Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2551 | CVE-2025-22247 |
|
31.2th | 6.1 | CVE-2025-22247 is an insecure file handling vulnerability in VMware Tools that allows non-administra | |
| 2552 | CVE-2025-41665 |
|
31.4th | 6.5 | An attacker with low-privileged remote access can trigger a watchdog reboot on affected PLC devices | |
| 2553 | CVE-2025-51502 |
|
31.2th | 6.1 | This vulnerability allows attackers to inject malicious JavaScript via the layout parameter on the a | |
| 2554 | CVE-2025-11042 |
|
31.3th | 4.3 | This vulnerability in GitLab allows attackers to execute specific GraphQL queries that cause uncontr | |
| 2555 | CVE-2025-12250 |
|
31.4th | 4.7 | CVE-2025-12250 is a path traversal vulnerability in OpenWGA 7.11.12 Build 737 that allows attackers | |
| 2556 | CVE-2025-54266 |
|
31.3th | 4.8 | A stored cross-site scripting (XSS) vulnerability in Adobe Commerce allows high-privileged attackers | |
| 2557 | CVE-2025-8682 |
|
31.2th | 4.3 | The Newsup WordPress theme has a vulnerability that allows unauthenticated attackers to install the | |
| 2558 | CVE-2025-14521 |
|
31.2th | 4.3 | This CVE describes a path traversal vulnerability in baowzh hfly's admin interface that allows attac | |
| 2559 | CVE-2024-13257 |
|
31.2th | 5.3 | This CVE describes an incorrect authorization vulnerability in Drupal Commerce View Receipt that all | |
| 2560 | CVE-2025-25510 |
|
31.2th | 6.5 | A buffer overflow vulnerability in Tenda AC8 routers allows attackers to execute arbitrary code or c | |
| 2561 | CVE-2024-36508 |
|
31.2th | 6.0 | This path traversal vulnerability in Fortinet FortiManager and FortiAnalyzer allows authenticated ad | |
| 2562 | CVE-2025-0630 |
|
31.1th | 6.5 | This vulnerability allows any authenticated user on affected Western Telematic (WTI) products to per | |
| 2563 | CVE-2024-56946 |
|
31.2th | 5.3 | This vulnerability in Technitium DNS Server allows remote attackers to cause a denial of service by | |
| 2564 | CVE-2024-11134 |
|
31.1th | 4.3 | The Eventer WordPress plugin has an authorization vulnerability that allows authenticated users with | |
| 2565 | CVE-2025-31076 |
|
31.2th | 4.9 | This Server-Side Request Forgery (SSRF) vulnerability in WP Compress for MainWP allows attackers to | |
| 2566 | CVE-2025-2686 |
|
31.2th | 6.5 | This CVE describes an improper access control vulnerability in the mingyuefusu library management sy | |
| 2567 | CVE-2025-29768 |
|
31.2th | 4.4 | Vim versions before 9.1.1198 contain a vulnerability in zip.vim that could cause data loss when user | |
| 2568 | CVE-2025-0877 |
|
31.1th | 4.7 | This CVE describes a cross-site scripting (XSS) vulnerability in the AtaksAPP Reservation Management | |
| 2569 | CVE-2025-25634 |
|
31.2th | 6.5 | A stack-based buffer overflow vulnerability exists in Tenda AC15 routers version 15.03.05.19. Attack | |
| 2570 | CVE-2025-4087 |
|
31.1th | 4.8 | This vulnerability in Thunderbird and Firefox allows attackers to trigger undefined behavior through | |
| 2571 | CVE-2025-4036 |
|
31.1th | 6.3 | This CVE describes an authorization bypass vulnerability in Novel 3.5.0 that allows attackers to rem | |
| 2572 | CVE-2025-32691 |
|
31.2th | 4.9 | This Server-Side Request Forgery (SSRF) vulnerability in the PowerPress Podcasting WordPress plugin | |
| 2573 | CVE-2025-32487 |
|
31.2th | 4.9 | This Server-Side Request Forgery (SSRF) vulnerability in the Waymark WordPress plugin allows attacke | |
| 2574 | CVE-2024-57338 |
|
31.1th | 6.5 | This vulnerability allows attackers to upload malicious files to M2Soft CROWNIX Report & ERS systems | |
| 2575 | CVE-2024-51444 |
|
31.2th | 6.5 | This SQL injection vulnerability in Siemens Polarion allows authenticated remote attackers to bypass | |
| 2576 | CVE-2025-3264 |
|
31.1th | 5.3 | A Regular Expression Denial of Service (ReDoS) vulnerability in Hugging Face Transformers library al | |
| 2577 | CVE-2025-37158 |
|
31.1th | 6.7 | A command injection vulnerability in the AOS-CX Operating System allows authenticated remote attacke | |
| 2578 | CVE-2025-37157 |
|
31.1th | 6.7 | A command injection vulnerability in AOS-CX Operating System allows authenticated remote attackers t | |
| 2579 | CVE-2025-12177 |
|
31.1th | 5.3 | The Download Manager WordPress plugin contains a hardcoded cron key vulnerability that allows unauth | |
| 2580 | CVE-2025-12908 |
|
31.1th | 5.4 | This vulnerability allows attackers to spoof domains in Chrome for Android downloads by tricking use | |
| 2581 | CVE-2025-12350 |
|
31.1th | 5.3 | The DominoKit WordPress plugin has an authentication bypass vulnerability that allows unauthenticate | |
| 2582 | CVE-2025-10304 |
|
31.1th | 5.3 | The Everest Backup WordPress plugin has an authentication bypass vulnerability that allows unauthent | |
| 2583 | CVE-2025-67090 |
|
31.1th | 5.1 | The LuCI web interface on GL.Inet AX1800 routers lacks rate limiting or account lockout mechanisms o | |
| 2584 | CVE-2024-13380 |
|
30.9th | 6.4 | This stored XSS vulnerability in the Alex Reservations WordPress plugin allows authenticated attacke | |
| 2585 | CVE-2025-0369 |
|
30.9th | 6.4 | The JetEngine WordPress plugin has a stored XSS vulnerability in the 'list_tag' parameter that allow | |
| 2586 | CVE-2025-22787 |
|
31th | 4.3 | This CVE describes a missing authorization vulnerability in the Button Block WordPress plugin that a | |
| 2587 | CVE-2024-47566 |
|
31th | 5.1 | This path traversal vulnerability in Fortinet FortiRecorder allows privileged attackers to delete ar | |
| 2588 | CVE-2024-13156 |
|
31th | 6.4 | This vulnerability allows authenticated WordPress users with Contributor-level access or higher to i | |
| 2589 | CVE-2025-26911 |
|
31th | 4.3 | The Bowo System Dashboard WordPress plugin exposes sensitive system information to unauthorized user | |
| 2590 | CVE-2024-13462 |
|
30.9th | 6.4 | The WP Wiki Tooltip WordPress plugin has a stored XSS vulnerability that allows authenticated attack | |
| 2591 | CVE-2024-11778 |
|
30.9th | 6.4 | This vulnerability allows authenticated WordPress users with contributor-level access or higher to i | |
| 2592 | CVE-2025-24436 |
|
31th | 4.3 | Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to | |
| 2593 | CVE-2025-24421 |
|
31th | 4.3 | Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to | |
| 2594 | CVE-2025-2108 |
|
30.9th | 6.4 | This stored XSS vulnerability in the Xpro Elementor Addons WordPress plugin allows authenticated att | |
| 2595 | CVE-2024-5667 |
|
30.9th | 6.4 | This CVE describes a stored cross-site scripting (XSS) vulnerability in multiple WordPress plugins t | |
| 2596 | CVE-2025-1008 |
|
30.9th | 6.4 | This stored XSS vulnerability in the Recently Purchased Products For Woo WordPress plugin allows aut | |
| 2597 | CVE-2025-1491 |
|
30.9th | 6.4 | The WP Posts Carousel WordPress plugin has a stored XSS vulnerability in versions up to 1.3.7. Authe | |
| 2598 | CVE-2025-45019 |
|
31th | 5.4 | A SQL injection vulnerability in PHPGurukul Park Ticketing Management System v2.0 allows remote atta | |
| 2599 | CVE-2025-35965 |
|
31th | 6.5 | This vulnerability allows attackers to create task items with excessive actions via the UpdateRunTas | |
| 2600 | CVE-2025-47294 |
|
31th | 5.3 | An integer overflow vulnerability in Fortinet FortiOS allows remote unauthenticated attackers to cra |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free