Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
1051	CVE-2025-23114	0.38%	59th	9.0	A TLS certificate validation vulnerability in Veeam Updater allows man-in-the-middle attackers to in
1052	CVE-2025-12813	0.38%	59th	9.8	The Holiday Class Post Calendar WordPress plugin has a critical remote code execution vulnerability
1053	CVE-2025-14502	0.38%	59th	9.8	The News and Blog Designer Bundle WordPress plugin has a Local File Inclusion vulnerability that all
1054	CVE-2025-24981	0.38%	58.9th	9.3	CVE-2025-24981 is a cross-site scripting (XSS) vulnerability in the MDC markdown parser that allows
1055	CVE-2025-7921	0.38%	58.9th	9.8	This critical vulnerability affects certain Askey modem models, allowing unauthenticated remote atta
1056	CVE-2025-67418	0.38%	59th	9.8	ClipBucket 5.5.2 ships with hardcoded default administrative credentials, allowing unauthenticated r
1057	CVE-2023-53921	0.38%	58.9th	9.8	SitemagicCMS 4.4.3 contains an unrestricted file upload vulnerability that allows attackers to uploa
1058	CVE-2024-56156	0.38%	58.9th	9.0	This vulnerability in Halo website building software allows attackers to bypass file upload validati
1059	CVE-2025-39557	0.38%	58.9th	9.1	This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells,
1060	CVE-2025-32202	0.38%	58.9th	9.1	This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells,
1061	CVE-2025-31002	0.38%	58.9th	9.1	CVE-2025-31002 is an arbitrary file upload vulnerability in the Squeeze WordPress plugin that allows
1062	CVE-2025-31480	0.38%	58.9th	9.1	This is a privilege escalation vulnerability in the aiven-extras PostgreSQL extension that allows at
1063	CVE-2025-60803	0.38%	58.9th	9.8	Antabot White-Jotter contains an unauthenticated remote code execution vulnerability that allows att
1064	CVE-2026-25539	0.38%	58.9th	9.1	This vulnerability allows authenticated users of SiYuan personal knowledge management system to writ
1065	CVE-2025-26201	0.38%	58.8th	9.1	GreaterWMS versions up to 2.1.49 contain an authentication bypass vulnerability in the /staff route
1066	CVE-2024-38988	0.38%	58.8th	9.8	CVE-2024-38988 is a prototype pollution vulnerability in alizeait unflatto versions up to 1.0.2 that
1067	CVE-2025-30580	0.38%	58.7th	10.0	This critical vulnerability allows remote attackers to execute arbitrary code on systems running vul
1068	CVE-2025-43879	0.38%	58.7th	9.8	This critical vulnerability allows remote unauthenticated attackers to execute arbitrary operating s
1069	CVE-2025-21198	0.38%	58.6th	9.0	This vulnerability allows remote attackers to execute arbitrary code on Microsoft HPC Pack systems w
1070	CVE-2025-11522	0.38%	58.6th	9.8	This vulnerability allows unauthenticated attackers to bypass authentication and take over any user
1071	CVE-2024-12264	0.37%	58.6th	9.8	This vulnerability allows unauthenticated attackers to create administrative user accounts on WordPr
1072	CVE-2024-12402	0.37%	58.6th	9.8	This vulnerability allows unauthenticated attackers to change any WordPress user's password, includi
1073	CVE-2025-30465	0.37%	58.6th	9.8	This CVE describes a permissions bypass vulnerability in Apple's Shortcuts app across multiple macOS
1074	CVE-2024-10361	0.37%	58.5th	9.1	This vulnerability allows attackers to delete arbitrary files on servers running vulnerable versions
1075	CVE-2025-32931	0.37%	58.6th	9.1	CVE-2025-32931 is an authenticated remote code execution vulnerability in DevDojo Voyager that allow
1076	CVE-2025-43984	0.37%	58.5th	9.8	This vulnerability allows remote unauthenticated attackers to execute arbitrary operating system com
1077	CVE-2025-10230	0.37%	58.5th	10.0	This critical vulnerability in Samba allows unauthenticated remote attackers to execute arbitrary co
1078	CVE-2025-31685	0.37%	58.4th	9.1	This CVE describes a Missing Authorization vulnerability in Drupal Open Social that allows Forceful
1079	CVE-2025-52385	0.37%	58.3th	9.8	This critical vulnerability in Studio 3T allows remote attackers to execute arbitrary code on affect
1080	CVE-2025-39550	0.37%	58.3th	9.8	CVE-2025-39550 is a PHP object injection vulnerability in the Shahjahan Jewel FluentCommunity WordPr
1081	CVE-2025-32658	0.37%	58.3th	9.8	This vulnerability allows attackers to execute arbitrary code on WordPress sites running the vulnera
1082	CVE-2025-32572	0.37%	58.3th	9.8	CVE-2025-32572 is a PHP object injection vulnerability in the Kata Plus WordPress plugin that allows
1083	CVE-2025-27286	0.37%	58.3th	9.8	This vulnerability allows remote attackers to execute arbitrary code through PHP object injection vi
1084	CVE-2025-30985	0.37%	58.3th	9.8	A PHP object injection vulnerability in GNUCommerce WordPress plugin allows attackers to execute arb
1085	CVE-2025-32568	0.37%	58.3th	9.8	This vulnerability allows attackers to inject malicious objects through deserialization of untrusted
1086	CVE-2025-31612	0.37%	58.3th	9.8	This vulnerability allows attackers to inject malicious PHP objects through deserialization of untru
1087	CVE-2025-31084	0.37%	58.3th	9.8	This vulnerability allows attackers to inject malicious objects through deserialization of untrusted
1088	CVE-2025-32897	0.37%	58.3th	9.8	This vulnerability allows attackers to execute arbitrary code by sending malicious serialized data t
1089	CVE-2025-24297	0.37%	58.1th	9.8	This vulnerability allows attackers to inject malicious JavaScript code into users' personal spaces
1090	CVE-2025-53826	0.37%	58.1th	9.8	File Browser version 2.39.0 has an authentication flaw where JWT tokens remain valid indefinitely ev
1091	CVE-2025-30461	0.37%	58.1th	9.8	This CVE describes a macOS sandbox bypass vulnerability where malicious applications can access prot
1092	CVE-2025-24245	0.37%	58.1th	9.8	This vulnerability allows malicious applications to bypass verification code rate limiting and acces
1093	CVE-2025-2146	0.37%	58.1th	9.8	A buffer overflow vulnerability in the WebService Authentication processing of Canon multifunction p
1094	CVE-2025-32682	0.37%	58th	9.9	This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress se
1095	CVE-2025-32445	0.37%	58th	9.9	This CVE allows authenticated users with EventSource/Sensor CRUD permissions in Argo Events to escal
1096	CVE-2025-32140	0.37%	58th	9.9	This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress se
1097	CVE-2025-55315	0.37%	58th	9.9	CVE-2025-55315 is an HTTP request smuggling vulnerability in ASP.NET Core that allows an authenticat
1098	CVE-2025-67728	0.37%	58th	9.8	CVE-2025-67728 is a command injection vulnerability in Fireshare that allows authenticated users (or
1099	CVE-2024-13442	0.36%	57.9th	9.8	This vulnerability allows unauthenticated attackers to take over any user account, including adminis
1100	CVE-2025-27786	0.36%	57.9th	9.1	Applio voice conversion tool versions 3.2.8-bugfix and prior contain a path traversal vulnerability

← Previous Page 22 of 70 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free