Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 9101 | CVE-2025-8400 |
|
30.8th | 6.1 | The Image Gallery plugin for WordPress has a reflected cross-site scripting vulnerability that allow | |
| 9102 | CVE-2025-10779 |
|
30.9th | 8.8 | This CVE describes a stack-based buffer overflow vulnerability in D-Link DCS-935L IP cameras through | |
| 9103 | CVE-2025-35432 |
|
30.9th | 5.3 | CVE-2025-35432 is an uncontrolled resource consumption vulnerability in CISA Thorium where unauthent | |
| 9104 | CVE-2025-9539 |
|
30.9th | 8.0 | This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to cr | |
| 9105 | CVE-2025-59462 |
|
30.8th | 6.5 | This vulnerability allows an attacker to crash the UpdateService by tampering with the C++ CLI clien | |
| 9106 | CVE-2025-59258 |
|
30.9th | 6.2 | This vulnerability in Active Directory Federation Services (AD FS) allows unauthorized local attacke | |
| 9107 | CVE-2025-58717 |
|
30.8th | 6.5 | An out-of-bounds read vulnerability in Windows Routing and Remote Access Service (RRAS) allows unaut | |
| 9108 | CVE-2025-55700 |
|
30.8th | 6.5 | An out-of-bounds read vulnerability in Windows Routing and Remote Access Service (RRAS) allows unaut | |
| 9109 | CVE-2025-11550 |
|
30.8th | 6.5 | A null pointer dereference vulnerability in Tenda W12 routers allows remote attackers to cause denia | |
| 9110 | CVE-2025-13507 |
|
30.8th | 6.5 | This vulnerability in MongoDB Server allows oversized BSON documents to bypass initial size validati | |
| 9111 | CVE-2025-65099 |
|
30.9th | 9.8 | CVE-2025-65099 is a critical code execution vulnerability in Claude Code where Yarn plugins could ex | |
| 9112 | CVE-2026-22904 |
|
30.8th | 9.8 | This critical vulnerability allows unauthenticated remote attackers to trigger a stack buffer overfl | |
| 9113 | CVE-2025-69204 |
|
30.8th | 5.3 | ImageMagick versions before 7.1.2-12 contain an integer overflow vulnerability in the WriteSVGImage | |
| 9114 | CVE-2025-66675 |
|
30.9th | 8.2 | This CVE describes a Denial of Service vulnerability in Apache Struts where specially crafted multip | |
| 9115 | CVE-2025-64670 |
|
30.9th | 6.5 | This vulnerability in Microsoft Graphics Component allows an authenticated attacker to access sensit | |
| 9116 | CVE-2025-14220 |
|
30.8th | 4.3 | This vulnerability in ORICO CD3510 version 1.9.12 allows remote attackers to perform path traversal | |
| 9117 | CVE-2026-21917 |
|
30.9th | 7.5 | An unauthenticated attacker can cause a denial-of-service on Juniper SRX Series firewalls by sending | |
| 9118 | CVE-2026-20847 |
|
30.9th | 6.5 | This vulnerability in Windows Shell allows an authorized attacker to access sensitive information an | |
| 9119 | CVE-2024-51954 |
|
30.9th | 8.5 | An improper access control vulnerability in ArcGIS Server versions 11.3 and below allows authenticat | |
| 9120 | CVE-2025-0788 |
|
30.7th | 6.3 | This critical SQL injection vulnerability in ESAFENET CDG V5 allows remote attackers to execute arbi | |
| 9121 | CVE-2025-0786 |
|
30.7th | 6.3 | This critical SQL injection vulnerability in ESAFENET CDG V5 allows remote attackers to execute arbi | |
| 9122 | CVE-2024-56990 |
|
30.7th | 4.5 | PHPGurukul Hospital Management System 4.0 contains stored cross-site scripting vulnerabilities in pa | |
| 9123 | CVE-2024-11146 |
|
30.6th | 6.3 | TrueFiling, a cloud-hosted electronic filing system for legal documentation, had an authorization by | |
| 9124 | CVE-2024-52363 |
|
30.6th | 6.5 | IBM InfoSphere Information Server 11.7 contains a directory traversal vulnerability that allows remo | |
| 9125 | CVE-2024-13272 |
|
30.7th | 6.3 | This vulnerability in Drupal Paragraphs table module allows attackers to spoof content by manipulati | |
| 9126 | CVE-2025-0172 |
|
30.8th | 6.3 | CVE-2025-0172 is a critical SQL injection vulnerability in code-projects Chat System 1.0 that allows | |
| 9127 | CVE-2025-1776 |
|
30.7th | 6.1 | A Cross-Site Scripting (XSS) vulnerability in Soteshop versions before 8.3.4 allows remote attackers | |
| 9128 | CVE-2024-41338 |
|
30.6th | 7.5 | A NULL pointer dereference vulnerability in multiple Draytek router models allows attackers to cause | |
| 9129 | CVE-2025-22280 |
|
30.7th | 7.6 | This CVE describes a Missing Authorization vulnerability in the revmakx DefendWP Firewall WordPress | |
| 9130 | CVE-2023-51325 |
|
30.6th | 5.4 | PHPJabbers Shared Asset Booking System v1.0 contains stored cross-site scripting vulnerabilities in | |
| 9131 | CVE-2025-22702 |
|
30.7th | 6.3 | This CVE describes a missing authorization vulnerability in the EPC Photography WordPress theme that | |
| 9132 | CVE-2025-24811 |
|
30.7th | 7.5 | This vulnerability affects multiple Siemens SIMATIC S7-1200 and SIPLUS S7-1200 CPU models, allowing | |
| 9133 | CVE-2025-22693 |
|
30.6th | 7.6 | This SQL injection vulnerability in the Contest Gallery WordPress plugin allows attackers to execute | |
| 9134 | CVE-2024-43186 |
|
30.8th | 5.3 | IBM InfoSphere Information Server 11.7 contains an information disclosure vulnerability where authen | |
| 9135 | CVE-2025-2531 |
|
30.7th | 7.8 | This vulnerability allows remote attackers to execute arbitrary code on Luxion KeyShot installations | |
| 9136 | CVE-2025-2664 |
|
30.7th | 4.7 | A critical SQL injection vulnerability exists in CodeZips Hospital Management System 1.0 via the /su | |
| 9137 | CVE-2024-53406 |
|
30.8th | 8.8 | CVE-2024-53406 is an authentication bypass vulnerability in Espressif ESP-IDF v5.3.0 where the devic | |
| 9138 | CVE-2024-41724 |
|
30.6th | 8.7 | This vulnerability allows attackers to spoof the SALTO server in Gallagher Command Centre systems du | |
| 9139 | CVE-2025-23440 |
|
30.7th | 6.3 | CVE-2025-23440 is a missing authorization vulnerability in the radSLIDE WordPress plugin that allows | |
| 9140 | CVE-2025-4093 |
|
30.8th | 8.1 | A memory safety vulnerability in Firefox ESR and Thunderbird could allow attackers to execute arbitr | |
| 9141 | CVE-2025-3906 |
|
30.7th | 8.8 | This vulnerability in the Integração entre Eduzz e Woocommerce WordPress plugin allows authenticat | |
| 9142 | CVE-2025-1522 |
|
30.6th | 6.5 | This CVE-2025-1522 vulnerability in PostHog allows authenticated attackers to perform Server-Side Re | |
| 9143 | CVE-2025-20946 |
|
30.8th | 8.8 | This vulnerability allows local attackers to pair with specific Bluetooth devices on Galaxy Watches | |
| 9144 | CVE-2024-58111 |
|
30.6th | 7.5 | This vulnerability in the ArkUI framework's SVG parsing module allows attackers to cause denial of s | |
| 9145 | CVE-2025-36560 |
|
30.8th | 8.6 | This CVE describes a server-side request forgery (SSRF) vulnerability in a-blog CMS that allows remo | |
| 9146 | CVE-2025-4720 |
|
30.7th | 5.4 | A path traversal vulnerability in SourceCodester Student Result Management System 1.0 allows attacke | |
| 9147 | CVE-2024-56523 |
|
30.6th | 9.1 | This vulnerability allows remote attackers to bypass Radware Cloud WAF filters by sending HTTP GET r | |
| 9148 | CVE-2025-45615 |
|
30.7th | 9.8 | This vulnerability allows attackers to bypass access controls in yaoqishan's admin API, enabling una | |
| 9149 | CVE-2025-45611 |
|
30.7th | 9.8 | This vulnerability allows unauthenticated attackers to bypass authentication in hope-boot v1.0.0 by | |
| 9150 | CVE-2025-53281 |
|
30.7th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free