Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 9151 | CVE-2025-52715 |
|
30.7th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 9152 | CVE-2025-52708 |
|
30.7th | 7.5 | This CVE describes a PHP Local File Inclusion vulnerability in the RealMag777 HUSKY WordPress plugin | |
| 9153 | CVE-2025-47572 |
|
30.7th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 9154 | CVE-2025-32549 |
|
30.7th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 9155 | CVE-2025-47713 |
|
30.6th | 8.8 | A privilege escalation vulnerability in Apache CloudStack allows malicious Domain Admin users in the | |
| 9156 | CVE-2025-29876 |
|
30.7th | 7.5 | A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated attackers to ca | |
| 9157 | CVE-2025-5408 |
|
30.6th | 9.8 | A critical buffer overflow vulnerability in WAVLINK wireless routers allows remote attackers to exec | |
| 9158 | CVE-2025-54575 |
|
30.6th | 5.3 | A denial-of-service vulnerability in ImageSharp GIF decoder allows specially crafted GIF files with | |
| 9159 | CVE-2025-49070 |
|
30.7th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 9160 | CVE-2025-50177 |
|
30.6th | 8.1 | This vulnerability is a use-after-free flaw in Windows Message Queuing that allows unauthorized atta | |
| 9161 | CVE-2025-5197 |
|
30.7th | 5.3 | A Regular Expression Denial of Service (ReDoS) vulnerability in Hugging Face Transformers allows att | |
| 9162 | CVE-2025-51536 |
|
30.6th | 9.8 | OpenAtlas v8.11.0 contains a hardcoded administrator password, allowing attackers to gain full admin | |
| 9163 | CVE-2025-10137 |
|
30.7th | 5.4 | The Snow Monkey WordPress theme contains a Server-Side Request Forgery (SSRF) vulnerability that all | |
| 9164 | CVE-2025-57293 |
|
30.8th | 8.8 | A command injection vulnerability in COMFAST CF-XR11 routers allows attackers to execute arbitrary c | |
| 9165 | CVE-2026-20652 |
|
30.7th | 7.5 | This CVE describes a memory handling vulnerability in Apple operating systems and Safari that could | |
| 9166 | CVE-2025-64101 |
|
30.8th | 8.1 | This vulnerability allows attackers to hijack password reset links in Zitadel identity management so | |
| 9167 | CVE-2025-52079 |
|
30.7th | 8.8 | CVE-2025-52079 allows unauthenticated attackers to change the administrator password on D-Link DIR-8 | |
| 9168 | CVE-2025-62586 |
|
30.7th | 9.8 | CVE-2025-62586 is a critical authentication bypass vulnerability in OPEXUS FOIAXpress that allows re | |
| 9169 | CVE-2025-59260 |
|
30.7th | 5.5 | This vulnerability in Microsoft Failover Cluster Virtual Driver allows an authenticated attacker wit | |
| 9170 | CVE-2025-59186 |
|
30.7th | 5.5 | This Windows Kernel vulnerability allows an authenticated attacker with local access to a system to | |
| 9171 | CVE-2025-59184 |
|
30.7th | 5.5 | This vulnerability allows an authorized attacker with local access to a Windows High Availability Se | |
| 9172 | CVE-2025-55683 |
|
30.7th | 5.5 | This Windows Kernel vulnerability allows a local authenticated attacker to access sensitive informat | |
| 9173 | CVE-2025-55676 |
|
30.7th | 5.5 | This vulnerability in the Windows USB Video Driver allows an authorized attacker to read sensitive i | |
| 9174 | CVE-2025-47979 |
|
30.7th | 5.5 | This vulnerability allows sensitive information to be written to log files in Windows Failover Clust | |
| 9175 | CVE-2025-10538 |
|
30.7th | N/A | An authentication bypass vulnerability in LG Innotek LND7210 and LNV7210R cameras allows attackers t | |
| 9176 | CVE-2025-12140 |
|
30.6th | N/A | CVE-2025-12140 is a critical remote code execution vulnerability in applications with an insecure 'r | |
| 9177 | CVE-2025-63678 |
|
30.6th | 7.2 | This vulnerability allows authenticated administrators in CMS Made Simple Foundation File Manager v2 | |
| 9178 | CVE-2025-12725 |
|
30.7th | 8.8 | This vulnerability allows remote attackers to perform out-of-bounds memory writes via a crafted HTML | |
| 9179 | CVE-2025-12866 |
|
30.7th | 9.8 | CVE-2025-12866 is a critical authentication bypass vulnerability in EIP Plus software developed by H | |
| 9180 | CVE-2025-48330 |
|
30.6th | 9.8 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 9181 | CVE-2025-39468 |
|
30.6th | 9.8 | This vulnerability allows remote attackers to include and execute arbitrary PHP files on servers run | |
| 9182 | CVE-2025-39466 |
|
30.6th | 9.8 | This vulnerability allows attackers to include and execute arbitrary local PHP files on servers runn | |
| 9183 | CVE-2025-39463 |
|
30.6th | 9.8 | This CVE describes a PHP Local File Inclusion vulnerability in the Dessau WordPress theme. Attackers | |
| 9184 | CVE-2025-11704 |
|
30.6th | 7.5 | The Elegance Menu WordPress plugin contains a Local File Inclusion vulnerability that allows authent | |
| 9185 | CVE-2025-65037 |
|
30.7th | 10.0 | This critical vulnerability in Azure Container Apps allows remote attackers to execute arbitrary cod | |
| 9186 | CVE-2025-34437 |
|
30.7th | 8.8 | This vulnerability allows any authenticated user to upload comment images to videos owned by other u | |
| 9187 | CVE-2025-34436 |
|
30.7th | 8.8 | AVideo versions before 20.1 contain an insecure direct object reference vulnerability that allows an | |
| 9188 | CVE-2025-13658 |
|
30.6th | N/A | This vulnerability in Longwatch devices allows unauthenticated attackers to execute arbitrary code w | |
| 9189 | CVE-2026-2061 |
|
30.7th | 4.7 | This CVE describes an OS command injection vulnerability in D-Link DIR-823X routers. Attackers can r | |
| 9190 | CVE-2026-23886 |
|
30.6th | 5.3 | A denial-of-service vulnerability in Swift W3C TraceContext and Swift OTel allows remote attackers t | |
| 9191 | CVE-2026-20951 |
|
30.8th | 7.8 | This vulnerability allows an unauthorized attacker to execute arbitrary code on SharePoint servers t | |
| 9192 | CVE-2025-69981 |
|
30.7th | 9.8 | FUXA v1.2.7 has an unauthenticated file upload vulnerability in the /api/upload endpoint that allows | |
| 9193 | CVE-2026-25061 |
|
30.7th | 7.5 | This vulnerability in tcpflow's wifipcap component allows a 1-byte out-of-bounds write when parsing | |
| 9194 | CVE-2025-23084 |
|
30.4th | 5.5 | This Node.js vulnerability on Windows incorrectly handles drive names in path.join(), treating relat | |
| 9195 | CVE-2025-24662 |
|
30.5th | 5.3 | This CVE describes a missing authorization vulnerability in LearnDash LMS WordPress plugin that allo | |
| 9196 | CVE-2025-24705 |
|
30.5th | 5.3 | This vulnerability allows unauthorized users to access sensitive data in WooCommerce Quick View plug | |
| 9197 | CVE-2024-13302 |
|
30.5th | 5.3 | This CVE describes an incorrect authorization vulnerability in Drupal's Pages Restriction Access mod | |
| 9198 | CVE-2024-13266 |
|
30.5th | 5.3 | This CVE describes an incorrect authorization vulnerability in Drupal's Responsive and off-canvas me | |
| 9199 | CVE-2024-37567 |
|
30.5th | 9.1 | Infoblox NIOS through version 8.6.4 has improper access control for Grids, allowing unauthorized use | |
| 9200 | CVE-2024-41336 |
|
30.5th | 7.5 | Draytek routers store passwords in plaintext instead of using secure hashing, allowing attackers wit |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free