Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 3001 | CVE-2025-47775 |
|
28.5th | 6.2 | CVE-2025-47775 is a vulnerability in Bullfrog GitHub Action versions before 0.8.4 where using TCP br | |
| 3002 | CVE-2024-56805 |
|
28.4th | 5.4 | A buffer overflow vulnerability in QNAP operating systems could allow authenticated remote attackers | |
| 3003 | CVE-2025-20252 |
|
28.3th | 5.8 | This vulnerability in Cisco ASA and FTD software allows unauthenticated remote attackers to trigger | |
| 3004 | CVE-2025-36047 |
|
28.4th | 5.3 | IBM WebSphere Application Server Liberty versions 18.0.0.2 through 25.0.0.8 are vulnerable to a deni | |
| 3005 | CVE-2025-10975 |
|
28.5th | 6.3 | This vulnerability allows remote attackers to execute arbitrary code through deserialization attacks | |
| 3006 | CVE-2025-10974 |
|
28.5th | 6.3 | This CVE describes a remote code execution vulnerability in giantspatula SewKinect's /calculate endp | |
| 3007 | CVE-2025-13791 |
|
28.4th | 6.3 | This vulnerability allows remote attackers to perform path traversal attacks via the project import | |
| 3008 | CVE-2025-13246 |
|
28.4th | 6.3 | This CVE describes a path traversal vulnerability in the JwtAuthenticationFilter component of shsuis | |
| 3009 | CVE-2024-13983 |
|
28.5th | 6.3 | This vulnerability allows attackers to create QR codes that spoof Chrome's Lens UI on iOS, potential | |
| 3010 | CVE-2025-8871 |
|
28.4th | 5.6 | The Everest Forms Pro WordPress plugin is vulnerable to PHP object injection via deserialization of | |
| 3011 | CVE-2025-67074 |
|
28.4th | 6.5 | A buffer overflow vulnerability in Tenda AC10V4.0 routers allows remote attackers to cause denial of | |
| 3012 | CVE-2026-22644 |
|
28.3th | 5.3 | This vulnerability allows attackers to steal authentication tokens when they are passed in URL query | |
| 3013 | CVE-2024-13715 |
|
28.3th | 4.3 | The zStore Manager Basic WordPress plugin has a missing capability check vulnerability that allows a | |
| 3014 | CVE-2024-13652 |
|
28.3th | 4.3 | The ECPay Ecommerce for WooCommerce WordPress plugin has an authorization vulnerability that allows | |
| 3015 | CVE-2024-56294 |
|
28.3th | 6.4 | A missing authorization vulnerability in POSIMYTH Nexter Blocks WordPress plugin allows attackers to | |
| 3016 | CVE-2024-13716 |
|
28.3th | 4.3 | The Forex Calculators WordPress plugin has an authorization vulnerability that allows authenticated | |
| 3017 | CVE-2025-25514 |
|
28.2th | 6.5 | This SQL injection vulnerability in Seacms allows attackers to execute arbitrary SQL commands throug | |
| 3018 | CVE-2023-51331 |
|
28.2th | 6.5 | PHPJabbers Cleaning Business Software v1.0 has a CSV injection vulnerability that allows attackers t | |
| 3019 | CVE-2024-13663 |
|
28.3th | 6.4 | The Coaching Staffs WordPress plugin has a stored XSS vulnerability in its 'mstw-cs-table' shortcode | |
| 3020 | CVE-2024-13657 |
|
28.3th | 6.4 | This stored XSS vulnerability in the Store Locator Widget WordPress plugin allows authenticated atta | |
| 3021 | CVE-2024-13589 |
|
28.3th | 6.4 | This vulnerability allows authenticated WordPress users with contributor-level access or higher to i | |
| 3022 | CVE-2024-13390 |
|
28.3th | 6.4 | This vulnerability allows authenticated WordPress users with contributor-level access or higher to i | |
| 3023 | CVE-2024-11335 |
|
28.3th | 6.4 | This vulnerability allows authenticated WordPress users with contributor-level access or higher to i | |
| 3024 | CVE-2024-13443 |
|
28.3th | 6.4 | This stored XSS vulnerability in the Easypromos WordPress plugin allows authenticated attackers with | |
| 3025 | CVE-2024-13687 |
|
28.3th | 4.3 | The Team Builder WordPress plugin has an authorization vulnerability that allows authenticated users | |
| 3026 | CVE-2025-1226 |
|
28.2th | 5.3 | This critical vulnerability in ywoa allows remote attackers to bypass authorization controls via the | |
| 3027 | CVE-2025-1668 |
|
28.3th | 4.3 | The WPSchoolPress WordPress plugin has a missing capability check that allows authenticated users wi | |
| 3028 | CVE-2024-13407 |
|
28.3th | 4.3 | The Omnipress WordPress plugin vulnerability allows authenticated attackers with Contributor-level a | |
| 3029 | CVE-2025-2104 |
|
28.3th | 4.3 | This vulnerability in the Pagelayer WordPress plugin allows authenticated users with Contributor-lev | |
| 3030 | CVE-2025-1503 |
|
28.3th | 6.4 | This vulnerability allows authenticated attackers with Contributor-level access or higher to inject | |
| 3031 | CVE-2024-13703 |
|
28.3th | 4.3 | This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to en | |
| 3032 | CVE-2019-1815 |
|
28.2th | 5.3 | CVE-2019-1815 allows unauthenticated attackers to access sensitive logs containing wireless pre-shar | |
| 3033 | CVE-2024-13559 |
|
28.3th | 6.4 | The TemplatesNext ToolKit WordPress plugin has a stored XSS vulnerability that allows authenticated | |
| 3034 | CVE-2025-22060 |
|
28.3th | 4.7 | A race condition vulnerability in the Linux kernel's Marvell PP2 network driver allows concurrent mo | |
| 3035 | CVE-2025-22045 |
|
28.3th | 5.5 | A flaw in the Linux kernel's x86 memory management subsystem could allow improper TLB flushing when | |
| 3036 | CVE-2025-2541 |
|
28.2th | 6.4 | The WP Project Manager WordPress plugin has a stored XSS vulnerability in SVG file uploads affecting | |
| 3037 | CVE-2025-30011 |
|
28.2th | 5.3 | An unauthenticated attacker can exploit a deprecated Java applet component in SAP SRM's Live Auction | |
| 3038 | CVE-2025-29153 |
|
28.3th | 5.4 | An SQL injection vulnerability in lemeconsultoria HCM galera.app version 4.58.0 allows attackers to | |
| 3039 | CVE-2024-41502 |
|
28.2th | 6.1 | Jetimob Plataforma Imobiliaria 20240627-0 contains a stored cross-site scripting (XSS) vulnerability | |
| 3040 | CVE-2024-45515 |
|
28.2th | 6.1 | This Cross-Site Scripting (XSS) vulnerability in Zimbra Collaboration allows attackers to upload spe | |
| 3041 | CVE-2025-20332 |
|
28.2th | 4.3 | This vulnerability in Cisco ISE allows authenticated attackers with read-only administrator credenti | |
| 3042 | CVE-2025-13317 |
|
28.2th | 5.3 | This vulnerability allows unauthenticated attackers to arbitrarily confirm appointments in the Appoi | |
| 3043 | CVE-2025-12535 |
|
28.2th | 5.3 | The SureForms WordPress plugin has a CSRF bypass vulnerability that allows unauthenticated attackers | |
| 3044 | CVE-2025-63604 |
|
28.2th | 6.5 | This CVE describes a remote code execution vulnerability in baryhuang/mcp-server-aws-resources-pytho | |
| 3045 | CVE-2025-13306 |
|
28.2th | 6.3 | This CVE describes a command injection vulnerability in D-Link routers that allows attackers to exec | |
| 3046 | CVE-2025-14691 |
|
28.3th | 4.3 | This vulnerability allows attackers to inject malicious scripts into Mayan EDMS web interface throug | |
| 3047 | CVE-2026-23848 |
|
28.3th | 6.5 | This vulnerability allows unauthenticated attackers to bypass IP-based rate limiting in MyTube by sp | |
| 3048 | CVE-2026-22587 |
|
28.3th | 5.5 | Ideagen DevonWay contains a stored cross-site scripting (XSS) vulnerability where authenticated atta | |
| 3049 | CVE-2025-14128 |
|
28.2th | 6.1 | The Stumble! WordPress plugin has a reflected cross-site scripting (XSS) vulnerability that allows u | |
| 3050 | CVE-2025-14127 |
|
28.2th | 6.1 | The Testimonial Master WordPress plugin contains a reflected cross-site scripting (XSS) vulnerabilit |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free