Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2651 | CVE-2025-30215 |
|
20.6th | 9.6 | This CVE-2025-30215 is an improper access control vulnerability in NATS-Server's JetStream managemen | |
| 2652 | CVE-2025-46724 |
|
20.7th | 9.8 | This vulnerability allows remote code execution through code injection in Langroid's TableChatAgent | |
| 2653 | CVE-2025-26469 |
|
20.6th | 9.3 | This vulnerability allows attackers to decrypt credentials stored in registry keys due to incorrect | |
| 2654 | CVE-2025-52836 |
|
20.6th | 9.8 | This vulnerability allows attackers to escalate privileges in The E-Commerce ERP WordPress plugin, p | |
| 2655 | CVE-2025-12515 |
|
20.7th | 9.8 | This vulnerability in BLU-IC2 and BLU-IC4 devices allows attackers to trigger systemic internal serv | |
| 2656 | CVE-2026-24789 |
|
20.7th | 9.8 | This vulnerability allows unauthenticated attackers to remotely change device passwords via an unpro | |
| 2657 | CVE-2025-12219 |
|
20.7th | 9.8 | This critical vulnerability in Azure Access OS affects BLU-IC2 and BLU-IC4 devices, allowing attacke | |
| 2658 | CVE-2017-20210 |
|
20.7th | 9.8 | This vulnerability in QNAP Photo Station allowed unauthorized cryptocurrency mining (XMR mining) thr | |
| 2659 | CVE-2025-67289 |
|
20.7th | 9.6 | This critical vulnerability in Frappe Framework's Attachments module allows attackers to upload mali | |
| 2660 | CVE-2025-67727 |
|
20.6th | 9.8 | This CVE describes a GitHub Actions workflow vulnerability in Parse Server that grants elevated perm | |
| 2661 | CVE-2026-1709 |
|
20.7th | 9.4 | Keylime versions 7.12.0 and later have a critical authentication bypass vulnerability where the regi | |
| 2662 | CVE-2026-25141 |
|
20.5th | 9.8 | This CVE describes a code injection vulnerability in Orval, a tool that generates TypeScript clients | |
| 2663 | CVE-2024-57823 |
|
20.3th | 9.3 | CVE-2024-57823 is an integer underflow vulnerability in the Raptor RDF Syntax Library's turtle parse | |
| 2664 | CVE-2025-40617 |
|
20.4th | 9.8 | A critical SQL injection vulnerability in Bookgy allows attackers to manipulate database operations | |
| 2665 | CVE-2025-25403 |
|
20.4th | 9.8 | CVE-2025-25403 is a critical SQL injection vulnerability in Slims 9 Bulian library management system | |
| 2666 | CVE-2025-51381 |
|
20.5th | 9.8 | An authentication bypass vulnerability in KCM3100 firmware allows attackers on the same local networ | |
| 2667 | CVE-2025-49444 |
|
20.3th | 10.0 | This vulnerability allows attackers to upload arbitrary files including web shells to WordPress site | |
| 2668 | CVE-2022-4976 |
|
20.3th | 9.8 | Archive::Unzip::Burst versions 0.01 through 0.09 for Perl contain a bundled InfoZip library with mul | |
| 2669 | CVE-2025-23097 |
|
20.4th | 9.1 | CVE-2025-23097 is a critical memory corruption vulnerability in Samsung's Exynos 1380 mobile process | |
| 2670 | CVE-2025-23099 |
|
20.4th | 9.1 | A memory corruption vulnerability in Samsung Exynos 1480 and 2400 mobile processors allows attackers | |
| 2671 | CVE-2025-43933 |
|
20.3th | 9.8 | This vulnerability in fblog allows attackers to take over user accounts by exploiting the password r | |
| 2672 | CVE-2025-43930 |
|
20.3th | 9.8 | Hashview 0.8.1 contains a critical authentication bypass vulnerability in its password reset functio | |
| 2673 | CVE-2025-49414 |
|
20.3th | 10.0 | This vulnerability allows attackers to upload malicious files to WordPress sites running FW Gallery | |
| 2674 | CVE-2025-36096 |
|
20.5th | 9.0 | IBM AIX and VIOS systems store NIM private keys insecurely, allowing attackers with network access t | |
| 2675 | CVE-2025-14330 |
|
20.5th | 9.8 | A JIT (Just-In-Time) compilation vulnerability in the JavaScript engine allows memory corruption whe | |
| 2676 | CVE-2025-69101 |
|
20.4th | 9.8 | This vulnerability allows attackers to bypass authentication in the Workreap Core WordPress plugin, | |
| 2677 | CVE-2025-70841 |
|
20.3th | 10.0 | CVE-2025-70841 allows unauthenticated attackers to access the .env configuration file in Dokans Mult | |
| 2678 | CVE-2024-48853 |
|
20th | 9.0 | This CVE describes a privilege escalation vulnerability in ABB's ASPECT software that allows authent | |
| 2679 | CVE-2025-47452 |
|
20.1th | 9.9 | This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress se | |
| 2680 | CVE-2025-48140 |
|
20.1th | 9.9 | This CVE describes a critical code injection vulnerability in the MetalpriceAPI WordPress plugin tha | |
| 2681 | CVE-2025-31279 |
|
20.1th | 9.8 | This CVE describes a permissions issue in Apple operating systems that allows applications to finger | |
| 2682 | CVE-2025-23968 |
|
20.1th | 9.1 | This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress se | |
| 2683 | CVE-2025-55746 |
|
20.1th | 9.3 | This vulnerability allows unauthenticated attackers to modify existing files with arbitrary content | |
| 2684 | CVE-2025-12552 |
|
20.2th | 9.8 | CVE-2025-12552 is a critical authentication vulnerability in BLU-IC2 and BLU-IC4 devices where insuf | |
| 2685 | CVE-2025-12477 |
|
20.2th | 9.8 | This vulnerability allows attackers to obtain server version information from BLU-IC2 and BLU-IC4 de | |
| 2686 | CVE-2025-12476 |
|
20.2th | 9.8 | CVE-2025-12476 is a critical authentication bypass vulnerability affecting BLU-IC2 and BLU-IC4 devic | |
| 2687 | CVE-2025-12424 |
|
20.2th | 9.8 | This vulnerability allows local attackers to escalate privileges by exploiting a SUID-bit binary in | |
| 2688 | CVE-2025-12364 |
|
20.2th | 9.8 | CVE-2025-12364 is a weak password policy vulnerability affecting BLU-IC2 and BLU-IC4 devices. This a | |
| 2689 | CVE-2025-62959 |
|
20.2th | 9.1 | This vulnerability allows remote attackers to execute arbitrary code on WordPress sites running the | |
| 2690 | CVE-2025-12176 |
|
20.2th | 9.8 | CVE-2025-12176 involves undocumented administrative accounts being automatically created to facilita | |
| 2691 | CVE-2025-66277 |
|
20.2th | 9.8 | This CVE describes a link following vulnerability in QNAP operating systems that allows remote attac | |
| 2692 | CVE-2026-22906 |
|
20.1th | 9.8 | This vulnerability allows unauthenticated remote attackers to decrypt stored user credentials by acc | |
| 2693 | CVE-2025-15359 |
|
20th | 9.1 | This vulnerability in Delta Electronics DVP-12SE11T PLC modules allows attackers to write data beyon | |
| 2694 | CVE-2025-14860 |
|
20th | 9.8 | A use-after-free vulnerability in Firefox's Disability Access APIs allows attackers to execute arbit | |
| 2695 | CVE-2025-66565 |
|
20th | 9.8 | A critical vulnerability in Fiber Utils library versions 2.0.0-rc.3 and below causes predictable UUI | |
| 2696 | CVE-2025-58386 |
|
20.2th | 9.8 | This vulnerability allows a Power User in Terminalfour to bypass authorization checks and escalate p | |
| 2697 | CVE-2025-46248 |
|
19.8th | 9.3 | This SQL injection vulnerability in the Frontend Dashboard WordPress plugin allows attackers to exec | |
| 2698 | CVE-2025-32281 |
|
19.7th | 9.8 | CVE-2025-32281 is a missing authorization vulnerability in the WPKit For Elementor WordPress plugin | |
| 2699 | CVE-2025-43237 |
|
20th | 9.8 | This critical vulnerability in macOS allows an application to write data beyond allocated memory bou | |
| 2700 | CVE-2025-54454 |
|
19.8th | 9.1 | This vulnerability allows attackers to bypass authentication in Samsung MagicINFO 9 Server by exploi |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free