Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 7851 | CVE-2025-26336 |
|
34.4th | 8.3 | A stack-based buffer overflow vulnerability in Dell Chassis Management Controller firmware allows un | |
| 7852 | CVE-2024-13913 |
|
34.4th | 8.8 | This CSRF vulnerability in the InstaWP Connect WordPress plugin allows unauthenticated attackers to | |
| 7853 | CVE-2024-55466 |
|
34.5th | 6.5 | This CVE describes an arbitrary file upload vulnerability in ThingsBoard's Image Gallery component t | |
| 7854 | CVE-2025-46762 |
|
34.5th | 8.1 | This vulnerability in Apache Parquet's parquet-avro module allows attackers to execute arbitrary cod | |
| 7855 | CVE-2025-6529 |
|
34.4th | 8.8 | The 70mai M300 dash cam has a critical vulnerability where its Telnet service uses default credentia | |
| 7856 | CVE-2025-5897 |
|
34.5th | 4.3 | This vulnerability in vue-cli's PWA plugin involves inefficient regular expression complexity in the | |
| 7857 | CVE-2025-35008 |
|
34.4th | 7.1 | This vulnerability allows authenticated attackers to execute arbitrary commands on Microhard BulletL | |
| 7858 | CVE-2025-35006 |
|
34.4th | 7.1 | This vulnerability allows authenticated attackers to execute arbitrary commands on Microhard BulletL | |
| 7859 | CVE-2025-35004 |
|
34.4th | 7.1 | This vulnerability allows authenticated attackers to execute arbitrary commands on Microhard BulletL | |
| 7860 | CVE-2025-49813 |
|
34.4th | 7.2 | This CVE describes an OS command injection vulnerability in Fortinet FortiADC that allows authentica | |
| 7861 | CVE-2025-52239 |
|
34.4th | 9.8 | CVE-2025-52239 is an arbitrary file upload vulnerability in ZKEACMS v4.1 that allows attackers to up | |
| 7862 | CVE-2025-58370 |
|
34.4th | 8.1 | CVE-2025-58370 is a command injection vulnerability in Roo Code's Bash parameter expansion handling | |
| 7863 | CVE-2025-55067 |
|
34.5th | 7.1 | The TLS4B ATG system suffers from a Year 2038 problem where Unix time values exceeding the 2038 epoc | |
| 7864 | CVE-2025-33096 |
|
34.4th | 6.5 | This vulnerability in IBM Engineering Requirements Management Doors Next allows authenticated users | |
| 7865 | CVE-2025-11573 |
|
34.5th | 7.5 | This CVE describes an infinite loop vulnerability in Amazon.IonDotnet library versions before v1.3.2 | |
| 7866 | CVE-2025-11355 |
|
34.4th | 8.8 | A buffer overflow vulnerability in UTT 1250GW routers allows remote attackers to execute arbitrary c | |
| 7867 | CVE-2025-59516 |
|
34.4th | 7.8 | This vulnerability allows an authenticated attacker to exploit a missing authentication check in the | |
| 7868 | CVE-2025-0683 |
|
34.2th | 5.9 | The Contec Health CMS8000 Patient Monitor transmits unencrypted patient data to a hard-coded public | |
| 7869 | CVE-2025-0367 |
|
34.3th | 6.5 | A vulnerable regular expression pattern in Splunk's SA-ldapsearch add-on versions 3.1.0 and lower co | |
| 7870 | CVE-2023-36998 |
|
34.2th | 8.9 | CVE-2023-36998 is a stack-based buffer overflow vulnerability in NextEPC MME's Emergency Number List | |
| 7871 | CVE-2024-11863 |
|
34.2th | 5.3 | CVE-2024-11863 is a denial-of-service vulnerability in ARM SCP-Firmware where specially crafted SCMI | |
| 7872 | CVE-2024-49589 |
|
34.3th | 6.5 | Foundry Artifacts is vulnerable to a Denial of Service attack where an attacker can fill up disk spa | |
| 7873 | CVE-2025-2691 |
|
34.3th | 8.2 | This SSRF vulnerability in nossrf versions before 1.0.4 allows attackers to bypass protection mechan | |
| 7874 | CVE-2025-2622 |
|
34.3th | 6.3 | A critical deserialization vulnerability in aizuda snail-job 1.4.0 allows remote attackers to execut | |
| 7875 | CVE-2025-1802 |
|
34.2th | 6.4 | This stored XSS vulnerability in the HT Mega WordPress plugin allows authenticated attackers with Co | |
| 7876 | CVE-2025-2289 |
|
34.2th | 4.3 | The Zegen Church WordPress theme has missing capability checks on AJAX endpoints, allowing authentic | |
| 7877 | CVE-2025-1566 |
|
34.2th | 7.5 | A DNS leak vulnerability in ChromeOS's native VPN implementation allows network observers to interce | |
| 7878 | CVE-2024-42193 |
|
34.4th | 8.1 | HCL BigFix Web Reports has improper SSL certificate validation, allowing man-in-the-middle attacks. | |
| 7879 | CVE-2024-42200 |
|
34.2th | 5.4 | HCL BigFix Web Reports has a stored cross-site scripting vulnerability that allows attackers to inje | |
| 7880 | CVE-2025-32427 |
|
34.2th | 5.4 | This CVE describes a cross-site scripting (XSS) vulnerability in the Formie plugin for Craft CMS. Wh | |
| 7881 | CVE-2025-29915 |
|
34.3th | 7.5 | Suricata's default AF_PACKET defrag configuration causes packet truncation when reassembling fragmen | |
| 7882 | CVE-2025-3337 |
|
34.2th | 7.3 | CVE-2025-3337 is a critical SQL injection vulnerability in codeprojects Online Restaurant Management | |
| 7883 | CVE-2025-3335 |
|
34.2th | 7.3 | CVE-2025-3335 is a critical SQL injection vulnerability in codeprojects Online Restaurant Management | |
| 7884 | CVE-2025-3087 |
|
34.3th | 5.4 | CVE-2025-3087 is a stored cross-site scripting (XSS) vulnerability in M-Files Web versions 25.1.1444 | |
| 7885 | CVE-2024-12718 |
|
34.3th | 5.3 | This CVE describes a path traversal vulnerability in Python's tarfile module when using extraction f | |
| 7886 | CVE-2025-43220 |
|
34.4th | 9.8 | This vulnerability allows malicious applications to bypass symlink validation and access protected u | |
| 7887 | CVE-2025-28244 |
|
34.3th | 8.8 | This vulnerability allows remote attackers to steal valid user session tokens from localStorage in A | |
| 7888 | CVE-2025-11148 |
|
34.3th | 9.8 | CVE-2025-11148 is a critical command injection vulnerability in the check-branches npm package that | |
| 7889 | CVE-2025-10815 |
|
34.2th | 8.8 | A buffer overflow vulnerability in Tenda AC20 routers allows remote attackers to execute arbitrary c | |
| 7890 | CVE-2025-11564 |
|
34.2th | 5.3 | This vulnerability in Tutor LMS WordPress plugin allows unauthenticated attackers to bypass payment | |
| 7891 | CVE-2025-11442 |
|
34.3th | 4.3 | This CVE describes a cross-site request forgery (CSRF) vulnerability in JhumanJ OpnForm API endpoint | |
| 7892 | CVE-2025-12428 |
|
34.3th | 8.8 | A type confusion vulnerability in Chrome's V8 JavaScript engine allows attackers to perform arbitrar | |
| 7893 | CVE-2025-34458 |
|
34.3th | N/A | CVE-2025-34458 is a reachable assertion vulnerability in Dire Wolf's APRS MIC-E decoder that causes | |
| 7894 | CVE-2025-9343 |
|
34.3th | 7.2 | The ELEX WordPress HelpDesk & Customer Ticketing System plugin has a stored XSS vulnerability that a | |
| 7895 | CVE-2025-34288 |
|
34.3th | 6.7 | This CVE describes a local privilege escalation vulnerability in Nagios XI where a maintenance scrip | |
| 7896 | CVE-2025-12570 |
|
34.3th | 7.2 | The Fancy Product Designer WordPress plugin allows unauthenticated attackers to upload malicious SVG | |
| 7897 | CVE-2025-34395 |
|
34.2th | 7.5 | This vulnerability in Barracuda Service Center allows unauthenticated attackers to read arbitrary fi | |
| 7898 | CVE-2025-13604 |
|
34.3th | 7.2 | This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages | |
| 7899 | CVE-2026-1328 |
|
34.2th | 8.8 | A buffer overflow vulnerability in Totolink NR1800X routers allows remote attackers to execute arbit | |
| 7900 | CVE-2026-1158 |
|
34.2th | 8.8 | A remote buffer overflow vulnerability in Totolink LR350 routers allows attackers to execute arbitra |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free