Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 9101 | CVE-2025-2918 |
|
11.1th | 6.4 | This stored XSS vulnerability in the Ultimate Blocks WordPress plugin allows authenticated attackers | |
| 9102 | CVE-2022-49173 |
|
11.3th | 5.5 | A vulnerability in the Linux kernel's FSI SPI driver could cause denial of service through infinite | |
| 9103 | CVE-2025-66689 |
|
11th | 6.5 | A path traversal vulnerability in Zen MCP Server allows authenticated attackers to read arbitrary fi | |
| 9104 | CVE-2025-63291 |
|
11.3th | 5.4 | This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Alteryx Server where | |
| 9105 | CVE-2025-54425 |
|
11.3th | 5.3 | This vulnerability allows unauthorized users to access cached content from Umbraco's Content Deliver | |
| 9106 | CVE-2026-21885 |
|
11.2th | 6.5 | Miniflux 2's media proxy endpoint can be abused by authenticated users to perform Server-Side Reques | |
| 9107 | CVE-2025-30077 |
|
11.1th | 6.2 | This vulnerability in ONOS onos-lib-go allows an attacker to trigger an index out-of-range panic in | |
| 9108 | CVE-2024-55456 |
|
11.1th | 6.5 | CVE-2024-55456 is a segmentation violation vulnerability in lunasvg's gray_find_cell component that | |
| 9109 | CVE-2023-53925 |
|
11.2th | 6.1 | UliCMS 2023.1 contains a stored cross-site scripting vulnerability where attackers can upload malici | |
| 9110 | CVE-2025-58634 |
|
11.1th | 5.3 | This CVE describes a missing authorization vulnerability in the PeachPay Payments WordPress plugin t | |
| 9111 | CVE-2025-32094 |
|
11.1th | 4.0 | This HTTP request smuggling vulnerability in Akamai Ghost allows attackers to inject a second reques | |
| 9112 | CVE-2025-58635 |
|
11.1th | 5.3 | This CVE describes a missing authorization vulnerability in the Support Genix WordPress plugin that | |
| 9113 | CVE-2025-62394 |
|
11.2th | 4.3 | Moodle fails to properly verify user enrolment status when sending quiz notifications, allowing susp | |
| 9114 | CVE-2024-58065 |
|
11th | 5.5 | This CVE-2024-58065 is a NULL pointer dereference vulnerability in the Linux kernel's clock controll | |
| 9115 | CVE-2022-49699 |
|
11th | 5.5 | A race condition vulnerability in the Linux kernel's filemap subsystem can cause a NULL pointer dere | |
| 9116 | CVE-2025-14367 |
|
11.1th | 5.3 | The Easy Theme Options WordPress plugin has a missing authorization vulnerability that allows authen | |
| 9117 | CVE-2025-66402 |
|
11.2th | 6.5 | This vulnerability in Misskey allows unauthorized users to export and view posts from favorites or c | |
| 9118 | CVE-2025-64997 |
|
11.2th | 6.5 | This vulnerability allows low-privileged users in Checkmk monitoring systems to access agent informa | |
| 9119 | CVE-2024-58067 |
|
11th | 5.5 | This CVE involves a NULL pointer dereference vulnerability in the Linux kernel's clock controller dr | |
| 9120 | CVE-2025-21769 |
|
11th | 5.5 | This CVE describes a missing .owner field in the vmclock_miscdev_fops structure in the Linux kernel' | |
| 9121 | CVE-2026-25757 |
|
11.2th | 5.3 | Unauthenticated users can view completed guest orders by Order ID in Spree e-commerce platform, pote | |
| 9122 | CVE-2024-8398 |
|
11.2th | 4.3 | The Simple Nav Archives WordPress plugin through version 2.1.3 lacks CSRF protection when updating s | |
| 9123 | CVE-2025-53047 |
|
11.1th | 5.8 | This vulnerability allows unauthenticated attackers with network access via Bonjour to read sensitiv | |
| 9124 | CVE-2025-55626 |
|
11.2th | 5.3 | An Insecure Direct Object Reference (IDOR) vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Do | |
| 9125 | CVE-2024-58073 |
|
11th | 5.5 | This CVE addresses a NULL pointer dereference vulnerability in the Linux kernel's Direct Rendering M | |
| 9126 | CVE-2025-14447 |
|
11.1th | 5.3 | The AnnunciFunebri Impresa WordPress plugin has an authorization vulnerability that allows authentic | |
| 9127 | CVE-2025-55627 |
|
11.2th | 5.3 | This vulnerability allows authenticated attackers to create accounts with elevated privileges on Reo | |
| 9128 | CVE-2025-64150 |
|
11.2th | 5.4 | This vulnerability in Jenkins Publish to Bitbucket Plugin allows attackers with Overall/Read permiss | |
| 9129 | CVE-2025-14721 |
|
11.2th | 5.5 | This vulnerability allows authenticated WordPress users with contributor-level access or higher to i | |
| 9130 | CVE-2025-65300 |
|
11.3th | 5.4 | A stored Cross-Site Scripting (XSS) vulnerability in the Coohom SaaS Platform allows attackers to in | |
| 9131 | CVE-2026-20644 |
|
11th | 6.5 | This memory handling vulnerability in Apple's WebKit browser engine allows processing malicious web | |
| 9132 | CVE-2022-49203 |
|
11th | 5.5 | This CVE describes a double-free vulnerability in the AMD display driver component of the Linux kern | |
| 9133 | CVE-2025-62783 |
|
11th | 5.0 | InventoryGui library versions 1.6.1-SNAPSHOT and earlier contain a vulnerability that allows item du | |
| 9134 | CVE-2025-63361 |
|
11.3th | 5.7 | This vulnerability exposes the administrator password in plaintext on the web interface of Waveshare | |
| 9135 | CVE-2025-53211 |
|
11.2th | 5.3 | This vulnerability in Roland Beaussant Audio Editor & Recorder allows unauthorized users to retrieve | |
| 9136 | CVE-2025-14298 |
|
11.2th | 5.4 | This stored XSS vulnerability in the FiboSearch WordPress plugin allows authenticated attackers with | |
| 9137 | CVE-2022-49717 |
|
11th | 5.5 | This CVE describes a memory leak vulnerability in the Linux kernel's Apple AIC (Apple Interrupt Cont | |
| 9138 | CVE-2025-36230 |
|
11.1th | 5.4 | IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 contain an HTML injection vulnerability that all | |
| 9139 | CVE-2025-13440 |
|
11.1th | 5.3 | This vulnerability in the Premmerce Wishlist for WooCommerce WordPress plugin allows authenticated u | |
| 9140 | CVE-2026-0944 |
|
11.2th | 5.3 | This vulnerability in Drupal Group invite allows attackers to bypass access controls through forcefu | |
| 9141 | CVE-2025-67874 |
|
11.2th | 6.5 | ChurchCRM versions before 6.5.0 echo plaintext passwords back in HTTP responses, allowing attackers | |
| 9142 | CVE-2025-12729 |
|
11.2th | 4.2 | This vulnerability allows attackers to spoof UI elements in Chrome's address bar (Omnibox) on Androi | |
| 9143 | CVE-2025-54730 |
|
11.1th | 5.3 | This CVE describes a missing authorization vulnerability in the PARETO Digital Embedder for Google R | |
| 9144 | CVE-2025-10019 |
|
11.2th | 6.5 | This CVE describes an authorization bypass vulnerability in the Contact Form Email WordPress plugin | |
| 9145 | CVE-2025-54739 |
|
11.2th | 5.3 | This CVE describes a missing authorization vulnerability in POSIMYTH Nexter Blocks WordPress plugin | |
| 9146 | CVE-2025-20285 |
|
11.1th | 4.1 | This vulnerability allows authenticated remote attackers with administrative credentials to bypass I | |
| 9147 | CVE-2022-49484 |
|
11th | 5.5 | A NULL pointer dereference vulnerability in the Linux kernel's MediaTek MT7915 wireless driver could | |
| 9148 | CVE-2024-7881 |
|
11.2th | 5.1 | CVE-2024-7881 is a speculative execution vulnerability in certain Arm CPUs where unprivileged code c | |
| 9149 | CVE-2025-68927 |
|
11.1th | 6.1 | LibreDesk versions before 0.8.6-beta are vulnerable to stored HTML injection in the contact notes fe | |
| 9150 | CVE-2025-41233 |
|
11th | 6.8 | This CVE describes an authenticated blind SQL injection vulnerability in VMware AVI Load Balancer. A |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free