Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 7551 | CVE-2024-13173 |
|
35.1th | 7.5 | The health module in affected Vivo devices has insufficient URL loading restrictions, allowing attac | |
| 7552 | CVE-2025-22592 |
|
35.1th | 7.5 | This CVE describes a missing authorization vulnerability in the Lenderd 1003 Mortgage Application Wo | |
| 7553 | CVE-2024-13800 |
|
35.1th | 8.1 | The ConvertPlus WordPress plugin has an authorization vulnerability that allows authenticated users | |
| 7554 | CVE-2024-13656 |
|
35.1th | 8.1 | This vulnerability in the Click Mag WordPress theme allows authenticated attackers with subscriber-l | |
| 7555 | CVE-2024-13654 |
|
35.1th | 8.1 | This vulnerability in the ZoxPress WordPress theme allows authenticated users with Subscriber-level | |
| 7556 | CVE-2024-52881 |
|
35.1th | 7.5 | AudioCodes OVOC versions before 8.4.582 use a hard-coded cryptographic key, allowing attackers to de | |
| 7557 | CVE-2024-39033 |
|
35.1th | 7.5 | This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Newgensoft OmniDocs t | |
| 7558 | CVE-2025-23203 |
|
35.1th | 5.5 | This vulnerability in Icinga Director allows authenticated users with API access to bypass object-le | |
| 7559 | CVE-2024-11603 |
|
35.1th | 7.5 | A Server-Side Request Forgery (SSRF) vulnerability in lm-sys/fastchat version 0.2.36 allows attacker | |
| 7560 | CVE-2024-23943 |
|
35th | 9.1 | An unauthenticated remote attacker can exploit this vulnerability to gain unauthorized access to the | |
| 7561 | CVE-2025-0952 |
|
35.1th | 8.1 | This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to mo | |
| 7562 | CVE-2025-22603 |
|
35th | 8.1 | AutoGPT versions prior to beta-v0.4.2 contain a server-side request forgery (SSRF) vulnerability in | |
| 7563 | CVE-2022-43851 |
|
35.1th | 5.9 | IBM Aspera Console versions 3.4.0 through 3.4.4 use weak cryptographic algorithms that could allow a | |
| 7564 | CVE-2025-44897 |
|
35.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected FW-WGS-804HPT devic | |
| 7565 | CVE-2025-44894 |
|
35.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected FW-WGS-804HPT devic | |
| 7566 | CVE-2025-44883 |
|
35.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected FW-WGS-804HPT devic | |
| 7567 | CVE-2025-44890 |
|
35.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected FW-WGS-804HPT devic | |
| 7568 | CVE-2025-44887 |
|
35.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected FW-WGS-804HPT devic | |
| 7569 | CVE-2025-44885 |
|
35.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected FW-WGS-804HPT devic | |
| 7570 | CVE-2025-45513 |
|
35.1th | 9.8 | Tenda FH451 router firmware version V1.0.0.9 contains a stack overflow vulnerability in the P2pListF | |
| 7571 | CVE-2025-26074 |
|
35.1th | 9.8 | CVE-2025-26074 is a critical remote code execution vulnerability in Orkes Conductor that allows atta | |
| 7572 | CVE-2025-43186 |
|
35.1th | 9.8 | This is a critical memory corruption vulnerability in Apple's file parsing components across multipl | |
| 7573 | CVE-2025-7855 |
|
35th | 8.8 | A critical stack-based buffer overflow vulnerability in Tenda FH451 routers allows remote attackers | |
| 7574 | CVE-2025-7531 |
|
35th | 8.8 | A critical stack-based buffer overflow vulnerability in Tenda FH1202 routers allows remote attackers | |
| 7575 | CVE-2025-7529 |
|
35th | 8.8 | A critical stack-based buffer overflow vulnerability in Tenda FH1202 routers allows remote attackers | |
| 7576 | CVE-2025-7527 |
|
35th | 8.8 | A critical stack-based buffer overflow vulnerability in Tenda FH1202 routers allows remote attackers | |
| 7577 | CVE-2025-52364 |
|
35.1th | 7.5 | The Tenda CP3 Pro router firmware has an insecure permissions vulnerability that enables the telnet | |
| 7578 | CVE-2025-48799 |
|
35th | 7.8 | This CVE describes a local privilege escalation vulnerability in Windows Update Service where improp | |
| 7579 | CVE-2025-48293 |
|
35.1th | 9.8 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 7580 | CVE-2025-25174 |
|
35.1th | 10.0 | This CVE describes a PHP Local File Inclusion vulnerability in the BeeTeam368 Extensions WordPress p | |
| 7581 | CVE-2025-53744 |
|
35th | 7.2 | A privilege escalation vulnerability in FortiOS Security Fabric allows remote authenticated attacker | |
| 7582 | CVE-2025-50692 |
|
35.1th | 9.8 | FoxCMS versions up to 1.2.5 contain a code injection vulnerability in the admin template file editor | |
| 7583 | CVE-2025-56571 |
|
35th | 7.5 | Finance.js v4.1.0 contains a Denial of Service vulnerability in its IRR function where improper hand | |
| 7584 | CVE-2025-20160 |
|
35th | 8.1 | This vulnerability in Cisco IOS and IOS XE software allows attackers to intercept unencrypted TACACS | |
| 7585 | CVE-2025-12236 |
|
35.1th | 8.8 | A buffer overflow vulnerability in Tenda CH22 routers allows remote attackers to execute arbitrary c | |
| 7586 | CVE-2025-12233 |
|
35.1th | 8.8 | A buffer overflow vulnerability in Tenda CH22 routers allows remote attackers to execute arbitrary c | |
| 7587 | CVE-2025-11621 |
|
35th | 8.1 | This vulnerability allows authentication bypass in HashiCorp Vault's AWS Auth method when the bound_ | |
| 7588 | CVE-2025-56450 |
|
35th | 6.5 | Log2Space Subscriber Management Software 1.1 contains an unauthenticated SQL injection vulnerability | |
| 7589 | CVE-2025-11814 |
|
35.1th | 6.4 | This stored XSS vulnerability in the Ultimate Addons for WPBakery WordPress plugin allows unauthenti | |
| 7590 | CVE-2023-53873 |
|
35th | N/A | SyncBreeze 15.2.24 contains a denial of service vulnerability where attackers can crash the service | |
| 7591 | CVE-2025-12196 |
|
35th | 7.2 | An authenticated privileged user can exploit an out-of-bounds write vulnerability in WatchGuard Fire | |
| 7592 | CVE-2025-12195 |
|
35th | 7.2 | An authenticated privileged user can execute arbitrary code on WatchGuard Fireware OS devices by sen | |
| 7593 | CVE-2021-47746 |
|
35.1th | 7.5 | NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative | |
| 7594 | CVE-2025-0848 |
|
34.9th | 6.5 | A critical stack-based buffer overflow vulnerability in Tenda A18 routers allows remote attackers to | |
| 7595 | CVE-2024-55074 |
|
35th | 8.8 | This stored XSS vulnerability in Grocy's edit profile function allows attackers to upload malicious | |
| 7596 | CVE-2023-46203 |
|
35th | 4.3 | This CVE describes a Missing Authorization vulnerability in the Just Custom Fields WordPress plugin | |
| 7597 | CVE-2023-45002 |
|
35th | 4.3 | This CVE describes a missing authorization vulnerability in the weDevs WP User Frontend WordPress pl | |
| 7598 | CVE-2025-25379 |
|
34.9th | 9.6 | A Cross-Site Request Forgery (CSRF) vulnerability in 07FLYCMS v1.3.9 allows remote attackers to tric | |
| 7599 | CVE-2025-24964 |
|
35th | 9.6 | This vulnerability allows remote attackers to execute arbitrary code on systems running Vitest with | |
| 7600 | CVE-2024-6854 |
|
34.8th | 7.1 | This vulnerability in h2oai/h2o-3 version 3.46.0 allows attackers to export trained models to arbitr |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free