Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 8101 | CVE-2025-25872 |
|
33.7th | 5.5 | A privilege escalation vulnerability in Open Panel v0.3.4 allows remote attackers to gain elevated p | |
| 8102 | CVE-2025-1551 |
|
33.6th | 6.1 | IBM Operational Decision Manager versions 8.11.0.1 through 9.0.0.1 contain a cross-site scripting vu | |
| 8103 | CVE-2025-1763 |
|
33.6th | 8.7 | This vulnerability in GitLab EE allows attackers to execute malicious scripts in users' browsers by | |
| 8104 | CVE-2025-47945 |
|
33.7th | 9.1 | CVE-2025-47945 is a critical authentication bypass vulnerability in Donetick task management softwar | |
| 8105 | CVE-2025-26864 |
|
33.6th | 7.5 | Apache IoTDB's OpenIdAuthorizer component logs sensitive authentication information, potentially exp | |
| 8106 | CVE-2025-45729 |
|
33.6th | 6.3 | D-Link DIR-823-Pro router firmware version 1.02 has improper permission control that allows unauthor | |
| 8107 | CVE-2025-3526 |
|
33.6th | 7.5 | This vulnerability in Liferay Portal and DXP allows remote attackers to cause denial-of-service by c | |
| 8108 | CVE-2025-22238 |
|
33.7th | 4.2 | This CVE describes a directory traversal vulnerability in SaltStack's master cache creation that all | |
| 8109 | CVE-2025-7901 |
|
33.6th | 4.3 | This vulnerability allows attackers to inject malicious scripts via the configUrl parameter in Swagg | |
| 8110 | CVE-2025-7194 |
|
33.7th | 8.8 | A critical stack-based buffer overflow vulnerability in D-Link DI-500WF routers allows remote attack | |
| 8111 | CVE-2025-49735 |
|
33.7th | 8.1 | CVE-2025-49735 is a use-after-free vulnerability in Windows KDC Proxy Service (KPSSVC) that allows u | |
| 8112 | CVE-2025-20239 |
|
33.6th | 8.6 | An unauthenticated remote attacker can send crafted IKEv2 packets to trigger a memory leak in affect | |
| 8113 | CVE-2025-20222 |
|
33.6th | 8.6 | This vulnerability allows unauthenticated remote attackers to cause a denial of service by sending s | |
| 8114 | CVE-2024-26009 |
|
33.6th | 8.1 | This CVE describes an authentication bypass vulnerability in Fortinet FortiOS, FortiProxy, and Forti | |
| 8115 | CVE-2024-52504 |
|
33.6th | 7.5 | A vulnerability in Siemens SIPROTEC 4 protection devices allows unauthenticated remote attackers to | |
| 8116 | CVE-2025-43953 |
|
33.7th | 8.8 | This vulnerability allows authenticated admin and manager users of 2wcom IP-4c devices to execute ar | |
| 8117 | CVE-2025-66115 |
|
33.6th | 6.6 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 8118 | CVE-2025-42884 |
|
33.6th | 6.5 | SAP NetWeaver Enterprise Portal has a JNDI injection vulnerability that allows unauthenticated attac | |
| 8119 | CVE-2025-13624 |
|
33.6th | 6.1 | This vulnerability allows unauthenticated attackers to inject malicious scripts via the PHP_SELF par | |
| 8120 | CVE-2025-14151 |
|
33.6th | 6.1 | The SlimStat Analytics WordPress plugin has a stored XSS vulnerability that allows unauthenticated a | |
| 8121 | CVE-2025-68390 |
|
33.7th | 4.9 | This vulnerability allows authenticated Elasticsearch users with snapshot restore privileges to caus | |
| 8122 | CVE-2023-53913 |
|
33.7th | 8.8 | CVE-2023-53913 is a CSV injection vulnerability in Rukovoditel 3.3.1 that allows authenticated users | |
| 8123 | CVE-2025-13861 |
|
33.6th | 6.1 | This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress admin | |
| 8124 | CVE-2025-58173 |
|
33.7th | 8.8 | This vulnerability in FreshRSS allows unprivileged users to perform path traversal via the language | |
| 8125 | CVE-2025-23408 |
|
33.7th | 6.5 | Apache Fineract versions through 1.10.1 have weak password requirements that allow attackers to set | |
| 8126 | CVE-2025-14049 |
|
33.6th | 6.1 | This vulnerability allows unauthenticated attackers to execute reflected cross-site scripting (XSS) | |
| 8127 | CVE-2025-14137 |
|
33.6th | 6.1 | The Simple AL Slider WordPress plugin has a reflected cross-site scripting (XSS) vulnerability that | |
| 8128 | CVE-2025-14129 |
|
33.6th | 6.1 | The Like DisLike Voting WordPress plugin contains a reflected cross-site scripting (XSS) vulnerabili | |
| 8129 | CVE-2025-14225 |
|
33.6th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on D-Link DCS-930L IP camer | |
| 8130 | CVE-2025-14554 |
|
33.7th | 7.2 | This stored XSS vulnerability in the Sell BTC WordPress plugin allows unauthenticated attackers to i | |
| 8131 | CVE-2025-14301 |
|
33.6th | 9.8 | This vulnerability in the Integration Opvius AI for WooCommerce WordPress plugin allows unauthentica | |
| 8132 | CVE-2025-13893 |
|
33.6th | 6.1 | The Lesson Plan Book WordPress plugin has a reflected cross-site scripting vulnerability that allows | |
| 8133 | CVE-2025-14131 |
|
33.6th | 6.1 | The WP Widget Changer WordPress plugin contains a reflected cross-site scripting (XSS) vulnerability | |
| 8134 | CVE-2025-47208 |
|
33.7th | 6.5 | This CVE describes a resource exhaustion vulnerability in QNAP operating systems where authenticated | |
| 8135 | CVE-2025-15368 |
|
33.7th | 8.8 | The SportsPress WordPress plugin has a Local File Inclusion vulnerability in all versions up to 2.7. | |
| 8136 | CVE-2025-23798 |
|
33.6th | 7.1 | This reflected cross-site scripting (XSS) vulnerability in the Mass Messaging in BuddyPress WordPres | |
| 8137 | CVE-2023-37035 |
|
33.5th | 6.5 | A null pointer dereference vulnerability in Magma's Mobile Management Entity (MME) allows network-ad | |
| 8138 | CVE-2023-37025 |
|
33.5th | 6.5 | A null pointer dereference vulnerability in Magma's Mobile Management Entity (MME) allows network-ad | |
| 8139 | CVE-2025-0474 |
|
33.5th | 7.7 | Invoice Ninja versions 5.8.56 through 5.11.23 contain an authenticated Server-Side Request Forgery ( | |
| 8140 | CVE-2024-7344 |
|
33.5th | 8.2 | CVE-2024-7344 is a vulnerability in Howyar UEFI Application 'Reloader' that allows execution of unsi | |
| 8141 | CVE-2024-49782 |
|
33.5th | 6.8 | This vulnerability in IBM OpenPages with Watson allows attackers to spoof mail server identity when | |
| 8142 | CVE-2025-22645 |
|
33.6th | 5.3 | This vulnerability allows attackers to bypass CAPTCHA protection and perform unlimited password brut | |
| 8143 | CVE-2025-22602 |
|
33.6th | 6.5 | This vulnerability allows attackers to execute arbitrary JavaScript in users' browsers by posting ma | |
| 8144 | CVE-2024-56328 |
|
33.6th | 6.5 | This CVE allows attackers to execute arbitrary JavaScript in users' browsers by posting malicious on | |
| 8145 | CVE-2025-24972 |
|
33.5th | 4.3 | Discourse users who disabled direct messaging in their preferences could still be added to group dir | |
| 8146 | CVE-2025-0453 |
|
33.5th | 7.5 | This vulnerability in MLflow's GraphQL endpoint allows attackers to cause denial of service by sendi | |
| 8147 | CVE-2025-0190 |
|
33.5th | 7.5 | This CVE describes a denial of service vulnerability in aimhubio/aim version 3.25.0 where an attacke | |
| 8148 | CVE-2025-0189 |
|
33.5th | 7.5 | This vulnerability allows attackers to cause denial of service in aimhubio/aim tracking servers by s | |
| 8149 | CVE-2025-32966 |
|
33.5th | 9.8 | DataEase versions before 2.10.8 contain a vulnerability where authenticated users can achieve remote | |
| 8150 | CVE-2024-58109 |
|
33.5th | 4.6 | A buffer overflow vulnerability exists in the codec module that could allow attackers to crash affec |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free