Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2501 | CVE-2025-54725 |
|
23.3th | 9.8 | This authentication bypass vulnerability in the Golo WordPress theme allows attackers to gain unauth | |
| 2502 | CVE-2024-57155 |
|
23.3th | 9.8 | CVE-2024-57155 is an authentication bypass vulnerability in radar v1.0.8 that allows attackers to ac | |
| 2503 | CVE-2024-57154 |
|
23.3th | 9.8 | This vulnerability allows unauthenticated attackers to bypass authentication in dts-shop v0.0.1-SNAP | |
| 2504 | CVE-2025-8995 |
|
23.3th | 9.8 | This vulnerability allows attackers to bypass authentication in Drupal sites using the Authenticator | |
| 2505 | CVE-2025-53187 |
|
23.3th | 9.8 | A debug configuration issue in ASPECT FW allows unauthenticated attackers to bypass authentication a | |
| 2506 | CVE-2025-43359 |
|
23.4th | 9.8 | This CVE describes a UDP socket binding vulnerability in Apple operating systems where a UDP server | |
| 2507 | CVE-2025-1740 |
|
23.3th | 9.8 | CVE-2025-1740 is an authentication bypass vulnerability in Akinsoft MyRezzta software that allows at | |
| 2508 | CVE-2025-15111 |
|
23.4th | 9.8 | Ksenia Security Lares 4.0 Home Automation version 1.6 contains hardcoded default administrative cred | |
| 2509 | CVE-2026-24429 |
|
23.4th | 9.8 | This vulnerability allows attackers to use hardcoded default credentials to gain administrative acce | |
| 2510 | CVE-2026-23873 |
|
23.3th | 9.0 | CVE-2026-23873 is a CSV injection vulnerability in hustoj's contest rank export functionality that a | |
| 2511 | CVE-2023-26226 |
|
23th | 9.8 | CVE-2023-26226 is a use-after-free memory corruption vulnerability in Yandex Browser that allows att | |
| 2512 | CVE-2025-22252 |
|
23.1th | 9.8 | This vulnerability allows attackers who know an existing admin account name to bypass authentication | |
| 2513 | CVE-2025-46566 |
|
23.1th | 9.8 | This vulnerability allows authenticated users of DataEase to achieve remote code execution through t | |
| 2514 | CVE-2025-53074 |
|
23.1th | 9.1 | An out-of-bounds read vulnerability in Samsung's rLottie animation library (version 0.2) allows atta | |
| 2515 | CVE-2014-7210 |
|
23.2th | 9.8 | CVE-2014-7210 is a privilege escalation vulnerability in pdns-backend-mysql where Debian maintainer | |
| 2516 | CVE-2024-34711 |
|
23th | 9.3 | This vulnerability in GeoServer allows unauthorized attackers to perform XML External Entity (XXE) a | |
| 2517 | CVE-2025-50518 |
|
23.2th | 9.8 | A use-after-free vulnerability in libcoap's coap_delete_pdu_lkd function allows memory corruption wh | |
| 2518 | CVE-2025-69872 |
|
23.1th | 9.8 | This vulnerability in DiskCache (python-diskcache) allows arbitrary code execution when an attacker | |
| 2519 | CVE-2022-38692 |
|
23.1th | 9.8 | This BootROM vulnerability allows attackers to trigger a memory buffer overflow during RSA key valid | |
| 2520 | CVE-2025-26155 |
|
23.2th | 9.8 | This CVE describes an Untrusted Search Path vulnerability in NCP VPN clients that allows attackers t | |
| 2521 | CVE-2025-65021 |
|
23.2th | 9.1 | An Insecure Direct Object Reference (IDOR) vulnerability in Rallly allows any authenticated user to | |
| 2522 | CVE-2025-58130 |
|
23.2th | 9.1 | CVE-2025-58130 is an insufficiently protected credentials vulnerability in Apache Fineract that coul | |
| 2523 | CVE-2024-45538 |
|
23.2th | 9.6 | A Cross-Site Request Forgery (CSRF) vulnerability in Synology's WebAPI Framework allows remote attac | |
| 2524 | CVE-2026-0881 |
|
23.1th | 10.0 | This CVE describes a sandbox escape vulnerability in the Messaging System component of Firefox and T | |
| 2525 | CVE-2025-6384 |
|
22.8th | 9.1 | This vulnerability allows authenticated developers in CrafterCMS to bypass Groovy sandbox restrictio | |
| 2526 | CVE-2025-4606 |
|
22.8th | 9.8 | The Sala WordPress theme has an authentication bypass vulnerability that allows unauthenticated atta | |
| 2527 | CVE-2025-55282 |
|
23th | 9.1 | A privilege escalation vulnerability in aiven-db-migrate allows attackers to gain superuser privileg | |
| 2528 | CVE-2025-11721 |
|
22.8th | 9.8 | A memory safety vulnerability in Firefox and Thunderbird versions before 144 allows memory corruptio | |
| 2529 | CVE-2025-11719 |
|
22.8th | 9.8 | A use-after-free vulnerability in Thunderbird's native messaging API on Windows allows memory corrup | |
| 2530 | CVE-2025-27258 |
|
22.8th | 9.8 | Ericsson Network Manager (ENM) versions before 25.1 GA contain an improper access control vulnerabil | |
| 2531 | CVE-2025-3450 |
|
22.9th | 10.0 | An unauthenticated network attacker can exploit improper resource locking in B&R Automation Runtime' | |
| 2532 | CVE-2025-66409 |
|
22.9th | 9.1 | This vulnerability in ESP-IDF Bluetooth stack allows an attacker to trigger an out-of-bounds read by | |
| 2533 | CVE-2025-0982 |
|
22.7th | 10.0 | A sandbox escape vulnerability in Google Cloud Application Integration's JavaScript Task feature all | |
| 2534 | CVE-2025-46275 |
|
22.6th | 9.8 | This critical vulnerability allows unauthenticated attackers to create administrator accounts on aff | |
| 2535 | CVE-2025-0505 |
|
22.7th | 10.0 | This vulnerability allows attackers to exploit Zero Touch Provisioning on Arista CloudVision systems | |
| 2536 | CVE-2023-47295 |
|
22.6th | 9.8 | CVE-2023-47295 is a CSV injection vulnerability in NCR Terminal Handler v1.5.1 that allows attackers | |
| 2537 | CVE-2025-24288 |
|
22.6th | 9.8 | CVE-2025-24288 is a critical authentication vulnerability in Versa Director software where default c | |
| 2538 | CVE-2025-43222 |
|
22.6th | 9.8 | A use-after-free vulnerability (CWE-416) in Apple operating systems allows attackers to cause unexpe | |
| 2539 | CVE-2025-43189 |
|
22.6th | 9.8 | This vulnerability allows malicious applications to read kernel memory on macOS systems, potentially | |
| 2540 | CVE-2025-30125 |
|
22.7th | 9.8 | Marbella KR8s Dashcam FF 2.0.8 devices ship with a universal default password (12345678) that cannot | |
| 2541 | CVE-2025-42957 |
|
22.6th | 9.9 | This critical vulnerability in SAP S/4HANA allows authenticated users to inject arbitrary ABAP code | |
| 2542 | CVE-2025-30127 |
|
22.6th | 9.8 | This vulnerability allows attackers who gain access to Marbella KR8s Dashcam FF devices (via default | |
| 2543 | CVE-2025-57108 |
|
22.7th | 9.8 | CVE-2025-57108 is a critical heap use-after-free vulnerability in Kitware VTK's GLTF file parser tha | |
| 2544 | CVE-2025-55754 |
|
22.7th | 9.6 | Apache Tomcat fails to escape ANSI escape sequences in log messages, allowing attackers to inject ma | |
| 2545 | CVE-2025-63685 |
|
22.7th | 9.8 | Quark Cloud Drive v3.23.2 has a DLL hijacking vulnerability where attackers can place malicious DLLs | |
| 2546 | CVE-2025-63695 |
|
22.7th | 9.8 | DzzOffice v2.3.7 and earlier contains an arbitrary file upload vulnerability in the UEditor componen | |
| 2547 | CVE-2022-50803 |
|
22.6th | 9.8 | JM-DATA ONU JF511-TV devices running version 1.0.67 have hardcoded default administrative credential | |
| 2548 | CVE-2025-68860 |
|
22.6th | 9.8 | This CVE describes an authentication bypass vulnerability in the Mobile Builder WordPress plugin tha | |
| 2549 | CVE-2025-64236 |
|
22.6th | 9.8 | This CVE describes an authentication bypass vulnerability in the AmentoTech Tuturn WordPress plugin | |
| 2550 | CVE-2025-29268 |
|
22.7th | 9.8 | ALLNET ALL-RUT22GW routers contain hardcoded credentials in the libicos.so library, allowing attacke |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free