Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 3101 | CVE-2025-10658 |
|
59.4th | 6.5 | The SupportCandy WordPress plugin has an authentication bypass vulnerability that allows unauthentic | |
| 3102 | CVE-2025-12637 |
|
59.5th | 8.8 | The Elastic Theme Editor WordPress plugin allows authenticated attackers with Subscriber-level acces | |
| 3103 | CVE-2025-24102 |
|
59.3th | 9.8 | This CVE describes an information disclosure vulnerability in Apple operating systems where an app c | |
| 3104 | CVE-2025-0682 |
|
59.4th | 8.8 | The ThemeREX Addons WordPress plugin has a Local File Inclusion vulnerability that allows authentica | |
| 3105 | CVE-2024-12811 |
|
59.4th | 8.8 | The Traveler WordPress theme has a Local File Inclusion vulnerability in the 'hotel_alone_slider' sh | |
| 3106 | CVE-2025-47781 |
|
59.3th | 9.8 | CVE-2025-47781 allows unauthenticated attackers to brute-force 6-digit authentication tokens in Rall | |
| 3107 | CVE-2025-29962 |
|
59.4th | 8.8 | This vulnerability is a heap-based buffer overflow in Windows Media components that allows remote at | |
| 3108 | CVE-2023-25837 |
|
59.4th | 8.4 | A stored cross-site scripting vulnerability in Esri ArcGIS Enterprise Sites allows authenticated hig | |
| 3109 | CVE-2025-27428 |
|
59.3th | 7.7 | This directory traversal vulnerability in SAP Solution Manager allows authorized attackers to read f | |
| 3110 | CVE-2025-27829 |
|
59.3th | 7.3 | A vulnerability in Stormshield Network Security (SNS) firewalls allows attackers to disrupt multicas | |
| 3111 | CVE-2025-34322 |
|
59.3th | 7.2 | Nagios Log Server versions before 2026R1.0.1 contain an authenticated command injection vulnerabilit | |
| 3112 | CVE-2025-62521 |
|
59.3th | 10.0 | CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha | |
| 3113 | CVE-2024-50349 |
|
59.3th | 4.7 | This vulnerability allows attackers to craft malicious Git repository URLs containing ANSI escape se | |
| 3114 | CVE-2025-2559 |
|
59.3th | 4.9 | This vulnerability in Keycloak allows denial of service through memory exhaustion when JWT tokens wi | |
| 3115 | CVE-2024-55213 |
|
59.2th | 6.5 | A directory traversal vulnerability in dhtmlxFileExplorer v8.4.6 allows remote attackers to access s | |
| 3116 | CVE-2025-2635 |
|
59.2th | 6.1 | The Digital License Manager WordPress plugin contains a reflected cross-site scripting (XSS) vulnera | |
| 3117 | CVE-2025-32209 |
|
59.2th | 6.5 | This path traversal vulnerability in the Total Processing Card Payments for WooCommerce WordPress pl | |
| 3118 | CVE-2025-31800 |
|
59.2th | 6.5 | This path traversal vulnerability in the Publitio WordPress plugin allows attackers to read arbitrar | |
| 3119 | CVE-2025-30594 |
|
59.2th | 6.5 | This path traversal vulnerability in the WordPress Include URL plugin allows attackers to download a | |
| 3120 | CVE-2025-5527 |
|
59.2th | 8.8 | This critical vulnerability in Tenda RX3 routers allows remote attackers to execute arbitrary code v | |
| 3121 | CVE-2025-9113 |
|
59.2th | 9.8 | The Doccure WordPress theme allows unauthenticated attackers to upload arbitrary files due to missin | |
| 3122 | CVE-2024-49688 |
|
59.2th | 9.8 | This vulnerability allows unauthenticated attackers to perform PHP object injection through deserial | |
| 3123 | CVE-2025-21611 |
|
59.2th | 8.8 | tgstation-server versions before 6.12.3 have an authorization bypass vulnerability where role permis | |
| 3124 | CVE-2025-1066 |
|
59.1th | 9.8 | OpenPLC_V3 contains an arbitrary file upload vulnerability that allows attackers to upload malicious | |
| 3125 | CVE-2024-6851 |
|
59.2th | 7.5 | This vulnerability allows arbitrary file deletion on systems running the aim tracking server. An att | |
| 3126 | CVE-2025-2334 |
|
59.2th | 5.4 | This vulnerability allows remote attackers to delete chat histories they shouldn't have access to du | |
| 3127 | CVE-2025-3603 |
|
59.1th | 9.8 | The Flynax Bridge WordPress plugin has a critical authentication bypass vulnerability that allows un | |
| 3128 | CVE-2025-31175 |
|
59.1th | 8.4 | A deserialization mismatch vulnerability in the DSoftBus module allows attackers to manipulate seria | |
| 3129 | CVE-2025-4102 |
|
59.2th | 7.2 | The Beaver Builder Plugin (Starter Version) for WordPress has a vulnerability allowing authenticated | |
| 3130 | CVE-2025-6086 |
|
59.2th | 7.2 | The CSV Me WordPress plugin allows authenticated attackers with Administrator privileges to upload a | |
| 3131 | CVE-2025-3234 |
|
59.2th | 7.2 | The File Manager Pro – Filester WordPress plugin allows authenticated attackers with Administrator | |
| 3132 | CVE-2025-57403 |
|
59.2th | 7.5 | Cola Dnslog v1.3.2 has a directory traversal vulnerability in TXT record processing that allows atta | |
| 3133 | CVE-2021-47706 |
|
59.1th | N/A | COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that al | |
| 3134 | CVE-2024-57473 |
|
59.1th | 9.8 | H3C N12 V100R005 routers contain a critical buffer overflow vulnerability in the MAC address editing | |
| 3135 | CVE-2024-57480 |
|
59.1th | 9.8 | H3C N12 V100R005 wireless access points contain a critical buffer overflow vulnerability in their we | |
| 3136 | CVE-2024-57471 |
|
59.1th | 9.8 | H3C N12 V100R005 wireless routers contain a buffer overflow vulnerability in their 2.4G wireless net | |
| 3137 | CVE-2025-21235 |
|
59.1th | 7.8 | This vulnerability in Windows PrintWorkflowUserSvc allows attackers to elevate privileges from a sta | |
| 3138 | CVE-2025-21234 |
|
59.1th | 7.8 | This vulnerability allows attackers to elevate privileges on Windows systems by exploiting the Print | |
| 3139 | CVE-2024-12316 |
|
59.1th | 5.3 | The Jupiter X Core WordPress plugin has an authorization bypass vulnerability that allows unauthenti | |
| 3140 | CVE-2025-32910 |
|
59.1th | 6.5 | A NULL pointer dereference vulnerability in libsoup's soup_auth_digest_authenticate() function can c | |
| 3141 | CVE-2026-1414 |
|
59.1th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on Sangfor Operation and Ma | |
| 3142 | CVE-2025-26506 |
|
59.1th | 9.8 | This vulnerability allows attackers to execute arbitrary code with elevated privileges on affected H | |
| 3143 | CVE-2025-4187 |
|
59.1th | 5.9 | This vulnerability allows unauthenticated attackers to perform directory traversal attacks via the u | |
| 3144 | CVE-2024-12885 |
|
59th | 6.5 | This vulnerability allows authenticated WordPress administrators to delete arbitrary directories on | |
| 3145 | CVE-2025-23114 |
|
59th | 9.0 | A TLS certificate validation vulnerability in Veeam Updater allows man-in-the-middle attackers to in | |
| 3146 | CVE-2025-23416 |
|
59th | 4.9 | This path traversal vulnerability (CWE-22) in Ixia/Keysight products allows attackers to delete arbi | |
| 3147 | CVE-2025-26413 |
|
59th | 7.5 | An improper input validation vulnerability in Apache Kvrocks allows attackers to crash the server by | |
| 3148 | CVE-2025-7910 |
|
59th | 8.8 | A critical stack-based buffer overflow vulnerability in D-Link DIR-513 routers allows remote attacke | |
| 3149 | CVE-2025-31717 |
|
59th | 7.5 | This vulnerability in modem firmware allows remote attackers to cause a system crash through imprope | |
| 3150 | CVE-2025-11287 |
|
59th | 7.3 | CVE-2025-11287 is an authentication bypass vulnerability in samanhappy MCPHub's SSE service that all |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free