Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2751 | CVE-2025-2228 |
|
29.8th | 5.7 | This vulnerability in the Responsive Addons for Elementor WordPress plugin allows authenticated atta | |
| 2752 | CVE-2025-24920 |
|
30th | 4.3 | Mattermost fails to restrict bookmark creation and updates in archived channels, allowing authentica | |
| 2753 | CVE-2025-29914 |
|
30th | 5.4 | CVE-2025-29914 is a path normalization vulnerability in OWASP Coraza WAF where requests starting wit | |
| 2754 | CVE-2025-27622 |
|
29.9th | 4.3 | This vulnerability in Jenkins allows attackers with Agent/Extended Read permission to view encrypted | |
| 2755 | CVE-2025-46673 |
|
29.9th | 4.9 | NASA CryptoLib versions before 1.3.2 fail to verify the operational state of Security Associations ( | |
| 2756 | CVE-2025-32776 |
|
30th | 5.5 | OpenRazer versions before 3.10.2 contain an out-of-bounds read vulnerability in the custom kernel dr | |
| 2757 | CVE-2025-5029 |
|
29.8th | 5.4 | This critical path traversal vulnerability in Kingdee Cloud Galaxy Private Cloud BBC System allows a | |
| 2758 | CVE-2025-9745 |
|
29.9th | 4.7 | This CVE describes an OS command injection vulnerability in D-Link DI-500WF routers that allows remo | |
| 2759 | CVE-2025-42920 |
|
29.9th | 6.1 | This Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management allows unauthe | |
| 2760 | CVE-2025-37148 |
|
30th | 6.5 | An unauthenticated remote attacker can send specially crafted ethernet frames to vulnerable ArubaOS | |
| 2761 | CVE-2025-37137 |
|
29.8th | 6.5 | This vulnerability allows authenticated remote attackers to delete arbitrary files on Aruba AOS-8 Co | |
| 2762 | CVE-2025-37136 |
|
29.8th | 6.5 | This vulnerability allows authenticated remote attackers to delete arbitrary files on Aruba AOS-8 Co | |
| 2763 | CVE-2025-43912 |
|
29.9th | 5.3 | A heap-based buffer overflow vulnerability in Dell PowerProtect Data Domain with DD OS allows unauth | |
| 2764 | CVE-2024-11920 |
|
29.8th | 4.3 | This vulnerability in Google Chrome's Dawn component on macOS allows attackers to trigger out-of-bou | |
| 2765 | CVE-2025-64406 |
|
30th | 4.3 | An out-of-bounds write vulnerability in Apache OpenOffice allows attackers to craft malicious docume | |
| 2766 | CVE-2025-15135 |
|
29.9th | 6.3 | This vulnerability allows remote attackers to bypass authentication in joey-zhou xiaozhi-esp32-serve | |
| 2767 | CVE-2023-52210 |
|
29.8th | 5.3 | This vulnerability allows attackers to bypass intended access controls in the Product Delivery Date | |
| 2768 | CVE-2025-14182 |
|
29.8th | 6.3 | This CVE describes a path traversal vulnerability in Sobey Media Convergence System versions 2.0 and | |
| 2769 | CVE-2024-13470 |
|
29.8th | 6.4 | This vulnerability allows authenticated WordPress users with contributor-level access or higher to i | |
| 2770 | CVE-2024-10552 |
|
29.7th | 6.4 | This stored XSS vulnerability in the Flexmls IDX WordPress plugin allows authenticated attackers wit | |
| 2771 | CVE-2025-0699 |
|
29.7th | 6.3 | This CVE describes a critical SQL injection vulnerability in JoeyBling bootplus software affecting t | |
| 2772 | CVE-2024-45077 |
|
29.7th | 6.5 | This vulnerability allows authenticated low-privileged users to upload restricted file types to IBM | |
| 2773 | CVE-2024-11226 |
|
29.7th | 6.4 | The FireCask Like & Share Button plugin for WordPress has a stored XSS vulnerability in the 'width' | |
| 2774 | CVE-2024-55494 |
|
29.7th | 6.1 | This vulnerability allows attackers to inject malicious PHP code through the op_func parameter in Op | |
| 2775 | CVE-2025-27098 |
|
29.7th | 5.8 | GraphQL Mesh has a path traversal vulnerability in its static file handler that allows attackers to | |
| 2776 | CVE-2024-44336 |
|
29.7th | 5.3 | This vulnerability in AnkiDroid allows attackers to access and copy internal application files from | |
| 2777 | CVE-2025-1173 |
|
29.7th | 4.7 | This critical SQL injection vulnerability in 1000 Projects Bookstore Management System 1.0 allows re | |
| 2778 | CVE-2025-0939 |
|
29.7th | 6.3 | The MagicForm WordPress plugin has an authorization vulnerability that allows authenticated users wi | |
| 2779 | CVE-2024-13856 |
|
29.8th | 6.4 | This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to pe | |
| 2780 | CVE-2024-9447 |
|
29.7th | 6.5 | An information disclosure vulnerability in transformeroptimus/superagi allows authenticated users to | |
| 2781 | CVE-2025-2392 |
|
29.7th | 4.7 | This critical SQL injection vulnerability in code-projects Online Class and Exam Scheduling System 1 | |
| 2782 | CVE-2025-1504 |
|
29.8th | 4.3 | The Post Lockdown WordPress plugin has an information exposure vulnerability that allows authenticat | |
| 2783 | CVE-2024-13086 |
|
29.7th | 5.3 | This CVE describes an information exposure vulnerability in QNAP NAS products that could allow remot | |
| 2784 | CVE-2025-2044 |
|
29.7th | 4.7 | This is a critical SQL injection vulnerability in code-projects Blood Bank Management System 1.0 tha | |
| 2785 | CVE-2025-2039 |
|
29.7th | 4.7 | This critical SQL injection vulnerability in Blood Bank Management System 1.0 allows attackers to ex | |
| 2786 | CVE-2025-5130 |
|
29.7th | 4.7 | This critical vulnerability in Tmall Demo allows remote attackers to upload arbitrary files without | |
| 2787 | CVE-2025-3941 |
|
29.7th | 5.4 | This vulnerability allows attackers to manipulate input data through improper handling of Windows :: | |
| 2788 | CVE-2025-4528 |
|
29.7th | 4.3 | This vulnerability in DΓgitro NGC Explorer allows attackers to remotely trigger session expiration, | |
| 2789 | CVE-2025-6466 |
|
29.7th | 6.3 | This critical vulnerability in ageerle ruoyi-ai 2.0.0 allows remote attackers to upload arbitrary fi | |
| 2790 | CVE-2025-3112 |
|
29.8th | 6.5 | This vulnerability allows an authenticated attacker to cause a denial of service by sending manipula | |
| 2791 | CVE-2025-8655 |
|
29.7th | 6.8 | This vulnerability allows physically present attackers to execute arbitrary code with root privilege | |
| 2792 | CVE-2025-8652 |
|
29.7th | 6.8 | This vulnerability allows physically present attackers to execute arbitrary code with root privilege | |
| 2793 | CVE-2025-8651 |
|
29.7th | 6.8 | This vulnerability allows physically present attackers to execute arbitrary code with root privilege | |
| 2794 | CVE-2025-8650 |
|
29.7th | 6.8 | This vulnerability allows physically present attackers to execute arbitrary code with root privilege | |
| 2795 | CVE-2025-8649 |
|
29.7th | 6.8 | This vulnerability allows physically present attackers to execute arbitrary code with root privilege | |
| 2796 | CVE-2025-41713 |
|
29.8th | 6.5 | During device boot, a network switch operates in an undefined state where unauthenticated remote att | |
| 2797 | CVE-2025-55338 |
|
29.8th | 6.1 | CVE-2025-55338 is a vulnerability in Windows BitLocker's ROM code patching mechanism that allows att | |
| 2798 | CVE-2025-58337 |
|
29.8th | 5.4 | This vulnerability allows attackers with valid read-only accounts to bypass access controls in Doris | |
| 2799 | CVE-2025-65815 |
|
29.8th | 6.5 | CVE-2025-65815 is a directory traversal vulnerability in AB TECHNOLOGY Document Reader that allows a | |
| 2800 | CVE-2025-15530 |
|
29.8th | 5.3 | This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the SGW-C |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation β making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free