Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 7951 | CVE-2025-15199 |
|
12.9th | 6.3 | This vulnerability allows remote attackers to upload arbitrary files via the image parameter in the | |
| 7952 | CVE-2025-15152 |
|
13.1th | 6.3 | This vulnerability allows remote attackers to upload arbitrary files to the moga-mall application by | |
| 7953 | CVE-2025-66845 |
|
12.8th | 6.1 | A reflected Cross-Site Scripting vulnerability in TechStore version 1.0 allows attackers to inject m | |
| 7954 | CVE-2025-14267 |
|
12.8th | 4.9 | This vulnerability in M-Files Server allows sensitive information to be exposed due to incomplete da | |
| 7955 | CVE-2022-50681 |
|
12.8th | 6.1 | CVE-2022-50681 is a reflected cross-site scripting vulnerability in Kentico Xperience's Rich Text Ed | |
| 7956 | CVE-2025-54745 |
|
13th | 6.5 | This CVE describes a Missing Authorization vulnerability in the miniOrange Google Authenticator Word | |
| 7957 | CVE-2025-67789 |
|
12.8th | 5.3 | This vulnerability allows authenticated users of DriveLock to retrieve the computer count of other t | |
| 7958 | CVE-2025-14696 |
|
13th | 5.3 | This vulnerability allows remote attackers to perform unauthorized password modifications in Shenzhe | |
| 7959 | CVE-2025-14372 |
|
13th | 6.1 | A use-after-free vulnerability in Google Chrome's Password Manager allows remote attackers to potent | |
| 7960 | CVE-2025-13971 |
|
12.9th | 4.4 | The TWW Protein Calculator WordPress plugin has a stored XSS vulnerability in its 'Header' setting t | |
| 7961 | CVE-2024-58297 |
|
12.8th | 5.4 | PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configura | |
| 7962 | CVE-2025-4097 |
|
13.1th | 6.5 | This vulnerability in GitLab allows authenticated users to upload specially crafted images that caus | |
| 7963 | CVE-2025-14157 |
|
13.1th | 6.5 | This vulnerability allows authenticated GitLab users to cause Denial of Service by sending specially | |
| 7964 | CVE-2025-67720 |
|
12.8th | 6.5 | Pyrofork versions 2.3.68 and earlier are vulnerable to path traversal attacks when downloading media | |
| 7965 | CVE-2025-67713 |
|
12.8th | 6.1 | Miniflux 2 versions 2.2.14 and below contain an open redirect vulnerability that allows attackers to | |
| 7966 | CVE-2025-65829 |
|
13.1th | 6.8 | This CVE describes a missing Secure Boot implementation on ESP32 SoC devices, specifically affecting | |
| 7967 | CVE-2025-9056 |
|
12.8th | 5.3 | CVE-2025-9056 is an unprotected service vulnerability in the AudioLink component that allows local a | |
| 7968 | CVE-2025-40940 |
|
12.8th | 4.9 | A vulnerability in SIMATIC CN 4100 industrial communication devices allows attackers to exploit inco | |
| 7969 | CVE-2025-40807 |
|
13.1th | 6.3 | Gridscale X Prepay versions before V4.2.1 are vulnerable to authentication token capture-replay atta | |
| 7970 | CVE-2025-64650 |
|
13.1th | 6.5 | IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.18 write sensitive user credent | |
| 7971 | CVE-2025-36017 |
|
13.1th | 6.5 | IBM Controller and Cognos Controller versions store sensitive information unencrypted in environment | |
| 7972 | CVE-2025-13678 |
|
12.8th | 6.4 | The Thai Lottery Widget WordPress plugin has a stored cross-site scripting vulnerability in all vers | |
| 7973 | CVE-2025-12804 |
|
13th | 6.4 | The Booking Calendar WordPress plugin has a stored XSS vulnerability that allows authenticated attac | |
| 7974 | CVE-2025-20383 |
|
12.9th | 4.3 | This vulnerability allows low-privileged Splunk users who subscribe to mobile push notifications to | |
| 7975 | CVE-2025-13401 |
|
13th | 6.4 | The Autoptimize WordPress plugin has a stored XSS vulnerability that allows authenticated attackers | |
| 7976 | CVE-2025-66459 |
|
13th | 6.1 | Lookyloo versions before 1.35.3 contain a cross-site scripting (XSS) vulnerability where malicious H | |
| 7977 | CVE-2025-13807 |
|
12.8th | 4.3 | This CVE describes an improper authorization vulnerability in orionsec orion-ops API that allows una | |
| 7978 | CVE-2026-1596 |
|
13.1th | 6.3 | This CVE describes a remote command injection vulnerability in D-Link DWR-M961 routers. Attackers ca | |
| 7979 | CVE-2025-71001 |
|
13th | 6.5 | A segmentation violation vulnerability in OneFlow's flow.column_stack component allows attackers to | |
| 7980 | CVE-2025-68659 |
|
12.9th | 4.3 | Discourse versions before 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application-level denial | |
| 7981 | CVE-2026-1514 |
|
12.9th | 6.5 | CVE-2026-1514 is an incorrect authorization vulnerability in 2100 Technology's Official Document Man | |
| 7982 | CVE-2025-41728 |
|
12.9th | 5.3 | A low-privileged remote attacker can exploit an out-of-bounds read vulnerability in the Device Manag | |
| 7983 | CVE-2025-52023 |
|
13.1th | 5.3 | This vulnerability in gemscms.aptsys.com.sg's PHP backend allows unauthenticated remote attackers to | |
| 7984 | CVE-2026-25729 |
|
13th | 6.5 | DeepAudit versions 3.0.4 and earlier contain an improper access control vulnerability in the /api/v1 | |
| 7985 | CVE-2026-24868 |
|
12.8th | 6.5 | This CVE describes a mitigation bypass vulnerability in Firefox's Privacy: Anti-Tracking component t | |
| 7986 | CVE-2025-14507 |
|
13.1th | 5.3 | The EventPrime WordPress plugin exposes sensitive booking data through its REST API to unauthenticat | |
| 7987 | CVE-2025-67278 |
|
13th | 6.5 | A privilege escalation vulnerability in TIM Solution GmbH's TIM BPM Suite and TIM FLOW allows remote | |
| 7988 | CVE-2025-13679 |
|
13th | 6.5 | This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to en | |
| 7989 | CVE-2025-14028 |
|
12.9th | 4.4 | This vulnerability allows authenticated WordPress administrators to inject malicious scripts into th | |
| 7990 | CVE-2025-67732 |
|
13th | 6.5 | Dify versions before 1.11.0 expose API keys in plaintext to frontend users, allowing non-administrat | |
| 7991 | CVE-2025-15448 |
|
13.1th | 6.3 | This vulnerability allows remote attackers to upload arbitrary files to JavaMall applications due to | |
| 7992 | CVE-2025-14830 |
|
12.8th | 4.9 | This CVE describes a cross-site scripting (XSS) vulnerability in JFrog Artifactory Workers that allo | |
| 7993 | CVE-2025-52344 |
|
12.9th | 6.1 | Multiple Cross-Site Scripting (XSS) vulnerabilities in Explorance Blue 8.1.2 allow attackers to inje | |
| 7994 | CVE-2026-22247 |
|
13.1th | 4.1 | GLPI administrators can exploit a Server-Side Request Forgery (SSRF) vulnerability through the Webho | |
| 7995 | CVE-2026-1742 |
|
13.1th | 4.7 | This vulnerability allows remote attackers to upload arbitrary files to the EFM ipTIME A8004T router | |
| 7996 | CVE-2024-13521 |
|
12.5th | 6.1 | This CSRF vulnerability in the MailUp Auto Subscription WordPress plugin allows unauthenticated atta | |
| 7997 | CVE-2025-23039 |
|
12.5th | 5.2 | A Cross-Site Scripting (XSS) vulnerability in Caido v0.45.0 allows attackers to execute arbitrary Ja | |
| 7998 | CVE-2024-57839 |
|
12.7th | 5.5 | A Linux kernel readahead vulnerability causes occasional system hangs when used with NFS (Network Fi | |
| 7999 | CVE-2024-31913 |
|
12.6th | 5.5 | IBM Sterling B2B Integrator is vulnerable to stored cross-site scripting (XSS) that allows authentic | |
| 8000 | CVE-2022-49406 |
|
12.7th | 5.5 | A race condition vulnerability in the Linux kernel's block layer could cause a deadlock when reading |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free