Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2601 | CVE-2025-7821 |
|
31th | 5.3 | The WC Plus WordPress plugin has an authentication bypass vulnerability that allows unauthenticated | |
| 2602 | CVE-2025-11576 |
|
30.9th | 4.3 | This CSV injection vulnerability in the AI Chatbot Free Models WordPress plugin allows unauthenticat | |
| 2603 | CVE-2025-61183 |
|
31th | 6.1 | This cross-site scripting (XSS) vulnerability in VaahCMS v2.3.1 allows remote attackers to inject ma | |
| 2604 | CVE-2025-14520 |
|
31th | 5.4 | This CVE describes a path traversal vulnerability in baowzh hfly's admin interface that allows remot | |
| 2605 | CVE-2025-12641 |
|
31th | 6.5 | This vulnerability allows unauthenticated attackers to demote WordPress administrators to low-privil | |
| 2606 | CVE-2025-0060 |
|
30.9th | 6.5 | This vulnerability allows authenticated users with restricted access in SAP BusinessObjects Business | |
| 2607 | CVE-2025-25469 |
|
30.8th | 6.5 | A memory leak vulnerability exists in FFmpeg's IAMF (Immersive Audio Model and Format) component tha | |
| 2608 | CVE-2025-0188 |
|
30.9th | 6.5 | A Server-Side Request Forgery (SSRF) vulnerability in gaizhenbiao/chuanhuchatgpt allows attackers to | |
| 2609 | CVE-2024-9900 |
|
30.8th | 6.1 | This Cross-Site Scripting (XSS) vulnerability in mudler/localai v2.21.1 allows attackers to inject m | |
| 2610 | CVE-2024-7771 |
|
30.8th | 6.5 | A denial-of-service vulnerability in Dockerized anything-llm allows attackers to crash the entire si | |
| 2611 | CVE-2024-10955 |
|
30.8th | 6.5 | This CVE describes a Regular Expression Denial of Service (ReDoS) vulnerability in gaizhenbiao/chuan | |
| 2612 | CVE-2025-26485 |
|
30.8th | 5.8 | This vulnerability in Beta80 Life 1st allows attackers to distinguish between invalid passwords and | |
| 2613 | CVE-2025-3804 |
|
30.9th | 5.3 | This critical vulnerability in thautwarm's vscode-diana extension allows injection attacks through t | |
| 2614 | CVE-2025-5528 |
|
30.9th | 6.1 | This vulnerability allows unauthenticated attackers to inject malicious scripts via the heateor_mast | |
| 2615 | CVE-2025-51052 |
|
30.8th | 6.5 | A path traversal vulnerability in Vedo Suite 2024.17 allows authenticated attackers to read arbitrar | |
| 2616 | CVE-2025-8400 |
|
30.8th | 6.1 | The Image Gallery plugin for WordPress has a reflected cross-site scripting vulnerability that allow | |
| 2617 | CVE-2025-35432 |
|
30.9th | 5.3 | CVE-2025-35432 is an uncontrolled resource consumption vulnerability in CISA Thorium where unauthent | |
| 2618 | CVE-2025-59462 |
|
30.8th | 6.5 | This vulnerability allows an attacker to crash the UpdateService by tampering with the C++ CLI clien | |
| 2619 | CVE-2025-59258 |
|
30.9th | 6.2 | This vulnerability in Active Directory Federation Services (AD FS) allows unauthorized local attacke | |
| 2620 | CVE-2025-58717 |
|
30.8th | 6.5 | An out-of-bounds read vulnerability in Windows Routing and Remote Access Service (RRAS) allows unaut | |
| 2621 | CVE-2025-55700 |
|
30.8th | 6.5 | An out-of-bounds read vulnerability in Windows Routing and Remote Access Service (RRAS) allows unaut | |
| 2622 | CVE-2025-11550 |
|
30.8th | 6.5 | A null pointer dereference vulnerability in Tenda W12 routers allows remote attackers to cause denia | |
| 2623 | CVE-2025-13507 |
|
30.8th | 6.5 | This vulnerability in MongoDB Server allows oversized BSON documents to bypass initial size validati | |
| 2624 | CVE-2025-69204 |
|
30.8th | 5.3 | ImageMagick versions before 7.1.2-12 contain an integer overflow vulnerability in the WriteSVGImage | |
| 2625 | CVE-2025-64670 |
|
30.9th | 6.5 | This vulnerability in Microsoft Graphics Component allows an authenticated attacker to access sensit | |
| 2626 | CVE-2025-14220 |
|
30.8th | 4.3 | This vulnerability in ORICO CD3510 version 1.9.12 allows remote attackers to perform path traversal | |
| 2627 | CVE-2026-20847 |
|
30.9th | 6.5 | This vulnerability in Windows Shell allows an authorized attacker to access sensitive information an | |
| 2628 | CVE-2025-0788 |
|
30.7th | 6.3 | This critical SQL injection vulnerability in ESAFENET CDG V5 allows remote attackers to execute arbi | |
| 2629 | CVE-2025-0786 |
|
30.7th | 6.3 | This critical SQL injection vulnerability in ESAFENET CDG V5 allows remote attackers to execute arbi | |
| 2630 | CVE-2024-56990 |
|
30.7th | 4.5 | PHPGurukul Hospital Management System 4.0 contains stored cross-site scripting vulnerabilities in pa | |
| 2631 | CVE-2024-11146 |
|
30.6th | 6.3 | TrueFiling, a cloud-hosted electronic filing system for legal documentation, had an authorization by | |
| 2632 | CVE-2024-52363 |
|
30.6th | 6.5 | IBM InfoSphere Information Server 11.7 contains a directory traversal vulnerability that allows remo | |
| 2633 | CVE-2024-13272 |
|
30.7th | 6.3 | This vulnerability in Drupal Paragraphs table module allows attackers to spoof content by manipulati | |
| 2634 | CVE-2025-0172 |
|
30.8th | 6.3 | CVE-2025-0172 is a critical SQL injection vulnerability in code-projects Chat System 1.0 that allows | |
| 2635 | CVE-2025-1776 |
|
30.7th | 6.1 | A Cross-Site Scripting (XSS) vulnerability in Soteshop versions before 8.3.4 allows remote attackers | |
| 2636 | CVE-2023-51325 |
|
30.6th | 5.4 | PHPJabbers Shared Asset Booking System v1.0 contains stored cross-site scripting vulnerabilities in | |
| 2637 | CVE-2025-22702 |
|
30.7th | 6.3 | This CVE describes a missing authorization vulnerability in the EPC Photography WordPress theme that | |
| 2638 | CVE-2024-43186 |
|
30.8th | 5.3 | IBM InfoSphere Information Server 11.7 contains an information disclosure vulnerability where authen | |
| 2639 | CVE-2025-2664 |
|
30.7th | 4.7 | A critical SQL injection vulnerability exists in CodeZips Hospital Management System 1.0 via the /su | |
| 2640 | CVE-2025-23440 |
|
30.7th | 6.3 | CVE-2025-23440 is a missing authorization vulnerability in the radSLIDE WordPress plugin that allows | |
| 2641 | CVE-2025-1522 |
|
30.6th | 6.5 | This CVE-2025-1522 vulnerability in PostHog allows authenticated attackers to perform Server-Side Re | |
| 2642 | CVE-2025-4720 |
|
30.7th | 5.4 | A path traversal vulnerability in SourceCodester Student Result Management System 1.0 allows attacke | |
| 2643 | CVE-2025-54575 |
|
30.6th | 5.3 | A denial-of-service vulnerability in ImageSharp GIF decoder allows specially crafted GIF files with | |
| 2644 | CVE-2025-5197 |
|
30.7th | 5.3 | A Regular Expression Denial of Service (ReDoS) vulnerability in Hugging Face Transformers allows att | |
| 2645 | CVE-2025-10137 |
|
30.7th | 5.4 | The Snow Monkey WordPress theme contains a Server-Side Request Forgery (SSRF) vulnerability that all | |
| 2646 | CVE-2025-59260 |
|
30.7th | 5.5 | This vulnerability in Microsoft Failover Cluster Virtual Driver allows an authenticated attacker wit | |
| 2647 | CVE-2025-59186 |
|
30.7th | 5.5 | This Windows Kernel vulnerability allows an authenticated attacker with local access to a system to | |
| 2648 | CVE-2025-59184 |
|
30.7th | 5.5 | This vulnerability allows an authorized attacker with local access to a Windows High Availability Se | |
| 2649 | CVE-2025-55683 |
|
30.7th | 5.5 | This Windows Kernel vulnerability allows a local authenticated attacker to access sensitive informat | |
| 2650 | CVE-2025-55676 |
|
30.7th | 5.5 | This vulnerability in the Windows USB Video Driver allows an authorized attacker to read sensitive i |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free