Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
7501	CVE-2025-13199	0.05%	13.6th	5.3	This CVE describes a path traversal vulnerability in Email Logging Interface 2.0 where manipulation
7502	CVE-2025-30086	0.05%	13.6th	4.9	This vulnerability allows Harbor administrators to exploit an ORM leak in the /api/v2.0/users endpoi
7503	CVE-2025-1383	0.05%	13.7th	4.3	The Podlove Podcast Publisher WordPress plugin has a CSRF vulnerability that allows unauthenticated
7504	CVE-2025-49908	0.05%	13.6th	6.5	This stored XSS vulnerability in WPC Countdown Timer for WooCommerce allows attackers to inject mali
7505	CVE-2025-13731	0.05%	13.7th	6.4	This vulnerability allows authenticated WordPress users with Contributor-level access or higher to i
7506	CVE-2025-48087	0.05%	13.6th	6.5	This stored XSS vulnerability in the Memberlite Shortcodes WordPress plugin allows attackers to inje
7507	CVE-2026-1484	0.05%	13.6th	4.2	A buffer overflow vulnerability exists in GLib's Base64 encoding routine when processing extremely l
7508	CVE-2025-6976	0.05%	13.7th	6.4	This vulnerability allows authenticated WordPress users with contributor-level access or higher to i
7509	CVE-2026-1489	0.05%	13.5th	5.4	An integer overflow vulnerability in GLib's Unicode case conversion implementation allows memory cor
7510	CVE-2025-9153	0.05%	13.6th	6.3	This vulnerability allows remote attackers to upload arbitrary files to the Online Tour and Travel M
7511	CVE-2025-23096	0.05%	13.7th	6.5	A double free vulnerability in Samsung Exynos mobile processors allows local attackers to escalate p
7512	CVE-2025-23106	0.05%	13.7th	6.5	A use-after-free vulnerability in Samsung Exynos 2200, 1480, and 2400 mobile processors allows local
7513	CVE-2025-49927	0.05%	13.6th	6.5	This stored XSS vulnerability in the JetWooBuilder WordPress plugin allows attackers to inject malic
7514	CVE-2023-54321	0.05%	13.5th	5.5	A null pointer dereference vulnerability in the Linux kernel's device_add() function can cause kerne
7515	CVE-2025-49928	0.05%	13.6th	6.5	This DOM-based Cross-Site Scripting (XSS) vulnerability in the JetWooBuilder WordPress plugin allows
7516	CVE-2025-62885	0.05%	13.6th	6.5	This DOM-based Cross-Site Scripting (XSS) vulnerability in the WP VR WordPress plugin allows attacke
7517	CVE-2025-49929	0.05%	13.6th	6.5	This stored XSS vulnerability in the Ultimate Blocks WordPress plugin allows attackers to inject mal
7518	CVE-2025-66452	0.05%	13.8th	6.1	LibreChat versions 0.8.0 and below expose user input in JSON parsing error messages, which can be re
7519	CVE-2024-58056	0.05%	13.7th	5.5	This vulnerability in the Linux kernel's remoteproc subsystem causes a kernel warning when ida_free(
7520	CVE-2025-49933	0.05%	13.6th	6.5	This Cross-Site Scripting (XSS) vulnerability in CrocoBlock's JetBlog WordPress plugin allows attack
7521	CVE-2025-49938	0.05%	13.6th	6.5	This stored cross-site scripting (XSS) vulnerability in the CrocoBlock JetEngine WordPress plugin al
7522	CVE-2022-28693	0.05%	13.6th	4.7	This vulnerability in certain Intel processors allows an authorized user with local access to potent
7523	CVE-2025-49939	0.05%	13.6th	6.5	This stored cross-site scripting (XSS) vulnerability in the JetElements For Elementor WordPress plug
7524	CVE-2025-43507	0.05%	13.6th	6.5	This CVE describes a privacy vulnerability in Apple operating systems where applications could finge
7525	CVE-2025-49940	0.05%	13.6th	6.5	This DOM-based XSS vulnerability in the Fusion Builder WordPress plugin allows attackers to inject m
7526	CVE-2025-0640	0.05%	13.5th	4.7	CVE-2025-0640 is an authorization bypass vulnerability in Akinsoft OctoCloud that allows attackers t
7527	CVE-2025-9263	0.05%	13.8th	4.3	This vulnerability in Xuxueli xxl-job allows attackers to manipulate jobGroup parameters to improper
7528	CVE-2025-5519	0.05%	13.5th	6.5	ArgusTech BILGER versions before 2.4.6 contain an information disclosure vulnerability where sensiti
7529	CVE-2025-53622	0.05%	13.6th	5.2	DSpace has a path traversal vulnerability in its Simple Archive Format (SAF) import functionality th
7530	CVE-2024-8542	0.05%	13.7th	4.8	The Everest Forms WordPress plugin before version 3.0.3.1 contains a stored cross-site scripting (XS
7531	CVE-2025-21775	0.05%	13.7th	5.5	A NULL pointer dereference vulnerability in the Linux kernel's ctucanfd CAN bus driver could cause k
7532	CVE-2025-60917	0.05%	13.5th	4.6	A reflected cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute Openatlas
7533	CVE-2025-14687	0.05%	13.7th	4.3	IBM Db2 Intelligence Center versions 1.1.0 through 1.1.2 contain a client-side enforcement vulnerabi
7534	CVE-2025-20149	0.05%	13.7th	6.5	A buffer overflow vulnerability in Cisco IOS and IOS XE CLI allows authenticated local attackers wit
7535	CVE-2025-62921	0.05%	13.6th	6.5	This DOM-based XSS vulnerability in the WordPress Bulk Auto Image Title Attribute plugin allows atta
7536	CVE-2025-0670	0.05%	13.5th	4.7	CVE-2025-0670 is an authorization bypass vulnerability in Akinsoft ProKuafor software that allows at
7537	CVE-2025-55750	0.05%	13.7th	6.5	This vulnerability in Gitpod's Bitbucket OAuth integration allowed attackers to craft malicious link
7538	CVE-2025-52734	0.05%	13.6th	6.5	This Cross-site Scripting (XSS) vulnerability in the ERA404 CropRefine WordPress plugin allows attac
7539	CVE-2025-62647	0.05%	13.8th	5.0	The Restaurant Brands International assistant platform allows attackers to obtain a JWT token that c
7540	CVE-2025-52735	0.05%	13.6th	6.5	This reflected cross-site scripting (XSS) vulnerability in the NextMove Lite WordPress plugin allows
7541	CVE-2025-3020	0.05%	13.5th	5.4	This is a cross-site scripting (XSS) vulnerability in a configuration webpage where low-privileged r
7542	CVE-2025-53926	0.05%	13.5th	6.1	Emlog website building system contains a reflected cross-site scripting (XSS) vulnerability that all
7543	CVE-2025-66837	0.05%	13.8th	6.8	A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to upload malicious PDF files
7544	CVE-2025-54972	0.05%	13.7th	4.3	This CRLF injection vulnerability in Fortinet FortiMail allows attackers to inject HTTP headers into
7545	CVE-2024-58086	0.05%	13.7th	5.5	This vulnerability in the Linux kernel's v3d DRM driver occurs when an active performance monitor is
7546	CVE-2024-56780	0.05%	13.6th	5.5	A race condition in the Linux kernel's quota subsystem can cause a warning message during filesystem
7547	CVE-2025-5264	0.05%	13.5th	4.8	This vulnerability in Firefox and Thunderbird's 'Copy as cURL' feature allows command injection via
7548	CVE-2025-12369	0.05%	13.7th	6.4	The Extensions for Leaflet Map WordPress plugin has a stored XSS vulnerability in the geojsonmarker
7549	CVE-2025-20272	0.05%	13.5th	4.3	An authenticated low-privileged attacker can exploit insufficient input validation in certain REST A
7550	CVE-2025-60247	0.05%	13.5th	6.5	This CVE describes a Missing Authorization vulnerability in the Bux Woocommerce plugin for WordPress

← Previous Page 151 of 332 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free