Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2351 | CVE-2025-11625 |
|
26.2th | 9.8 | An improper host authentication vulnerability in wolfSSH clients up to version 1.4.20 allows attacke | |
| 2352 | CVE-2025-53963 |
|
26.2th | 9.8 | This vulnerability allows attackers with network access to achieve root-level code execution on Ther | |
| 2353 | CVE-2026-24300 |
|
26.2th | 9.8 | This critical vulnerability in Azure Front Door allows attackers to bypass authentication and author | |
| 2354 | CVE-2026-21445 |
|
26.1th | 9.1 | CVE-2026-21445 is a critical authentication bypass vulnerability in Langflow that allows unauthentic | |
| 2355 | CVE-2025-31263 |
|
25.9th | 9.1 | This memory corruption vulnerability in macOS allows malicious applications to corrupt coprocessor m | |
| 2356 | CVE-2025-59832 |
|
26th | 9.9 | A stored cross-site scripting (XSS) vulnerability in Horilla HRMS allows low-privilege authenticated | |
| 2357 | CVE-2025-4993 |
|
26th | 9.1 | CVE-2025-4993 is an untrusted pointer dereference vulnerability in RTI Connext Professional Core Lib | |
| 2358 | CVE-2025-1255 |
|
26th | 9.1 | CVE-2025-1255 is an untrusted pointer dereference vulnerability in RTI Connext Professional Core Lib | |
| 2359 | CVE-2025-12977 |
|
25.9th | 9.1 | This vulnerability in Fluent Bit's input plugins allows attackers to inject malicious tag_key values | |
| 2360 | CVE-2025-69286 |
|
26th | 9.8 | CVE-2025-69286 is a critical authentication bypass vulnerability in RAGFlow where API keys and beta | |
| 2361 | CVE-2025-67510 |
|
25.9th | 9.4 | CVE-2025-67510 is a critical SQL injection vulnerability in the Neuron AI framework's MySQLWriteTool | |
| 2362 | CVE-2025-67079 |
|
25.9th | 9.8 | This CVE describes a critical file upload vulnerability in Omnispace Agora Project that allows attac | |
| 2363 | CVE-2025-70974 |
|
25.9th | 10.0 | This is a critical deserialization vulnerability in Fastjson that allows remote code execution via J | |
| 2364 | CVE-2025-48748 |
|
25.6th | 10.0 | Netwrix Directory Manager (formerly Imanami GroupID) versions through 10.0.7784.0 contain a hard-cod | |
| 2365 | CVE-2025-48706 |
|
25.8th | 9.1 | An out-of-bounds read vulnerability in COROS PACE 3 devices allows attackers to cause denial of serv | |
| 2366 | CVE-2025-3461 |
|
25.6th | 9.1 | Quantenna Wi-Fi chips have an unauthenticated telnet interface enabled by default, allowing attacker | |
| 2367 | CVE-2025-59334 |
|
25.7th | 9.6 | Linkr versions through 2.0.0 fail to verify the integrity of .linkr manifest files, allowing attacke | |
| 2368 | CVE-2025-61128 |
|
25.6th | 9.1 | A stack-based buffer overflow vulnerability in WAVLINK router firmware allows attackers to execute a | |
| 2369 | CVE-2025-9574 |
|
25.7th | 10.0 | CVE-2025-9574 is a critical missing authentication vulnerability in ABB ALS-mini-s4 IP and ALS-mini- | |
| 2370 | CVE-2025-8351 |
|
25.6th | 9.0 | A heap-based buffer overflow and out-of-bounds read vulnerability in Avast Antivirus for macOS allow | |
| 2371 | CVE-2026-23836 |
|
25.8th | 9.9 | CVE-2026-23836 is a critical remote code execution vulnerability in HotCRP conference review softwar | |
| 2372 | CVE-2026-25139 |
|
25.6th | 9.1 | CVE-2026-25139 is an out-of-bounds read vulnerability in RIOT OS's 6LoWPAN stack that allows unauthe | |
| 2373 | CVE-2025-46783 |
|
25.5th | 9.8 | A path traversal vulnerability (CWE-22) in RICOH Streamline NX V3 PC Client allows attackers to tamp | |
| 2374 | CVE-2025-50067 |
|
25.6th | 9.0 | This vulnerability in Oracle Application Express allows low-privileged attackers with network access | |
| 2375 | CVE-2025-64087 |
|
25.6th | 9.8 | A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDoc | |
| 2376 | CVE-2026-22189 |
|
25.5th | 9.8 | This CVE describes a critical stack-based buffer overflow vulnerability in Panda3D's egg-mkfont tool | |
| 2377 | CVE-2025-69770 |
|
25.4th | 10.0 | This zip slip vulnerability in MojoPortal CMS allows attackers to upload malicious zip files that ex | |
| 2378 | CVE-2025-27680 |
|
25.3th | 9.1 | CVE-2025-27680 is an insecure firmware image vulnerability in Vasion Print (formerly PrinterLogic) t | |
| 2379 | CVE-2025-26206 |
|
25.4th | 9.0 | A Cross-Site Request Forgery (CSRF) vulnerability in Sell Done Storefront v1.0 allows attackers to t | |
| 2380 | CVE-2025-41232 |
|
25.3th | 9.1 | Spring Security Aspects may fail to enforce authorization on private methods when using AspectJ mode | |
| 2381 | CVE-2025-46052 |
|
25.4th | 9.8 | An error-based SQL injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary S | |
| 2382 | CVE-2025-28056 |
|
25.4th | 9.8 | CVE-2025-28056 is a critical SQL injection vulnerability in rebuild's admin-cli/exec component that | |
| 2383 | CVE-2025-44831 |
|
25.4th | 9.8 | EngineerCMS versions 1.02 through 2.0.5 contain a SQL injection vulnerability in the /project/addpro | |
| 2384 | CVE-2025-46189 |
|
25.4th | 9.8 | This vulnerability allows attackers to execute arbitrary SQL commands through the order_id parameter | |
| 2385 | CVE-2025-44073 |
|
25.4th | 9.8 | SeaCMS v13.3 contains a SQL injection vulnerability in the admin_comment_news.php component that all | |
| 2386 | CVE-2025-44074 |
|
25.4th | 9.8 | SeaCMS v13.3 contains a SQL injection vulnerability in the admin_topic.php component that allows att | |
| 2387 | CVE-2025-45813 |
|
25.3th | 9.8 | ENENSYS IPGuard v2 2.10.0 contains hardcoded credentials that could allow attackers to gain unauthor | |
| 2388 | CVE-2025-53006 |
|
25.2th | 9.8 | This vulnerability in DataEase allows attackers to exploit SSL/TLS connection parameters to potentia | |
| 2389 | CVE-2025-45872 |
|
25.3th | 9.8 | This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in zrlog v3.1.5 that allows at | |
| 2390 | CVE-2025-29365 |
|
25.2th | 9.8 | CVE-2025-29365 is a buffer overflow vulnerability in spimsimulator's READ_STRING_SYSCALL function th | |
| 2391 | CVE-2025-10127 |
|
25.4th | 9.8 | Daikin Europe N.V. Security Gateway contains an authorization bypass vulnerability that allows attac | |
| 2392 | CVE-2025-12554 |
|
25.3th | 9.8 | This CVE describes a missing security headers vulnerability in BLU-IC2 and BLU-IC4 devices through v | |
| 2393 | CVE-2025-11708 |
|
25.4th | 9.8 | This is a use-after-free vulnerability in Firefox and Thunderbird's MediaTrackGraphImpl::GetInstance | |
| 2394 | CVE-2025-56683 |
|
25.3th | 9.6 | This cross-site scripting (XSS) vulnerability in Logseq v0.10.9 allows attackers to execute arbitrar | |
| 2395 | CVE-2026-23532 |
|
25.3th | 9.8 | A heap buffer overflow vulnerability in FreeRDP client allows malicious RDP servers to trigger clien | |
| 2396 | CVE-2026-23531 |
|
25.3th | 9.8 | This CVE describes a heap buffer overflow vulnerability in FreeRDP's ClearCodec implementation. A ma | |
| 2397 | CVE-2025-30171 |
|
25.1th | 9.0 | This vulnerability in ASPECT systems allows attackers with compromised administrator credentials to | |
| 2398 | CVE-2025-46412 |
|
25.1th | 9.8 | This authentication bypass vulnerability in Vertiv products allows attackers to access webserver fun | |
| 2399 | CVE-2024-11186 |
|
25.1th | 10.0 | This vulnerability allows authenticated users with limited permissions in Arista CloudVision Portal | |
| 2400 | CVE-2025-3927 |
|
25.1th | 9.8 | Digigram's PYKO-OUT audio-over-IP web-server has no default password requirement, allowing unauthent |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free