critical missing authentication vulnerability in IAQS and I6 systems developed by | |
| 7306 | CVE-2026-23975 |
|
35.8th | 9.8 | This CVE describes a PHP Local File Inclusion vulnerability in the Golo WordPress theme that allows | |
| 7307 | CVE-2025-69314 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7308 | CVE-2025-69100 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 7309 | CVE-2025-69078 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through PHP's include/requi | |
| 7310 | CVE-2025-69077 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper input vali | |
| 7311 | CVE-2025-69076 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7312 | CVE-2025-69075 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 7313 | CVE-2025-69074 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7314 | CVE-2025-69073 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7315 | CVE-2025-69072 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7316 | CVE-2025-69071 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7317 | CVE-2025-69070 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 7318 | CVE-2025-69068 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 7319 | CVE-2025-69067 |
|
35.8th | 8.1 | This CVE describes a PHP Local File Inclusion vulnerability in the AncoraThemes Tails WordPress them | |
| 7320 | CVE-2025-69066 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through PHP's include/requi | |
| 7321 | CVE-2025-69065 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7322 | CVE-2025-69064 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through PHP's include/requi | |
| 7323 | CVE-2025-69062 |
|
35.8th | 8.1 | This CVE describes a PHP Local File Inclusion vulnerability in the Weedles WordPress theme. Attacker | |
| 7324 | CVE-2025-69061 |
|
35.8th | 8.1 | This CVE describes a PHP Local File Inclusion vulnerability in the MoveMe WordPress theme. Attackers | |
| 7325 | CVE-2025-69060 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7326 | CVE-2025-69059 |
|
35.8th | 8.1 | This CVE describes a PHP Local File Inclusion vulnerability in the DiveIt WordPress theme that allow | |
| 7327 | CVE-2025-69058 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 7328 | CVE-2025-69057 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7329 | CVE-2025-69050 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7330 | CVE-2025-69049 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 7331 | CVE-2025-69047 |
|
35.8th | 8.1 | This CVE describes a PHP Local File Inclusion vulnerability in the MaxShop WordPress theme. Attacker | |
| 7332 | CVE-2025-69044 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 7333 | CVE-2025-69041 |
|
35.8th | 8.1 | This CVE describes a PHP Local File Inclusion vulnerability in the Dekoro WordPress theme. Attackers | |
| 7334 | CVE-2025-69038 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7335 | CVE-2025-69037 |
|
35.8th | 8.1 | This CVE describes a PHP Local File Inclusion vulnerability in the Pippo WordPress theme. Attackers | |
| 7336 | CVE-2025-69005 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7337 | CVE-2025-69004 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper input vali | |
| 7338 | CVE-2025-68908 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7339 | CVE-2025-68510 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7340 | CVE-2025-67957 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7341 | CVE-2025-67946 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7342 | CVE-2025-67941 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through PHP's include/requi | |
| 7343 | CVE-2025-67940 |
|
35.8th | 8.1 | This CVE describes a PHP Local File Inclusion vulnerability in the Powerlift WordPress theme by Mika | |
| 7344 | CVE-2025-67938 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7345 | CVE-2025-67616 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through PHP's include/requi | |
| 7346 | CVE-2025-67615 |
|
35.8th | 8.1 | This vulnerability allows attackers to include local files on the server through improper input vali | |
| 7347 | CVE-2025-54003 |
|
35.8th | 9.8 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 7348 | CVE-2025-50003 |
|
35.8th | 9.8 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 7349 | CVE-2025-49994 |
|
35.8th | 9.8 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7350 | CVE-2025-47474 |
|
35.8th | 9.8 | This vulnerability allows attackers to include local PHP files through improper filename control in |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free