Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
951	CVE-2025-20033	0.26%	49.6th	4.3	This vulnerability in Mattermost allows attackers to create denial-of-service conditions by exploiti
952	CVE-2023-51334	0.26%	49.4th	5.3	This vulnerability allows attackers to send excessive password reset emails to legitimate users by e
953	CVE-2017-6537	0.26%	49.6th	6.1	This is a stored Cross-Site Scripting (XSS) vulnerability in webpagetest 3.0 that allows attackers t
954	CVE-2017-6396	0.26%	49.6th	6.1	CVE-2017-6396 is a cross-site scripting (XSS) vulnerability in WebPageTest 3.0 that allows attackers
955	CVE-2025-9001	0.26%	49.6th	5.3	A stack-based buffer overflow vulnerability exists in LemonOS's HTTP client component. Attackers can
956	CVE-2025-66034	0.26%	49.6th	6.3	This vulnerability in fontTools allows arbitrary file write leading to remote code execution when pr
957	CVE-2025-41693	0.26%	49.6th	4.3	A low-privileged remote attacker can exploit SSH functionality to execute commands after authenticat
958	CVE-2026-21265	0.26%	49.6th	6.4	This CVE describes a Windows Secure Boot certificate expiration issue where Microsoft's UEFI certifi
959	CVE-2025-22619	0.26%	49.4th	6.1	A reflected cross-site scripting (XSS) vulnerability in WeGIA's editar_permissoes.php endpoint allow
960	CVE-2025-22617	0.26%	49.4th	6.1	This CVE describes a reflected cross-site scripting (XSS) vulnerability in WeGIA's editar_socio.php
961	CVE-2025-22615	0.26%	49.4th	6.1	This CVE describes a Reflected Cross-Site Scripting (XSS) vulnerability in WeGIA's Cadastro_Atendido
962	CVE-2020-9295	0.26%	49.4th	4.7	This vulnerability affects Fortinet's antivirus engine in FortiOS and FortiClient, causing delayed d
963	CVE-2025-21577	0.26%	49.4th	6.5	This vulnerability in MySQL Server's InnoDB component allows authenticated attackers with low privil
964	CVE-2025-21575	0.26%	49.4th	6.5	A vulnerability in MySQL Server's parser component allows low-privileged attackers with network acce
965	CVE-2025-27391	0.26%	49.4th	6.5	Apache ActiveMQ Artemis versions 1.5.1 through 2.39.0 log sensitive broker configuration properties
966	CVE-2024-52964	0.26%	49.4th	5.5	This path traversal vulnerability in Fortinet FortiManager and FortiManager Cloud allows authenticat
967	CVE-2025-24605	0.26%	49.2th	4.9	This path traversal vulnerability in the WOLF WordPress plugin allows attackers to access files outs
968	CVE-2025-2877	0.26%	49.2th	6.5	This vulnerability in Ansible Automation Platform's Event-Driven Ansible exposes inventory passwords
969	CVE-2025-3143	0.26%	49.2th	6.3	This critical SQL injection vulnerability in SourceCodester Apartment Visitor Management System 1.0
970	CVE-2025-8905	0.26%	49.3th	6.3	The Inpersttion For Theme WordPress plugin has a remote code execution vulnerability that allows aut
971	CVE-2025-10441	0.26%	49.2th	6.3	This CVE describes an OS command injection vulnerability in D-Link routers' web interface. Attackers
972	CVE-2025-10440	0.26%	49.2th	6.3	This CVE describes an OS command injection vulnerability in D-Link routers' jhttpd component via the
973	CVE-2024-40513	0.26%	49.1th	4.6	This vulnerability in themesebrand Chatvia v5.3.2 allows remote attackers to execute arbitrary code
974	CVE-2025-32259	0.26%	49.2th	5.3	CVE-2025-32259 is a missing authorization vulnerability in the WP ULike WordPress plugin that allows
975	CVE-2025-0244	0.26%	49.1th	5.3	This vulnerability in Firefox for Android allows attackers to spoof the address bar when redirecting
976	CVE-2025-2883	0.26%	49th	5.3	The Accept SagePay Payments Using Contact Form 7 WordPress plugin exposes sensitive server informati
977	CVE-2024-13820	0.26%	49th	5.3	The Melhor Envio WordPress plugin exposes sensitive information through a hardcoded hash in the 'run
978	CVE-2025-31558	0.26%	49.1th	5.8	This vulnerability in the TailPress WordPress plugin allows attackers to retrieve embedded sensitive
979	CVE-2025-31550	0.26%	49.1th	5.8	This vulnerability in the WP-LESS WordPress plugin allows attackers to retrieve sensitive data embed
980	CVE-2025-31842	0.26%	49.1th	5.3	This vulnerability in the Viral Loops WP Integration WordPress plugin allows attackers to retrieve s
981	CVE-2025-31788	0.26%	49.1th	5.3	This vulnerability allows attackers to retrieve sensitive data embedded in log files generated by th
982	CVE-2023-40327	0.26%	48.9th	6.5	This CVE describes a missing authorization vulnerability in the Putler Connector for WooCommerce plu
983	CVE-2025-26779	0.26%	48.9th	4.9	This path traversal vulnerability in the Keep Backup Daily WordPress plugin allows attackers to down
984	CVE-2025-24239	0.26%	48.9th	6.5	This CVE describes a macOS code-signing downgrade vulnerability that allows malicious applications t
985	CVE-2025-26684	0.26%	48.9th	6.7	This vulnerability in Microsoft Defender for Endpoint allows an authorized attacker to manipulate fi
986	CVE-2024-37396	0.26%	48.9th	5.4	This stored XSS vulnerability in REDCap's Calendar function allows authenticated users to inject mal
987	CVE-2024-37394	0.26%	48.9th	5.4	This stored XSS vulnerability in REDCap allows authenticated users to inject malicious scripts into
988	CVE-2025-14043	0.26%	48.9th	5.3	The Tainacan WordPress plugin has an authorization bypass vulnerability that allows unauthenticated
989	CVE-2024-43708	0.26%	48.8th	6.5	This vulnerability allows authenticated users with read access to Kibana to send specially crafted p
990	CVE-2024-12559	0.26%	48.5th	5.3	The ClickDesigns WordPress plugin has an authentication bypass vulnerability that allows unauthentic
991	CVE-2025-24055	0.26%	48.5th	4.3	An out-of-bounds read vulnerability in the Windows USB Video Driver allows an authorized attacker wi
992	CVE-2025-11665	0.26%	48.5th	4.7	This CVE describes an OS command injection vulnerability in D-Link DAP-2695 access points through th
993	CVE-2025-29497	0.25%	48.4th	6.5	CVE-2025-29497 is a memory leak vulnerability in libming v0.4.8's parseSWF_MORPHFILLSTYLES function
994	CVE-2025-29494	0.25%	48.4th	6.5	CVE-2025-29494 is a memory corruption vulnerability in libming v0.4.8's decompileGETMEMBER function
995	CVE-2025-29492	0.25%	48.4th	6.5	CVE-2025-29492 is a memory corruption vulnerability in libming v0.4.8 that causes a segmentation fau
996	CVE-2025-29490	0.25%	48.4th	6.5	A segmentation fault vulnerability in libming v0.4.8's decompileCALLMETHOD function allows attackers
997	CVE-2025-29488	0.25%	48.4th	6.5	CVE-2025-29488 is a memory leak vulnerability in libming v0.4.8's parseSWF_INITACTION function. This
998	CVE-2025-26901	0.25%	48.4th	4.3	This CVE describes a missing authorization vulnerability in Brizy Pro WordPress plugin that allows a
999	CVE-2025-32220	0.25%	48.4th	5.4	A missing authorization vulnerability in the Dimitri Grassi Salon booking system WordPress plugin al
1000	CVE-2025-66202	0.25%	48.3th	6.5	This vulnerability allows unauthenticated attackers to bypass path-based authentication checks in As

← Previous Page 20 of 331 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free