Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
2101	CVE-2024-50693	0.12%	30.5th	9.1	This vulnerability allows attackers to bypass authorization controls in SunGrow iSolarCloud's userSe
2102	CVE-2024-50689	0.12%	30.5th	9.1	This vulnerability allows attackers to bypass authorization and access unauthorized organizational d
2103	CVE-2024-50687	0.12%	30.5th	9.1	SunGrow iSolarCloud versions before October 31, 2024 contain an insecure direct object reference (ID
2104	CVE-2024-50685	0.12%	30.5th	9.1	This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in SunGrow iSolarCloud's
2105	CVE-2025-26512	0.12%	30.6th	9.9	This vulnerability allows authenticated SnapCenter Server users to escalate privileges to admin leve
2106	CVE-2024-9309	0.12%	30.5th	9.3	This SSRF vulnerability in LLaVA's Controller API Server allows attackers to make the server send un
2107	CVE-2024-48864	0.12%	30.5th	9.1	This vulnerability in QNAP File Station 5 allows remote attackers to read or write files and directo
2108	CVE-2025-48938	0.12%	30.6th	9.8	A critical vulnerability in go-gh versions before 2.12.1 allows remote code execution when users int
2109	CVE-2025-50213	0.12%	30.6th	9.8	This CVE describes a SQL injection vulnerability in Apache Airflow's Snowflake provider where unsani
2110	CVE-2024-38824	0.12%	30.6th	9.6	CVE-2024-38824 is a critical directory traversal vulnerability in SaltStack's recv_file method that
2111	CVE-2025-48877	0.12%	30.6th	9.8	This vulnerability in Discourse allows attackers to execute arbitrary JavaScript within iframes when
2112	CVE-2025-7493	0.12%	30.5th	9.1	This CVE-2025-7493 is a privilege escalation vulnerability in FreeIPA where an attacker can gain dom
2113	CVE-2025-9943	0.12%	30.4th	9.1	An SQL injection vulnerability in Shibboleth Service Provider allows unauthenticated attackers to ex
2114	CVE-2025-36250	0.12%	30.5th	10.0	This vulnerability allows remote attackers to execute arbitrary commands on IBM AIX and VIOS systems
2115	CVE-2025-62849	0.12%	30.5th	9.8	This SQL injection vulnerability in QNAP operating systems allows remote attackers to execute arbitr
2116	CVE-2025-59389	0.12%	30.5th	9.8	An SQL injection vulnerability in Hyper Data Protector allows remote attackers to execute unauthoriz
2117	CVE-2024-55959	0.12%	30.3th	9.1	CVE-2024-55959 is an insecure permissions vulnerability in Northern.tech Mender Client that allows l
2118	CVE-2025-28893	0.12%	30.4th	9.9	This CVE describes a critical remote code execution vulnerability in the Visual Text Editor WordPres
2119	CVE-2025-27593	0.12%	30.4th	9.3	CVE-2025-27593 allows attackers to distribute malicious code via SDD Device Drivers due to missing d
2120	CVE-2025-26988	0.12%	30.4th	9.3	This SQL injection vulnerability in the SMS Alert Order Notifications WooCommerce plugin allows atta
2121	CVE-2025-43253	0.12%	30.3th	9.8	This vulnerability allows malicious applications to bypass security restrictions and execute arbitra
2122	CVE-2025-31281	0.12%	30.3th	9.1	This CVE describes an input validation vulnerability in Apple operating systems that allows maliciou
2123	CVE-2025-34203	0.12%	30.3th	9.8	Vasion Print (formerly PrinterLogic) contains outdated, end-of-life third-party components across mu
2124	CVE-2026-23944	0.12%	30.3th	9.8	CVE-2026-23944 is an authentication bypass vulnerability in Arcane Docker management interface that
2125	CVE-2025-0159	0.11%	30.2th	9.1	This vulnerability allows remote attackers to bypass authentication on IBM FlashSystem RPCAdapter en
2126	CVE-2025-46331	0.11%	30.2th	9.8	OpenFGA versions 1.3.6 through 1.8.10 contain an authorization bypass vulnerability in Check and Lis
2127	CVE-2025-32958	0.11%	30.2th	9.8	This vulnerability in Adept programming language's GitHub workflow exposes the GITHUB_TOKEN in uploa
2128	CVE-2025-4609	0.11%	30.2th	9.6	This vulnerability in Google Chrome's Mojo IPC system on Windows allows a remote attacker to escape
2129	CVE-2025-55241	0.11%	30.1th	10.0	This critical vulnerability in Azure Entra ID (formerly Azure Active Directory) allows attackers to
2130	CVE-2025-60739	0.11%	30.2th	9.6	A Cross-Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server firmware allows remote att
2131	CVE-2026-23884	0.11%	30.2th	9.8	CVE-2026-23884 is a use-after-free vulnerability in FreeRDP clients where offscreen bitmap deletion
2132	CVE-2026-23883	0.11%	30.2th	9.8	This is a use-after-free vulnerability in FreeRDP's X11 client graphics handling that allows a malic
2133	CVE-2025-14829	0.11%	30.2th	9.1	The E-xact Hosted Payment WordPress plugin through version 2.0 contains an arbitrary file deletion v
2134	CVE-2025-60534	0.11%	30.2th	9.8	Blue Access Cobalt v02.000.195 has an authentication bypass vulnerability that allows attackers to p
2135	CVE-2026-21450	0.11%	30.2th	9.8	Bagisto eCommerce platforms running versions before 2.3.10 are vulnerable to server-side template in
2136	CVE-2025-46264	0.11%	30.1th	9.9	This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress se
2137	CVE-2025-12422	0.11%	30th	9.8	This vulnerability allows attackers to write arbitrary files through a vulnerable upgrade feature in
2138	CVE-2025-4083	0.11%	29.8th	9.1	A process isolation vulnerability in Thunderbird and Firefox allows javascript: URIs to execute in t
2139	CVE-2025-30510	0.11%	29.9th	9.8	This vulnerability allows attackers to upload arbitrary files instead of legitimate plant images in
2140	CVE-2019-25337	0.11%	29.9th	9.8	CVE-2019-25337 is a username enumeration vulnerability in ownCloud that allows remote attackers to d
2141	CVE-2025-42980	0.11%	29.9th	9.1	SAP NetWeaver Enterprise Portal Federated Portal Network has a deserialization vulnerability where p
2142	CVE-2025-43766	0.11%	29.8th	9.8	This vulnerability allows attackers to upload unrestricted files through Liferay's style books compo
2143	CVE-2025-55100	0.11%	29.9th	9.1	This vulnerability allows attackers to read memory beyond allocated boundaries in USBX's audio class
2144	CVE-2026-23852	0.11%	29.9th	9.6	SiYuan personal knowledge management systems before version 3.5.4 have a stored XSS vulnerability in
2145	CVE-2025-1446	0.11%	29.8th	9.8	The Pods WordPress plugin before version 3.2.8.2 contains a SQL injection vulnerability due to insuf
2146	CVE-2025-48949	0.11%	29.8th	9.8	CVE-2025-48949 is a critical SQL injection vulnerability in Navidrome music server affecting version
2147	CVE-2025-54951	0.11%	29.6th	9.8	Multiple buffer overflow vulnerabilities in ExecuTorch model loading allow attackers to crash the ru
2148	CVE-2025-54949	0.11%	29.6th	9.8	A heap buffer overflow vulnerability in ExecuTorch's model loading functionality allows attackers to
2149	CVE-2025-34217	0.11%	29.8th	9.8	This vulnerability allows attackers with the matching private SSH key to gain root access to Vasion
2150	CVE-2025-64657	0.11%	29.8th	9.8	A stack-based buffer overflow vulnerability in Azure Application Gateway allows unauthorized attacke

← Previous Page 43 of 70 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free