Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2901 | CVE-2025-66405 |
|
17.9th | 9.8 | CVE-2025-66405 is a Server-Side Request Forgery (SSRF) vulnerability in Portkey.ai Gateway versions | |
| 2902 | CVE-2025-62582 |
|
17.8th | 9.8 | Delta Electronics DIAView has a critical authentication bypass vulnerability (CWE-306) that allows a | |
| 2903 | CVE-2025-62581 |
|
17.8th | 9.8 | Delta Electronics DIAView contains multiple unspecified vulnerabilities related to CWE-321 (Use of H | |
| 2904 | CVE-2026-22858 |
|
18.1th | 9.1 | This CVE describes a global buffer overflow vulnerability in FreeRDP's Base64 decoding implementatio | |
| 2905 | CVE-2025-69270 |
|
17.9th | 9.8 | This vulnerability in Broadcom DX NetOps Spectrum exposes sensitive information through query string | |
| 2906 | CVE-2025-59469 |
|
17.9th | 9.0 | This vulnerability allows users with Backup Operator or Tape Operator privileges to write files with | |
| 2907 | CVE-2025-67911 |
|
18.1th | 9.8 | This CVE describes a PHP object injection vulnerability in Tribulant Software's Newsletters WordPres | |
| 2908 | CVE-2025-47552 |
|
18.1th | 9.8 | This CVE describes a PHP object injection vulnerability in the DZS Video Gallery WordPress plugin th | |
| 2909 | CVE-2025-65212 |
|
17.9th | 9.8 | This vulnerability allows unauthenticated attackers to download the core configuration file from NJH | |
| 2910 | CVE-2025-15444 |
|
18th | 9.8 | The Crypt::Sodium::XS Perl module includes a vulnerable version of libsodium that mishandles ellipti | |
| 2911 | CVE-2025-40585 |
|
17.7th | 9.9 | Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro | |
| 2912 | CVE-2025-20286 |
|
17.6th | 9.9 | A critical vulnerability in Cisco ISE cloud deployments allows unauthenticated attackers to access s | |
| 2913 | CVE-2025-58048 |
|
17.7th | 9.9 | This vulnerability allows authenticated users in Paymenter webshop software to upload arbitrary file | |
| 2914 | CVE-2025-7851 |
|
17.8th | 9.8 | This vulnerability allows an attacker to gain root shell access on Omada gateway devices under restr | |
| 2915 | CVE-2025-46364 |
|
17.6th | 9.1 | This vulnerability allows a privileged user with known credentials to escape CLI restrictions and ga | |
| 2916 | CVE-2025-0987 |
|
17.6th | 9.9 | CVE-2025-0987 is an authorization bypass vulnerability in CB Project Ltd. Co. CVLand software that a | |
| 2917 | CVE-2023-53874 |
|
17.5th | 9.8 | GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input f | |
| 2918 | CVE-2025-14326 |
|
17.6th | 9.8 | A use-after-free vulnerability in the Gecko Media Plugins (GMP) component of Firefox and Thunderbird | |
| 2919 | CVE-2025-59703 |
|
17.8th | 9.1 | This vulnerability allows a physically proximate attacker to access internal components of Entrust n | |
| 2920 | CVE-2026-22853 |
|
17.7th | 9.8 | CVE-2026-22853 is a critical heap buffer overflow vulnerability in FreeRDP's RDPEAR component that a | |
| 2921 | CVE-2023-54334 |
|
17.7th | 9.8 | Explorer32++ 1.3.5.531 contains a critical buffer overflow vulnerability in Structured Exception Han | |
| 2922 | CVE-2025-46179 |
|
17.3th | 9.8 | This SQL injection vulnerability in CloudClassroom-PHP v1.0 allows attackers to execute arbitrary SQ | |
| 2923 | CVE-2025-6391 |
|
17.2th | 9.8 | Brocade ASCG versions before 3.3.0 log JSON Web Tokens (JWT) in plain text within log files. Attacke | |
| 2924 | CVE-2025-52950 |
|
17.5th | 9.6 | An unauthenticated attacker can access sensitive data and tamper with resources on Juniper Security | |
| 2925 | CVE-2025-53484 |
|
17.5th | 9.8 | This cross-site scripting (XSS) vulnerability in MediaWiki's SecurePoll extension allows attackers t | |
| 2926 | CVE-2025-6077 |
|
17.4th | 9.8 | This vulnerability allows attackers to gain administrative access to Partner Software Product and Pa | |
| 2927 | CVE-2025-58819 |
|
17.4th | 9.1 | This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress se | |
| 2928 | CVE-2025-58357 |
|
17.5th | 9.6 | CVE-2025-58357 is a content injection vulnerability in 5ire AI assistant that allows attackers to in | |
| 2929 | CVE-2025-62864 |
|
17.4th | 9.8 | This vulnerability allows attackers to execute arbitrary code in the UEFI-MM Secure Partition contex | |
| 2930 | CVE-2025-62863 |
|
17.4th | 9.8 | This vulnerability allows an attacker to perform an out-of-bounds write in the PCIe driver's S-EL0 a | |
| 2931 | CVE-2026-24857 |
|
17.4th | 9.8 | A heap buffer overflow vulnerability in bulk_extractor's embedded unrar code allows attackers to tri | |
| 2932 | CVE-2026-24830 |
|
17.4th | 9.8 | An integer overflow vulnerability in Ralim IronOS firmware allows attackers to cause memory corrupti | |
| 2933 | CVE-2025-68001 |
|
17.4th | 9.8 | This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress se | |
| 2934 | CVE-2025-50002 |
|
17.4th | 9.8 | This vulnerability allows attackers to upload arbitrary files, including web shells, to web servers | |
| 2935 | CVE-2026-25725 |
|
17.4th | 10.0 | This vulnerability allows malicious code running inside Claude Code's sandbox to create a missing se | |
| 2936 | CVE-2026-23519 |
|
17.4th | 9.8 | This vulnerability in RustCrypto CMOV allows timing side-channel attacks on cryptographic operations | |
| 2937 | CVE-2026-22859 |
|
17.4th | 9.1 | This vulnerability in FreeRDP allows remote attackers to cause an out-of-bounds read by sending spec | |
| 2938 | CVE-2026-22857 |
|
17.4th | 9.8 | This is a critical heap use-after-free vulnerability in FreeRDP that allows remote code execution. A | |
| 2939 | CVE-2026-22855 |
|
17.4th | 9.1 | A heap out-of-bounds read vulnerability in FreeRDP's smartcard SetAttrib path allows attackers to re | |
| 2940 | CVE-2026-22854 |
|
17.4th | 9.8 | This is a critical heap buffer overflow vulnerability in FreeRDP that allows a malicious RDP server | |
| 2941 | CVE-2026-22852 |
|
17.4th | 9.8 | A heap buffer overflow vulnerability in FreeRDP allows malicious RDP servers to trigger memory corru | |
| 2942 | CVE-2026-22043 |
|
17.3th | 9.8 | A privilege escalation vulnerability in RustFS IAM allows restricted service accounts or STS credent | |
| 2943 | CVE-2025-27807 |
|
17.4th | 9.1 | A critical vulnerability in multiple Samsung Exynos processors allows attackers to execute arbitrary | |
| 2944 | CVE-2026-24872 |
|
17.4th | 9.8 | CVE-2026-24872 is an improper pointer arithmetic vulnerability in ProjectSkyfire SkyFire_548 that co | |
| 2945 | CVE-2026-1633 |
|
17.3th | 10.0 | The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter's web management interface lacks authent | |
| 2946 | CVE-2025-3757 |
|
17th | 9.8 | OpenPubkey library versions before 0.10.0 contain a signature verification bypass vulnerability in J | |
| 2947 | CVE-2025-43698 |
|
17.1th | 9.1 | This vulnerability allows attackers to bypass field-level security controls in Salesforce OmniStudio | |
| 2948 | CVE-2025-53577 |
|
17.2th | 10.0 | This critical vulnerability in the hp Global DNS WordPress plugin allows attackers to execute arbitr | |
| 2949 | CVE-2025-48169 |
|
17.1th | 9.9 | CVE-2025-48169 is a critical code injection vulnerability in the WordPress Code Engine plugin that a | |
| 2950 | CVE-2025-49887 |
|
17.1th | 9.9 | This vulnerability allows remote attackers to execute arbitrary code on WordPress sites running the |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free