Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2251 | CVE-2025-30973 |
|
28.1th | 9.8 | CVE-2025-30973 is a PHP object injection vulnerability in Codexpert, Inc's CoSchool LMS WordPress pl | |
| 2252 | CVE-2025-30949 |
|
28.1th | 9.8 | CVE-2025-30949 is a PHP object injection vulnerability in the Guru Team Site Chat on Telegram WordPr | |
| 2253 | CVE-2025-52761 |
|
28.1th | 9.8 | CVE-2025-52761 is a PHP object injection vulnerability in the WP Funnel Manager WordPress plugin tha | |
| 2254 | CVE-2025-54014 |
|
28.1th | 9.8 | This CVE describes a PHP object injection vulnerability in the MediCenter WordPress theme that allow | |
| 2255 | CVE-2025-53299 |
|
28.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code via PHP object injection throug | |
| 2256 | CVE-2025-54686 |
|
28.1th | 9.8 | CVE-2025-54686 is a PHP object injection vulnerability in the Exertio WordPress theme that allows at | |
| 2257 | CVE-2025-10159 |
|
28th | 9.8 | An authentication bypass vulnerability in Sophos AP6 Series Wireless Access Points allows remote att | |
| 2258 | CVE-2025-49401 |
|
28.1th | 9.8 | This vulnerability allows attackers to inject malicious objects through deserialization of untrusted | |
| 2259 | CVE-2025-42890 |
|
28.1th | 10.0 | SQL Anywhere Monitor (Non-GUI) contains hardcoded credentials that allow attackers to bypass authent | |
| 2260 | CVE-2025-14388 |
|
28.1th | 9.8 | The PhastPress WordPress plugin contains a critical vulnerability allowing unauthenticated attackers | |
| 2261 | CVE-2025-69764 |
|
28th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Tenda AX3 routers by exploit | |
| 2262 | CVE-2026-23947 |
|
28.1th | 9.8 | Orval versions 7.19.0 through 8.0.2 contain a code injection vulnerability in the x-enumDescriptions | |
| 2263 | CVE-2023-46400 |
|
27.9th | 9.8 | KWHotel 0.47 contains a CSV formula injection vulnerability in the add guest function that allows at | |
| 2264 | CVE-2024-8017 |
|
27.9th | 9.0 | A cross-site scripting (XSS) vulnerability in open-webui versions up to 0.3.8 allows attackers to in | |
| 2265 | CVE-2025-48017 |
|
27.9th | 9.0 | This vulnerability allows attackers to modify and upload arbitrary files by exploiting improper path | |
| 2266 | CVE-2025-47158 |
|
27.9th | 9.0 | This authentication bypass vulnerability in Azure DevOps allows attackers to gain unauthorized acces | |
| 2267 | CVE-2025-30404 |
|
27.9th | 9.8 | An integer overflow vulnerability in ExecuTorch's model loading functionality can cause overlapping | |
| 2268 | CVE-2025-49901 |
|
27.9th | 9.8 | This vulnerability allows attackers to bypass authentication mechanisms in the quantumcloud Simple L | |
| 2269 | CVE-2025-62064 |
|
27.9th | 9.8 | This CVE describes an authentication bypass vulnerability in the Search & Go WordPress theme that al | |
| 2270 | CVE-2025-67288 |
|
27.9th | 10.0 | An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to upload malicious P | |
| 2271 | CVE-2025-56157 |
|
28th | 9.8 | CVE-2025-56157 exposes Dify installations to unauthorized database access through hardcoded PostgreS | |
| 2272 | CVE-2025-54304 |
|
27.9th | 9.8 | This vulnerability allows remote attackers to gain root privileges and execute arbitrary code on The | |
| 2273 | CVE-2026-24811 |
|
27.9th | 9.8 | This CVE describes a vulnerability in the ROOT data analysis framework's built-in zlib modules, spec | |
| 2274 | CVE-2026-23534 |
|
27.9th | 9.8 | A heap buffer overflow vulnerability in FreeRDP's ClearCodec decode path allows malicious RDP server | |
| 2275 | CVE-2026-23533 |
|
27.9th | 9.8 | A heap buffer overflow vulnerability in FreeRDP's ClearCodec decode path allows malicious RDP server | |
| 2276 | CVE-2026-23530 |
|
27.9th | 9.8 | FreeRDP clients prior to version 3.21.0 contain a heap buffer overflow vulnerability in the planar b | |
| 2277 | CVE-2025-28904 |
|
27.8th | 9.3 | This SQL injection vulnerability in Shamalli Web Directory Free allows attackers to execute arbitrar | |
| 2278 | CVE-2025-4638 |
|
27.8th | 9.8 | A vulnerability in the zlib library's inftrees.c component, bundled within PointCloudLibrary (PCL), | |
| 2279 | CVE-2025-67164 |
|
27.8th | 9.9 | An authenticated arbitrary file upload vulnerability in Pagekit CMS v1.0.18 allows attackers to uplo | |
| 2280 | CVE-2025-65854 |
|
27.7th | 9.8 | Insecure permissions in MineAdmin v3.x scheduled tasks allow attackers to execute arbitrary commands | |
| 2281 | CVE-2025-15403 |
|
27.8th | 9.8 | This vulnerability in the RegistrationMagic WordPress plugin allows unauthenticated attackers to man | |
| 2282 | CVE-2025-48187 |
|
27.1th | 9.1 | CVE-2025-48187 allows attackers to brute-force 6-digit email verification codes in RAGFlow to regist | |
| 2283 | CVE-2025-30436 |
|
27.2th | 9.1 | This vulnerability allows attackers to use Siri voice commands on locked iOS/iPadOS devices to enabl | |
| 2284 | CVE-2025-6573 |
|
27.2th | 9.8 | This vulnerability allows kernel software running in an untrusted execution environment to leak sens | |
| 2285 | CVE-2025-64459 |
|
27.3th | 9.1 | This SQL injection vulnerability in Django allows attackers to execute arbitrary SQL commands by pas | |
| 2286 | CVE-2025-65602 |
|
27.1th | 9.8 | An unauthenticated remote code execution vulnerability in ChanCMS v3.3.4 allows attackers to execute | |
| 2287 | CVE-2024-46505 |
|
26.9th | 9.1 | Infoblox BloxOne v2.4 contains a business logic flaw in its thick client that could allow attackers | |
| 2288 | CVE-2026-26333 |
|
27.1th | 9.8 | Calero VeraSMART versions before 2022 R1 expose an unauthenticated .NET Remoting service on port 800 | |
| 2289 | CVE-2025-44192 |
|
26.9th | 9.8 | CVE-2025-44192 is a critical SQL injection vulnerability in Simple Barangay Management System v1.0 t | |
| 2290 | CVE-2025-25775 |
|
26.9th | 9.8 | This vulnerability allows attackers to execute arbitrary SQL commands via the kodetiket parameter in | |
| 2291 | CVE-2025-32440 |
|
26.9th | 10.0 | CVE-2025-32440 is an authentication bypass vulnerability in NetAlertX that allows unauthenticated at | |
| 2292 | CVE-2025-52724 |
|
26.9th | 9.8 | CVE-2025-52724 is a PHP object injection vulnerability in the BoldThemes Amwerk WordPress theme that | |
| 2293 | CVE-2025-28970 |
|
26.9th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on WordPress sites running the | |
| 2294 | CVE-2025-49330 |
|
26.9th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code via PHP object injection throug | |
| 2295 | CVE-2025-31919 |
|
26.9th | 9.8 | CVE-2025-31919 is a PHP object injection vulnerability in the Spare WordPress theme that allows atta | |
| 2296 | CVE-2025-30618 |
|
26.9th | 9.8 | This vulnerability allows attackers to execute arbitrary PHP code through deserialization of untrust | |
| 2297 | CVE-2025-47869 |
|
27.1th | 9.8 | A buffer overflow vulnerability exists in Apache NuttX RTOS's XMLRPC example application due to hard | |
| 2298 | CVE-2025-54997 |
|
27th | 9.1 | This vulnerability allows privileged OpenBao operators to bypass security restrictions and execute a | |
| 2299 | CVE-2025-36251 |
|
26.9th | 9.6 | This vulnerability in IBM AIX and VIOS nimsh service allows remote attackers to execute arbitrary co | |
| 2300 | CVE-2025-15027 |
|
27th | 9.8 | The JAY Login & Register WordPress plugin allows unauthenticated attackers to update arbitrary user |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free