Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1851 | CVE-2025-29312 |
|
35.8th | 9.1 | This vulnerability in ONOS (Open Network Operating System) v2.7.0 allows attackers to trigger unexpe | |
| 1852 | CVE-2025-12057 |
|
35.8th | 9.8 | The WavePlayer WordPress plugin before version 3.8.0 contains an unauthenticated arbitrary file uplo | |
| 1853 | CVE-2025-56385 |
|
35.8th | 9.8 | This SQL injection vulnerability in WellSky Harmony's login functionality allows attackers to bypass | |
| 1854 | CVE-2026-24531 |
|
35.8th | 9.8 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1855 | CVE-2026-1364 |
|
35.8th | 9.8 | CVE-2026-1364 is a critical missing authentication vulnerability in IAQS and I6 systems developed by | |
| 1856 | CVE-2026-23975 |
|
35.8th | 9.8 | This CVE describes a PHP Local File Inclusion vulnerability in the Golo WordPress theme that allows | |
| 1857 | CVE-2025-54003 |
|
35.8th | 9.8 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 1858 | CVE-2025-50003 |
|
35.8th | 9.8 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 1859 | CVE-2025-49994 |
|
35.8th | 9.8 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1860 | CVE-2025-47474 |
|
35.8th | 9.8 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 1861 | CVE-2025-27663 |
|
35.6th | 9.8 | CVE-2025-27663 is a critical authentication vulnerability in Vasion Print (formerly PrinterLogic) th | |
| 1862 | CVE-2025-49827 |
|
35.6th | 9.8 | This vulnerability allows attackers to bypass IAM authentication in Conjur by manipulating AWS-signe | |
| 1863 | CVE-2025-60724 |
|
35.6th | 9.8 | A heap-based buffer overflow vulnerability in Microsoft Graphics Component allows remote attackers t | |
| 1864 | CVE-2025-66489 |
|
35.5th | 9.8 | This vulnerability in Cal.com scheduling software allows attackers to bypass password verification w | |
| 1865 | CVE-2025-40765 |
|
35.5th | 9.8 | An information disclosure vulnerability in TeleControl Server Basic V3.1 allows unauthenticated remo | |
| 1866 | CVE-2025-65112 |
|
35.5th | 9.4 | PubNet versions before 1.1.3 allow unauthenticated attackers to upload packages as any user by manip | |
| 1867 | CVE-2025-68929 |
|
35.5th | 9.0 | This vulnerability allows authenticated Frappe users with specific permissions to be tricked into cl | |
| 1868 | CVE-2026-25722 |
|
35.5th | 9.1 | CVE-2026-25722 is a directory traversal vulnerability in Claude Code that allows attackers to bypass | |
| 1869 | CVE-2025-30139 |
|
35.4th | 9.8 | G-Net Dashcam BB GONX devices have hardcoded default Wi-Fi credentials that cannot be changed, allow | |
| 1870 | CVE-2025-32431 |
|
35.3th | 9.1 | Traefik reverse proxy versions before 2.11.24, 3.3.6, and 3.4.0-rc2 contain a path traversal vulnera | |
| 1871 | CVE-2025-40906 |
|
35.4th | 9.8 | CVE-2025-40906 affects BSON::XS versions 0.8.4 and earlier for Perl, which bundle a vulnerable libbs | |
| 1872 | CVE-2024-57190 |
|
35.4th | 9.8 | CVE-2024-57190 is an authentication bypass vulnerability in Erxes that allows attackers to impersona | |
| 1873 | CVE-2025-10725 |
|
35.3th | 9.9 | A privilege escalation vulnerability in Red Hat OpenShift AI Service allows authenticated low-privil | |
| 1874 | CVE-2025-66456 |
|
35.3th | 9.8 | This CVE describes a prototype pollution vulnerability in the Elysia TypeScript framework that, when | |
| 1875 | CVE-2025-57529 |
|
35.3th | 9.8 | CVE-2025-57529 is a critical SQL injection vulnerability in YouDataSum CPAS Audit Management System | |
| 1876 | CVE-2025-54952 |
|
35.3th | 9.8 | An integer overflow vulnerability in ExecuTorch model loading causes insufficient memory allocation, | |
| 1877 | CVE-2025-13540 |
|
35.1th | 9.8 | The Tiare Membership WordPress plugin has a privilege escalation vulnerability that allows unauthent | |
| 1878 | CVE-2025-13538 |
|
35.1th | 9.8 | The FindAll Listing plugin for WordPress has a privilege escalation vulnerability that allows unauth | |
| 1879 | CVE-2025-13559 |
|
35.1th | 9.8 | The EduKart Pro WordPress plugin allows unauthenticated attackers to register accounts with administ | |
| 1880 | CVE-2025-11127 |
|
35.1th | 9.8 | This vulnerability allows unauthenticated attackers to hijack user sessions in Mstoreapp WordPress p | |
| 1881 | CVE-2025-11457 |
|
35.1th | 9.8 | This vulnerability allows unauthenticated attackers to register as administrators on WordPress sites | |
| 1882 | CVE-2025-8900 |
|
35.1th | 9.8 | The Doccure Core WordPress plugin allows unauthenticated attackers to create accounts with administr | |
| 1883 | CVE-2025-13542 |
|
35.1th | 9.8 | The DesignThemes LMS WordPress plugin allows unauthenticated attackers to register accounts with adm | |
| 1884 | CVE-2025-59695 |
|
35.3th | 9.8 | This vulnerability allows users with root access to the operating system to modify firmware on the C | |
| 1885 | CVE-2026-22686 |
|
35.2th | 10.0 | CVE-2026-22686 is a critical sandbox escape vulnerability in enclave-vm that allows untrusted JavaSc | |
| 1886 | CVE-2024-23943 |
|
35th | 9.1 | An unauthenticated remote attacker can exploit this vulnerability to gain unauthorized access to the | |
| 1887 | CVE-2025-44897 |
|
35.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected FW-WGS-804HPT devic | |
| 1888 | CVE-2025-44894 |
|
35.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected FW-WGS-804HPT devic | |
| 1889 | CVE-2025-44883 |
|
35.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected FW-WGS-804HPT devic | |
| 1890 | CVE-2025-44890 |
|
35.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected FW-WGS-804HPT devic | |
| 1891 | CVE-2025-44887 |
|
35.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected FW-WGS-804HPT devic | |
| 1892 | CVE-2025-44885 |
|
35.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected FW-WGS-804HPT devic | |
| 1893 | CVE-2025-45513 |
|
35.1th | 9.8 | Tenda FH451 router firmware version V1.0.0.9 contains a stack overflow vulnerability in the P2pListF | |
| 1894 | CVE-2025-26074 |
|
35.1th | 9.8 | CVE-2025-26074 is a critical remote code execution vulnerability in Orkes Conductor that allows atta | |
| 1895 | CVE-2025-43186 |
|
35.1th | 9.8 | This is a critical memory corruption vulnerability in Apple's file parsing components across multipl | |
| 1896 | CVE-2025-48293 |
|
35.1th | 9.8 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1897 | CVE-2025-25174 |
|
35.1th | 10.0 | This CVE describes a PHP Local File Inclusion vulnerability in the BeeTeam368 Extensions WordPress p | |
| 1898 | CVE-2025-50692 |
|
35.1th | 9.8 | FoxCMS versions up to 1.2.5 contain a code injection vulnerability in the admin template file editor | |
| 1899 | CVE-2025-25379 |
|
34.9th | 9.6 | A Cross-Site Request Forgery (CSRF) vulnerability in 07FLYCMS v1.3.9 allows remote attackers to tric | |
| 1900 | CVE-2025-24964 |
|
35th | 9.6 | This vulnerability allows remote attackers to execute arbitrary code on systems running Vitest with |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free