Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
251	CVE-2025-15174	0.03%	7.6th	3.5	This is a cross-site scripting (XSS) vulnerability in SohuTV CacheCloud's web interface that allows
252	CVE-2025-66549	0.03%	7.1th	2.4	Nextcloud Desktop client versions before 3.16.5 send file paths unencrypted to the server when manua
253	CVE-2026-2064	0.03%	7.1th	3.5	This vulnerability allows attackers to inject malicious scripts into the User Data Page of Portabili
254	CVE-2026-1197	0.03%	7.1th	3.1	This vulnerability in MineAdmin 1.x/2.x allows remote attackers to disclose sensitive information by
255	CVE-2025-66861	0.03%	6.9th	2.5	A vulnerability in BinUtils' cp-demangle.c function allows attackers to cause denial of service thro
256	CVE-2025-15201	0.03%	7th	3.5	This CVE describes a cross-site scripting (XSS) vulnerability in SohuTV CacheCloud up to version 3.2
257	CVE-2026-1744	0.03%	7.1th	2.4	This CVE describes a cross-site scripting (XSS) vulnerability in D-Link DSL-6641K routers running fi
258	CVE-2025-15221	0.03%	7th	3.5	This vulnerability allows attackers to inject malicious scripts into SohuTV CacheCloud web interface
259	CVE-2025-64757	0.03%	7.1th	3.5	A vulnerability in Astro framework's development server allows attackers to read arbitrary local ima
260	CVE-2026-1970	0.03%	6.5th	3.5	This CVE describes an open redirect vulnerability in Edimax BR-6258n routers up to version 1.18. Att
261	CVE-2025-43365	0.03%	6.8th	2.8	An unprivileged process can terminate root processes on iOS and iPadOS devices due to improper input
262	CVE-2025-15083	0.03%	6.6th	2.0	This vulnerability allows physical attackers to access the on-chip debug and test interface via the
263	CVE-2025-64524	0.03%	6.7th	3.3	A heap-buffer-overflow vulnerability in the rastertopclx filter of cups-filters allows memory corrup
264	CVE-2025-36228	0.03%	6.6th	3.8	IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.1 have inconsistent permissions between the user i
265	CVE-2026-1151	0.03%	6.8th	2.4	This vulnerability allows attackers to inject malicious scripts via the Nickname field in the User C
266	CVE-2026-2156	0.03%	6.6th	2.4	This vulnerability allows attackers to inject malicious scripts into the Online Student Management S
267	CVE-2025-67685	0.03%	6.5th	3.8	This SSRF vulnerability in Fortinet FortiSandbox allows authenticated attackers to proxy internal re
268	CVE-2025-64734	0.03%	6.5th	2.4	A resource management vulnerability (CWE-772) in Gallagher Command Centre T21 Reader allows attacker
269	CVE-2026-0798	0.03%	6.3th	3.5	Gitea versions before 1.25.4 may send release notification emails for private repositories to users
270	CVE-2025-68469	0.03%	6.2th	3.3	ImageMagick versions before 7.1.1-14 contain a heap-based buffer overflow vulnerability (CWE-122) wh
271	CVE-2026-2224	0.03%	6.2th	3.5	This vulnerability allows attackers to inject malicious scripts via the 'firstname' parameter in the
272	CVE-2025-11235	0.03%	6.2th	3.7	This vulnerability allows attackers to change passwords without proper verification in Progress MOVE
273	CVE-2026-20730	0.02%	5.8th	3.3	A vulnerability in BIG-IP Edge Client and browser VPN clients on Windows may allow attackers to acce
274	CVE-2025-14408	0.02%	6.1th	3.3	This vulnerability in Soda PDF Desktop allows attackers to read memory beyond allocated boundaries w
275	CVE-2025-14841	0.02%	5.9th	3.3	A null pointer dereference vulnerability exists in OFFIS DCMTK's DICOM Query/Retrieve Service Class
276	CVE-2025-71148	0.02%	5.7th	3.3	A memory leak vulnerability in the Linux kernel's handshake subsystem occurs when socket submission
277	CVE-2025-32037	0.02%	5.7th	2.0	CVE-2025-32037 is an improper access control vulnerability in Intel PresentMon versions before 2.3.1
278	CVE-2025-15418	0.02%	5.6th	3.3	A local denial-of-service vulnerability exists in Open5GS versions up to 2.7.6 where the ogs_gtp2_pa
279	CVE-2024-35281	0.02%	5.5th	2.5	This vulnerability allows authenticated attackers to inject code via Electron environment variables
280	CVE-2025-55250	0.02%	5.7th	1.8	HCL AION version 2 contains a technical error disclosure vulnerability that can expose sensitive sys
281	CVE-2025-14058	0.02%	5.5th	3.2	A missing authentication vulnerability in some Lenovo Tablets allows unauthorized users with physica
282	CVE-2025-66545	0.02%	5.3th	3.5	This vulnerability in Nextcloud Groupfolders allows users with read-only permissions to restore file
283	CVE-2025-25216	0.02%	5.1th	3.3	An improper input validation vulnerability in certain Intel Graphics Drivers and Intel LTS kernels a
284	CVE-2025-43350	0.02%	5.2th	2.4	This CVE describes a lock screen bypass vulnerability in Apple iOS/iPadOS where an attacker with phy
285	CVE-2025-31948	0.02%	5.1th	3.3	An improper input validation vulnerability in Intel oneAPI Math Kernel Library versions before 2025.
286	CVE-2026-2214	0.02%	5.2th	2.4	This CVE describes a cross-site scripting (XSS) vulnerability in Plugin 1.0 for code-projects, speci
287	CVE-2026-20642	0.02%	5.2th	2.4	An input validation vulnerability in iOS/iPadOS allows someone with physical access to a locked devi
288	CVE-2025-68462	0.02%	5.3th	3.2	Freedombox versions before 25.17.1 have improper permissions on the backups-data directory, allowing
289	CVE-2026-2222	0.02%	5.2th	2.4	This vulnerability allows attackers to inject malicious scripts into the Online Reviewer System 1.0
290	CVE-2025-15323	0.02%	5.4th	3.7	Tanium Appliance has an improper certificate validation vulnerability that could allow man-in-the-mi
291	CVE-2025-15572	0.02%	4.8th	3.3	A memory leak vulnerability exists in wasm3 WebAssembly interpreter versions up to 0.5.0 in the NewC
292	CVE-2025-43309	0.02%	5th	2.4	This CVE describes a lock screen notification vulnerability in iOS/iPadOS where an attacker with phy
293	CVE-2025-53869	0.02%	5th	3.7	This vulnerability affects Brother MFP devices that fail to properly validate server certificates, a
294	CVE-2022-50522	0.02%	4.9th	3.3	This CVE describes a memory leak vulnerability in the Linux kernel's mcb-parse module. When mcb_devi
295	CVE-2025-64711	0.02%	4.9th	3.9	This is a self-XSS vulnerability in PrivateBin where dragging a file with HTML in its filename cause
296	CVE-2025-58409	0.02%	4.7th	3.5	This GPU driver vulnerability allows non-privileged users to exploit improper GPU system calls, enab
297	CVE-2025-4661	0.02%	4.8th	2.3	A path traversal vulnerability in Brocade Fabric OS allows local admin users to access files outside
298	CVE-2025-66514	0.02%	4.8th	3.5	This vulnerability allows authenticated Nextcloud Mail users to inject HTML into email subject lines
299	CVE-2025-66554	0.02%	4.8th	3.5	This vulnerability allows authenticated malicious users to inject CSS files by modifying their organ
300	CVE-2025-66629	0.02%	4.6th	3.7	HedgeDoc versions before 1.10.4 have CSRF vulnerabilities in OAuth2 endpoints for social login provi

← Previous Page 6 of 9 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free