Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1801 | CVE-2024-46666 |
|
36.8th | 5.3 | This CVE describes a resource allocation vulnerability in FortiOS that allows remote unauthenticated | |
| 1802 | CVE-2024-38790 |
|
36.8th | 6.5 | This CSRF vulnerability in the Smartsupp WordPress plugin allows attackers to trick authenticated ad | |
| 1803 | CVE-2024-38766 |
|
36.8th | 4.3 | This CSRF vulnerability in Matomo Analytics allows attackers to trick authenticated administrators i | |
| 1804 | CVE-2024-38763 |
|
36.8th | 4.3 | This Cross-Site Request Forgery (CSRF) vulnerability in the Popularis Verse WordPress theme allows a | |
| 1805 | CVE-2024-38754 |
|
36.8th | 4.3 | This CSRF vulnerability in Tagbox Taggbox WordPress plugin allows attackers to trick authenticated a | |
| 1806 | CVE-2024-38751 |
|
36.8th | 4.3 | This CSRF vulnerability in the AdsforWP WordPress plugin allows attackers to trick authenticated adm | |
| 1807 | CVE-2024-38691 |
|
36.8th | 4.3 | This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the Metorik plugin for WooCo | |
| 1808 | CVE-2024-37543 |
|
36.8th | 4.3 | A Cross-Site Request Forgery (CSRF) vulnerability in the Ultimate Auction WordPress plugin allows at | |
| 1809 | CVE-2024-37473 |
|
36.8th | 4.3 | This Cross-Site Request Forgery (CSRF) vulnerability in the BlazeThemes Trendy News WordPress theme | |
| 1810 | CVE-2024-37448 |
|
36.8th | 4.3 | A Cross-Site Request Forgery (CSRF) vulnerability in the FameThemes OnePress WordPress theme allows | |
| 1811 | CVE-2024-37426 |
|
36.8th | 4.3 | This CSRF vulnerability in the Rara Theme Elegant Pink WordPress theme allows attackers to trick aut | |
| 1812 | CVE-2024-37272 |
|
36.8th | 4.3 | This CSRF vulnerability in the Travel Monster WordPress theme allows attackers to trick authenticate | |
| 1813 | CVE-2024-37242 |
|
36.8th | 4.3 | A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Newspack Newsletters plugin allow | |
| 1814 | CVE-2024-37235 |
|
36.8th | 4.3 | This CSRF vulnerability in Groundhogg WordPress plugin allows attackers to trick authenticated admin | |
| 1815 | CVE-2024-37103 |
|
36.8th | 4.3 | A Cross-Site Request Forgery (CSRF) vulnerability in the Rara Theme Education Zone WordPress theme a | |
| 1816 | CVE-2025-26526 |
|
36.8th | 6.5 | This vulnerability allows users to bypass Separate Groups mode restrictions in Moodle's Feedback act | |
| 1817 | CVE-2023-51317 |
|
36.9th | 6.5 | PHPJabbers Restaurant Booking System v3.0 contains multiple HTML injection vulnerabilities in variou | |
| 1818 | CVE-2025-0825 |
|
36.8th | 5.3 | CVE-2025-0825 is a CRLF injection vulnerability in cpp-httplib where null-byte-prefixed CRLF sequenc | |
| 1819 | CVE-2025-2690 |
|
36.8th | 6.3 | This critical vulnerability in Yii2 PHP framework allows remote attackers to execute arbitrary code | |
| 1820 | CVE-2025-27526 |
|
36.8th | 6.5 | This CVE describes a deserialization vulnerability in Apache InLong that allows attackers to bypass | |
| 1821 | CVE-2024-4025 |
|
36.8th | 6.5 | A Denial of Service vulnerability in GitLab allows attackers to crash the application by uploading s | |
| 1822 | CVE-2025-53410 |
|
36.9th | 6.5 | This vulnerability in QNAP File Station 5 allows authenticated remote attackers to exhaust system re | |
| 1823 | CVE-2025-13434 |
|
36.9th | 5.3 | CVE-2025-13434 is a vulnerability in jameschz Hush Framework 2.0 where improper neutralization of th | |
| 1824 | CVE-2024-57723 |
|
36.7th | 6.5 | CVE-2024-57723 is a segmentation violation vulnerability in lunasvg's composition_source_over compon | |
| 1825 | CVE-2024-57721 |
|
36.7th | 6.5 | Lunasvg v3.0.0 contains a segmentation violation vulnerability in the plutovg_path_add_path componen | |
| 1826 | CVE-2025-23514 |
|
36.7th | 5.3 | This CVE describes a Missing Authorization vulnerability in the Sanjaysolutions Loginplus WordPress | |
| 1827 | CVE-2025-21340 |
|
36.7th | 5.5 | This vulnerability allows attackers to bypass Windows Virtualization-Based Security (VBS) protection | |
| 1828 | CVE-2025-26376 |
|
36.7th | 6.5 | This vulnerability allows authenticated low-privileged attackers to modify user data in Q-Free MaxTi | |
| 1829 | CVE-2025-26367 |
|
36.7th | 4.3 | This vulnerability allows authenticated low-privileged attackers to create arbitrary user groups in | |
| 1830 | CVE-2025-24029 |
|
36.6th | 5.3 | CVE-2025-24029 is an improper permissions vulnerability in Tuleap that allows users (including anony | |
| 1831 | CVE-2025-0272 |
|
36.8th | 5.4 | HCL DevOps Deploy/Launch is vulnerable to HTML injection, allowing authenticated users to embed arbi | |
| 1832 | CVE-2025-5520 |
|
36.7th | 5.3 | A reachable assertion vulnerability in Open5GS AMF/MME components allows remote attackers to cause d | |
| 1833 | CVE-2025-12021 |
|
36.7th | 6.1 | The WP-OAuth WordPress plugin contains a reflected cross-site scripting (XSS) vulnerability in the ' | |
| 1834 | CVE-2025-13383 |
|
36.7th | 6.1 | This stored XSS vulnerability in the Job Board WordPress plugin allows unauthenticated attackers to | |
| 1835 | CVE-2025-12746 |
|
36.7th | 6.1 | The Tainacan WordPress plugin is vulnerable to Reflected Cross-Site Scripting (XSS) via the 'search' | |
| 1836 | CVE-2025-22303 |
|
36.6th | 5.3 | This vulnerability in WP Mailster WordPress plugin allows attackers to retrieve embedded sensitive d | |
| 1837 | CVE-2024-12439 |
|
36.5th | 6.4 | The Marketplace Items WordPress plugin has a stored XSS vulnerability that allows authenticated atta | |
| 1838 | CVE-2024-11887 |
|
36.5th | 6.4 | The Geo Content WordPress plugin has a stored XSS vulnerability in its 'geotargetlygeocontent' short | |
| 1839 | CVE-2024-12445 |
|
36.5th | 6.4 | The RightMessage WordPress plugin has a stored cross-site scripting (XSS) vulnerability that allows | |
| 1840 | CVE-2025-22208 |
|
36.6th | 4.7 | A SQL injection vulnerability in the JS Jobs plugin for Joomla allows authenticated administrator us | |
| 1841 | CVE-2025-26702 |
|
36.6th | 4.9 | An improper input validation vulnerability in ZTE GoldenDB allows attackers to manipulate input data | |
| 1842 | CVE-2025-24341 |
|
36.5th | 6.5 | A vulnerability in ctrlX OS web application allows authenticated low-privileged attackers to cause d | |
| 1843 | CVE-2025-3487 |
|
36.6th | 6.4 | This vulnerability allows authenticated WordPress users with Contributor-level access or higher to i | |
| 1844 | CVE-2025-10224 |
|
36.6th | 5.4 | This vulnerability in AxxonSoft Axxon One (C-Werk) allows authenticated remote attackers to bypass p | |
| 1845 | CVE-2025-59429 |
|
36.6th | 5.4 | This CVE describes a reflected cross-site scripting (XSS) vulnerability in FreePBX, an open-source G | |
| 1846 | CVE-2025-53412 |
|
36.6th | 6.5 | A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated remote attacker | |
| 1847 | CVE-2025-53408 |
|
36.6th | 6.5 | A NULL pointer dereference vulnerability in QNAP File Station 5 allows authenticated attackers to ca | |
| 1848 | CVE-2025-47207 |
|
36.6th | 6.5 | A NULL pointer dereference vulnerability in QNAP File Station allows authenticated attackers to caus | |
| 1849 | CVE-2026-24036 |
|
36.6th | 5.3 | This vulnerability in Horilla HRMS allows unauthenticated attackers to view unpublished job postings | |
| 1850 | CVE-2025-21202 |
|
36.4th | 6.1 | This vulnerability allows an authenticated attacker to elevate privileges within the Windows Recover |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free