Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2951 | CVE-2025-20223 |
|
28.7th | 4.7 | This vulnerability in Cisco Catalyst Center (formerly DNA Center) allows authenticated remote attack | |
| 2952 | CVE-2025-6873 |
|
28.7th | 4.7 | This vulnerability allows remote attackers to upload arbitrary files to Simple Company Website 1.0 v | |
| 2953 | CVE-2025-54640 |
|
28.6th | 5.5 | CVE-2025-54640 is a ParcelMismatch vulnerability in attribute deserialization that allows attackers | |
| 2954 | CVE-2025-54639 |
|
28.6th | 5.5 | CVE-2025-54639 is a deserialization vulnerability in Huawei devices that allows attackers to manipul | |
| 2955 | CVE-2025-54620 |
|
28.6th | 5.5 | This CVE describes a deserialization vulnerability in the ability module where untrusted data can be | |
| 2956 | CVE-2025-47209 |
|
28.7th | 6.5 | A NULL pointer dereference vulnerability in Qsync Central allows authenticated remote attackers to c | |
| 2957 | CVE-2025-30266 |
|
28.7th | 6.5 | A NULL pointer dereference vulnerability in Qsync Central allows authenticated remote attackers to c | |
| 2958 | CVE-2025-62728 |
|
28.8th | 5.4 | This SQL injection vulnerability in Apache Hive Metastore Server allows authorized users to execute | |
| 2959 | CVE-2025-48839 |
|
28.7th | 6.6 | An authenticated attacker can execute arbitrary code on FortiADC devices by sending specially crafte | |
| 2960 | CVE-2025-64176 |
|
28.8th | 5.3 | ThinkDashboard versions 0.6.7 and below contain an arbitrary file upload vulnerability in the backup | |
| 2961 | CVE-2025-8558 |
|
28.8th | 5.4 | CVE-2025-8558 is an authentication bypass vulnerability in Proofpoint Insider Threat Management Serv | |
| 2962 | CVE-2024-12524 |
|
28.5th | 6.4 | The Clinked Client Portal WordPress plugin has a stored XSS vulnerability in its 'clinked-login-butt | |
| 2963 | CVE-2023-38012 |
|
28.5th | 5.3 | This vulnerability allows remote attackers to perform directory traversal attacks on IBM Cloud Pak S | |
| 2964 | CVE-2025-24020 |
|
28.6th | 6.1 | This CVE describes an Open Redirect vulnerability in WeGIA web management software for charitable in | |
| 2965 | CVE-2024-13676 |
|
28.6th | 6.5 | This SQL injection vulnerability in the WordPress Categorized Gallery Plugin allows authenticated at | |
| 2966 | CVE-2025-1372 |
|
28.6th | 5.3 | A critical buffer overflow vulnerability in GNU elfutils' eu-readelf tool allows local attackers to | |
| 2967 | CVE-2024-52895 |
|
28.5th | 6.5 | This vulnerability allows privileged users on IBM i 7.4 and 7.5 systems to bypass database capabilit | |
| 2968 | CVE-2025-1312 |
|
28.5th | 6.4 | This vulnerability allows authenticated attackers with Contributor-level access or higher to inject | |
| 2969 | CVE-2025-1784 |
|
28.5th | 6.4 | This vulnerability allows authenticated attackers with Contributor-level access or higher to inject | |
| 2970 | CVE-2025-2302 |
|
28.5th | 6.4 | The Advanced Woo Search WordPress plugin has a stored XSS vulnerability that allows authenticated at | |
| 2971 | CVE-2019-6697 |
|
28.6th | 5.3 | This vulnerability allows an unauthenticated attacker on the same network as a FortiGate firewall to | |
| 2972 | CVE-2025-1670 |
|
28.6th | 6.5 | This SQL injection vulnerability in the WPSchoolPress WordPress plugin allows authenticated attacker | |
| 2973 | CVE-2024-49823 |
|
28.5th | 6.5 | This vulnerability in IBM Common Cryptographic Architecture allows authenticated users to send speci | |
| 2974 | CVE-2024-13781 |
|
28.6th | 6.5 | The Hero Maps Premium WordPress plugin contains a SQL injection vulnerability that allows authentica | |
| 2975 | CVE-2024-12607 |
|
28.6th | 6.5 | This SQL injection vulnerability in the School Management System for WordPress plugin allows authent | |
| 2976 | CVE-2024-13778 |
|
28.6th | 6.5 | This SQL injection vulnerability in the Hero Mega Menu WordPress plugin allows authenticated attacke | |
| 2977 | CVE-2024-12815 |
|
28.5th | 6.4 | The Point Maker WordPress plugin has a stored XSS vulnerability that allows authenticated attackers | |
| 2978 | CVE-2024-13750 |
|
28.6th | 6.5 | This SQL injection vulnerability in the Multilevel Referral Affiliate Plugin for WooCommerce allows | |
| 2979 | CVE-2025-27151 |
|
28.5th | 4.7 | This CVE describes a stack-based buffer overflow vulnerability in Redis's redis-check-aof tool, affe | |
| 2980 | CVE-2025-47513 |
|
28.6th | 4.9 | This path traversal vulnerability in Infocob CRM Forms WordPress plugin allows attackers to download | |
| 2981 | CVE-2025-46486 |
|
28.6th | 4.9 | This path traversal vulnerability in the Nomupay Payment Processing Gateway WordPress plugin allows | |
| 2982 | CVE-2025-5059 |
|
28.5th | 4.7 | Campcodes Online Shopping Portal 1.0 contains a critical vulnerability in the admin/edit-subcategory | |
| 2983 | CVE-2025-4926 |
|
28.5th | 4.7 | This vulnerability allows remote attackers to upload arbitrary files to the PHPGurukul Car Rental Pr | |
| 2984 | CVE-2025-50847 |
|
28.5th | 6.5 | A Cross-Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3 allows attackers to manipulate u | |
| 2985 | CVE-2025-54121 |
|
28.5th | 5.3 | A denial-of-service vulnerability in Starlette's file upload handling allows attackers to block the | |
| 2986 | CVE-2025-9405 |
|
28.5th | 5.3 | A reachable assertion vulnerability in Open5GS AMF component allows remote attackers to cause denial | |
| 2987 | CVE-2025-58473 |
|
28.6th | 5.9 | An unauthenticated attacker can cause denial-of-service on Click Plus C2-03CPU-2 devices by exhausti | |
| 2988 | CVE-2025-12310 |
|
28.5th | 5.3 | This vulnerability in VirtFusion allows attackers to bypass rate limiting on email change authentica | |
| 2989 | CVE-2025-54290 |
|
28.5th | 5.3 | This vulnerability allows unauthenticated network attackers to determine whether specific LXD projec | |
| 2990 | CVE-2025-13950 |
|
28.5th | 5.3 | This vulnerability allows unauthenticated attackers to modify OneSignal plugin settings in WordPress | |
| 2991 | CVE-2025-46645 |
|
28.6th | 6.5 | This CVE describes an OS command injection vulnerability in Dell PowerProtect Data Domain systems ru | |
| 2992 | CVE-2024-48662 |
|
28.5th | 6.1 | A Cross-Site Scripting (XSS) vulnerability in AdGuard Application versions 7.18.1 (4778) and earlier | |
| 2993 | CVE-2024-40706 |
|
28.4th | 5.3 | IBM InfoSphere Information Server 11.7 exposes sensitive version information to remote users, which | |
| 2994 | CVE-2025-24244 |
|
28.3th | 5.5 | This vulnerability allows attackers to leak process memory by tricking users into processing malicio | |
| 2995 | CVE-2025-30352 |
|
28.5th | 5.3 | This vulnerability in Directus allows authenticated users to enumerate database field contents they | |
| 2996 | CVE-2024-12775 |
|
28.5th | 6.5 | This SSRF vulnerability in Dify AI allows attackers to make the server send unauthorized requests to | |
| 2997 | CVE-2025-2323 |
|
28.4th | 4.3 | This vulnerability in the springboot-openai-chatgpt component allows remote attackers to manipulate | |
| 2998 | CVE-2025-20145 |
|
28.4th | 5.8 | This vulnerability allows unauthenticated remote attackers to bypass egress ACLs on Cisco IOS XR dev | |
| 2999 | CVE-2025-25952 |
|
28.5th | 6.5 | This vulnerability allows attackers to access sensitive student information by manipulating the stud | |
| 3000 | CVE-2025-3923 |
|
28.4th | 5.3 | The Prevent Direct Access WordPress plugin generates insufficiently random file names for protected |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free