Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1501 | CVE-2025-22723 |
|
44.7th | 9.1 | This vulnerability allows attackers to upload arbitrary files, including web shells, to web servers | |
| 1502 | CVE-2024-8581 |
|
44.8th | 9.1 | This vulnerability in parisneo/lollms-webui allows attackers to delete any file or directory on the | |
| 1503 | CVE-2025-58447 |
|
44.6th | 9.8 | CVE-2025-58447 is a critical heap-based buffer overflow vulnerability in rAthena MMORPG server's log | |
| 1504 | CVE-2024-55227 |
|
44.4th | 9.0 | This CVE describes a cross-site scripting (XSS) vulnerability in Dolibarr's Events/Agenda module tha | |
| 1505 | CVE-2025-20282 |
|
44.4th | 10.0 | This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo | |
| 1506 | CVE-2025-12104 |
|
44.5th | 9.8 | This vulnerability involves outdated UI dependencies in BLU-IC2 and BLU-IC4 devices that could allow | |
| 1507 | CVE-2025-10742 |
|
44.5th | 9.8 | The Truelysell Core WordPress plugin allows unauthenticated attackers to change user passwords, incl | |
| 1508 | CVE-2025-13615 |
|
44.5th | 9.8 | This vulnerability in the StreamTube Core WordPress plugin allows unauthenticated attackers to chang | |
| 1509 | CVE-2025-60957 |
|
44.4th | 9.9 | This OS command injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server allows | |
| 1510 | CVE-2025-63207 |
|
44.4th | 9.8 | This vulnerability allows unauthenticated attackers to change all user passwords (Admin, Operator, U | |
| 1511 | CVE-2025-26410 |
|
44.2th | 9.8 | All Wattsense Bridge devices contain hard-coded credentials in their firmware, allowing attackers to | |
| 1512 | CVE-2026-1615 |
|
44.2th | 9.8 | The jsonpath package is vulnerable to arbitrary code execution via malicious JSON Path expressions. | |
| 1513 | CVE-2021-47891 |
|
44.2th | 9.8 | CVE-2021-47891 is a critical remote code execution vulnerability in Unified Remote 3.9.0.2463 that a | |
| 1514 | CVE-2025-1315 |
|
44th | 9.8 | The InWave Jobs WordPress plugin has a privilege escalation vulnerability that allows unauthenticate | |
| 1515 | CVE-2025-5486 |
|
44.1th | 9.8 | The WP Email Debug plugin for WordPress has a privilege escalation vulnerability that allows unauthe | |
| 1516 | CVE-2025-4797 |
|
44.1th | 9.8 | This vulnerability allows unauthenticated attackers to log in as any WordPress user, including admin | |
| 1517 | CVE-2025-7778 |
|
44th | 9.8 | The Icons Factory WordPress plugin contains an arbitrary file deletion vulnerability that allows una | |
| 1518 | CVE-2025-34434 |
|
44.1th | 9.1 | AVideo versions before 20.1 with the ImageGallery plugin enabled are vulnerable to unauthenticated f | |
| 1519 | CVE-2025-40805 |
|
44.1th | 10.0 | This critical vulnerability allows unauthenticated remote attackers to bypass authentication on spec | |
| 1520 | CVE-2025-41715 |
|
43.8th | 9.8 | This vulnerability exposes a web application's database without authentication, allowing unauthentic | |
| 1521 | CVE-2025-13329 |
|
43.8th | 9.8 | The File Uploader for WooCommerce WordPress plugin allows unauthenticated attackers to upload arbitr | |
| 1522 | CVE-2025-67822 |
|
43.8th | 9.4 | An authentication bypass vulnerability in Mitel MiVoice MX-ONE Provisioning Manager allows unauthent | |
| 1523 | CVE-2025-5288 |
|
43.8th | 9.8 | This vulnerability allows unauthenticated attackers to create new administrator accounts on WordPres | |
| 1524 | CVE-2025-50870 |
|
43.8th | 9.8 | Institute-of-Current-Students 1.0 has an access control vulnerability in the mydetailsstudent.php en | |
| 1525 | CVE-2025-10452 |
|
43.8th | 9.8 | CVE-2025-10452 is a critical Missing Authentication vulnerability in Gotac's Statistical Database Sy | |
| 1526 | CVE-2025-54539 |
|
43.8th | 9.8 | A deserialization vulnerability in Apache ActiveMQ NMS AMQP Client allows malicious AMQP servers to | |
| 1527 | CVE-2025-54322 |
|
43.8th | 10.0 | CVE-2025-54322 is an unauthenticated remote code execution vulnerability in Xspeeder SXZOS that allo | |
| 1528 | CVE-2024-53553 |
|
43.7th | 9.1 | This vulnerability allows attackers to bypass authentication in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK | |
| 1529 | CVE-2024-13264 |
|
43.7th | 9.8 | This vulnerability in Drupal's Opigno module allows attackers to inject malicious PHP code through s | |
| 1530 | CVE-2025-30472 |
|
43.7th | 9.0 | Corosync versions through 3.1.9 contain a stack-based buffer overflow vulnerability in the orf_token | |
| 1531 | CVE-2025-32754 |
|
43.6th | 9.1 | This vulnerability allows network-based attackers to impersonate Jenkins SSH build agents by exploit | |
| 1532 | CVE-2025-49223 |
|
43.6th | 9.8 | CVE-2025-49223 is a prototype pollution vulnerability in billboard.js that allows attackers to injec | |
| 1533 | CVE-2024-56346 |
|
43.6th | 10.0 | This critical vulnerability in IBM AIX's nimesis NIM master service allows remote attackers to execu | |
| 1534 | CVE-2025-35042 |
|
43.6th | 9.8 | Airship AI Acropolis uses a default administrative account with identical hardcoded credentials acro | |
| 1535 | CVE-2024-56897 |
|
43.5th | 9.8 | This vulnerability allows unauthenticated attackers to download/upload files and execute API command | |
| 1536 | CVE-2020-26799 |
|
43.5th | 9.8 | A reflected cross-site scripting (XSS) vulnerability in Luxcal 4.5.2 allows unauthenticated attacker | |
| 1537 | CVE-2025-27836 |
|
43.2th | 9.8 | A buffer overflow vulnerability in the BJ10V device driver in Ghostscript allows attackers to execut | |
| 1538 | CVE-2025-27831 |
|
43.2th | 9.8 | A buffer overflow vulnerability in Artifex Ghostscript's DOCXWRITE/TXTWRITE device allows attackers | |
| 1539 | CVE-2025-46468 |
|
43.2th | 9.8 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1540 | CVE-2025-39406 |
|
43.2th | 9.8 | This vulnerability allows attackers to include arbitrary local files through PHP's include/require s | |
| 1541 | CVE-2025-6758 |
|
43.3th | 9.8 | This vulnerability allows unauthenticated attackers to register as administrators on WordPress sites | |
| 1542 | CVE-2017-20208 |
|
43.2th | 9.8 | This vulnerability allows unauthenticated attackers to execute arbitrary PHP code on WordPress sites | |
| 1543 | CVE-2017-20206 |
|
43.2th | 9.8 | The Appointments plugin for WordPress has a PHP object injection vulnerability that allows unauthent | |
| 1544 | CVE-2024-47572 |
|
43.2th | 9.0 | This vulnerability allows attackers to execute arbitrary code on Fortinet FortiSOAR systems by manip | |
| 1545 | CVE-2025-40624 |
|
43th | 9.8 | An unauthenticated SQL injection vulnerability in TCMAN's GIM v11 allows attackers to execute arbitr | |
| 1546 | CVE-2025-40622 |
|
43th | 9.8 | This is a critical SQL injection vulnerability in TCMAN's GIM v11 software that allows unauthenticat | |
| 1547 | CVE-2025-40620 |
|
43th | 9.8 | This is a critical SQL injection vulnerability in TCMAN's GIM v11 software that allows unauthenticat | |
| 1548 | CVE-2022-50694 |
|
42.8th | 9.8 | This SQL injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco systems allows attackers to bypass | |
| 1549 | CVE-2023-53960 |
|
42.8th | 9.8 | This SQL injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x allows attackers to by | |
| 1550 | CVE-2025-46348 |
|
42.5th | 10.0 | CVE-2025-46348 is an authentication bypass vulnerability in YesWiki that allows unauthenticated atta |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free