Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2901 | CVE-2025-34512 |
|
29.2th | 6.1 | Ilevia EVE X1 Server firmware versions up to 4.7.18.0.eden contain a reflected cross-site scripting | |
| 2902 | CVE-2025-56748 |
|
29.1th | 6.4 | This vulnerability in Creativeitem Academy LMS allows attackers to brute-force password reset tokens | |
| 2903 | CVE-2025-63397 |
|
29.1th | 6.5 | This vulnerability in OneFlow v0.9.0 allows attackers to trigger a segmentation fault through improp | |
| 2904 | CVE-2025-54373 |
|
29.2th | 6.5 | OpenEMR versions before 7.0.4 have an authorization bypass vulnerability where users without high-se | |
| 2905 | CVE-2021-47849 |
|
29th | 6.2 | Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive s | |
| 2906 | CVE-2026-1203 |
|
29th | 5.6 | This vulnerability allows attackers to bypass authentication in CRMEB systems by manipulating the ui | |
| 2907 | CVE-2025-15531 |
|
29th | 5.3 | This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the sgwc_b | |
| 2908 | CVE-2026-24932 |
|
29.1th | 5.9 | This vulnerability allows attackers to perform Man-in-the-Middle attacks on DDNS update communicatio | |
| 2909 | CVE-2024-11452 |
|
28.9th | 6.4 | The Chamber Dashboard Business Directory WordPress plugin has a stored XSS vulnerability that allows | |
| 2910 | CVE-2024-54847 |
|
28.9th | 5.9 | This vulnerability in CP Plus CP-VNR-3104 network video recorders allows attackers to access Diffie- | |
| 2911 | CVE-2024-45426 |
|
28.9th | 4.9 | This vulnerability in Zoom Workplace Apps allows privileged users to access information they shouldn | |
| 2912 | CVE-2025-1616 |
|
28.9th | 4.7 | This critical vulnerability in FiberHome AN5506-01A ONU GPON RP2511 allows remote attackers to execu | |
| 2913 | CVE-2024-49792 |
|
28.9th | 5.4 | IBM ApplinX 11.1 contains a cross-site scripting (XSS) vulnerability that allows authenticated users | |
| 2914 | CVE-2024-12074 |
|
28.9th | 6.5 | This CVE describes a Denial of Service vulnerability in automatic1111/stable-diffusion-webui version | |
| 2915 | CVE-2025-25042 |
|
28.8th | 4.3 | An authenticated low-privilege attacker can exploit the AOS-CX REST interface vulnerability to view | |
| 2916 | CVE-2025-1767 |
|
28.8th | 6.5 | This CVE affects Kubernetes clusters using the deprecated in-tree gitRepo volume feature to clone gi | |
| 2917 | CVE-2024-51966 |
|
28.9th | 4.9 | A path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below allows authenticated ad | |
| 2918 | CVE-2024-51958 |
|
28.9th | 4.9 | A path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below allows remote authentic | |
| 2919 | CVE-2025-3645 |
|
28.9th | 4.3 | This vulnerability in Moodle allows users to bypass authorization checks in a messaging web service, | |
| 2920 | CVE-2025-3627 |
|
29th | 4.3 | A Moodle vulnerability allows some users to access sensitive student information before identity ver | |
| 2921 | CVE-2025-45862 |
|
28.9th | 6.5 | This CVE describes a buffer overflow vulnerability in TOTOLINK A3002R routers via the interfacenamed | |
| 2922 | CVE-2025-51569 |
|
28.9th | 6.1 | An unauthenticated cross-site scripting (XSS) vulnerability in the LB-Link BL-CPE300M router's web i | |
| 2923 | CVE-2025-6588 |
|
28.9th | 6.1 | The FunnelCockpit WordPress plugin contains a reflected cross-site scripting vulnerability that allo | |
| 2924 | CVE-2025-8402 |
|
28.8th | 4.9 | This vulnerability allows system administrators to crash Mattermost servers by importing malformed d | |
| 2925 | CVE-2024-39954 |
|
28.9th | 6.3 | This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in the eventmesh-runtime modul | |
| 2926 | CVE-2025-9100 |
|
29th | 5.3 | This vulnerability allows attackers to bypass authentication in My-Blog 1.0.0 by capturing and repla | |
| 2927 | CVE-2025-50690 |
|
28.9th | 6.1 | A reflected Cross-Site Scripting (XSS) vulnerability in SpatialReference.org allows attackers to inj | |
| 2928 | CVE-2025-42948 |
|
28.9th | 6.1 | This is a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform that allows unauth | |
| 2929 | CVE-2025-42942 |
|
28.9th | 6.1 | SAP NetWeaver Application Server for ABAP contains a cross-site scripting (XSS) vulnerability that a | |
| 2930 | CVE-2025-6832 |
|
28.9th | 6.1 | This vulnerability allows unauthenticated attackers to execute reflected cross-site scripting (XSS) | |
| 2931 | CVE-2025-10769 |
|
28.9th | 6.3 | This vulnerability in h2oai h2o-3 allows remote attackers to execute arbitrary code through deserial | |
| 2932 | CVE-2025-10713 |
|
28.9th | 6.5 | An XML External Entity (XXE) vulnerability in multiple WSO2 products allows attackers to read sensit | |
| 2933 | CVE-2025-0405 |
|
28.8th | 6.3 | CVE-2025-0405 is a critical SQL injection vulnerability in liujianview gymxmjpa 1.0 that allows remo | |
| 2934 | CVE-2025-22376 |
|
28.6th | 5.3 | This vulnerability in Net::OAuth::Client for Perl uses a weak random number generator (rand()) for n | |
| 2935 | CVE-2024-56240 |
|
28.7th | 6.5 | This stored cross-site scripting (XSS) vulnerability in the Pronamic Google Maps WordPress plugin al | |
| 2936 | CVE-2023-47661 |
|
28.7th | 5.4 | This CVE describes a Missing Authorization vulnerability in Dragfy Addons for Elementor WordPress pl | |
| 2937 | CVE-2023-47225 |
|
28.7th | 5.4 | This CVE describes a Missing Authorization vulnerability in the KaizenCoders Short URL WordPress plu | |
| 2938 | CVE-2023-47187 |
|
28.7th | 5.4 | This CVE describes a Missing Authorization vulnerability in the WordPress Animated Rotating Words pl | |
| 2939 | CVE-2023-46633 |
|
28.7th | 5.4 | This CVE describes a missing authorization vulnerability in the TCBarrett Glossary WordPress plugin | |
| 2940 | CVE-2023-45636 |
|
28.7th | 5.4 | This CVE describes a missing authorization vulnerability in the WebToffee WordPress Backup & Migrati | |
| 2941 | CVE-2025-25478 |
|
28.7th | 6.5 | This vulnerability in Syspass 3.2.x allows attackers to access the web application's source code by | |
| 2942 | CVE-2025-23085 |
|
28.8th | 5.3 | A memory leak vulnerability in Node.js HTTP/2 server occurs when remote peers abruptly close connect | |
| 2943 | CVE-2025-23059 |
|
28.6th | 6.8 | This vulnerability in HPE Aruba ClearPass Policy Manager allows authenticated high-privilege attacke | |
| 2944 | CVE-2025-30447 |
|
28.7th | 5.5 | This CVE describes an information disclosure vulnerability in Apple operating systems where improper | |
| 2945 | CVE-2025-2342 |
|
28.7th | 5.3 | The IROAD X5 Mobile App up to version 5.2.5 on Android contains hard-coded credentials in its API en | |
| 2946 | CVE-2025-2192 |
|
28.7th | 4.3 | This Server-Side Request Forgery (SSRF) vulnerability in Stoque Zeev.it allows attackers to manipula | |
| 2947 | CVE-2025-1906 |
|
28.8th | 4.7 | This critical SQL injection vulnerability in PHPGurukul Restaurant Table Booking System 1.0 allows a | |
| 2948 | CVE-2025-24271 |
|
28.7th | 5.4 | This vulnerability allows an unauthenticated attacker on the same local network to send AirPlay comm | |
| 2949 | CVE-2025-22055 |
|
28.8th | 5.5 | A heap out-of-bounds read vulnerability exists in the Linux kernel's GENEVE (Generic Network Virtual | |
| 2950 | CVE-2025-45847 |
|
28.8th | 6.5 | This vulnerability allows authenticated attackers to execute arbitrary code on ALFA AIP-W512 routers |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free