Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
301	CVE-2025-43408	0.02%	4.7th	2.4	This vulnerability allows attackers with physical access to a locked macOS device to access contacts
302	CVE-2025-36744	0.02%	4.7th	2.4	SolarEdge SE3680H inverters leak sensitive diagnostic information during bootloader initialization c
303	CVE-2025-66515	0.02%	4.5th	2.7	This vulnerability in Nextcloud Approval app allows authenticated users listed as requesters in work
304	CVE-2025-43410	0.02%	4.3th	2.4	This vulnerability allows an attacker with physical access to a Mac to view deleted notes due to imp
305	CVE-2025-46279	0.02%	4.4th	3.3	This CVE describes an information disclosure vulnerability in Apple operating systems where an app c
306	CVE-2025-13566	0.02%	4.5th	3.3	A double-free vulnerability exists in the nnn file manager up to version 5.1, specifically in the sh
307	CVE-2025-32088	0.02%	4.5th	3.3	An improper conditions check in Intel QAT Windows software before version 2.6.0 allows authenticated
308	CVE-2025-59696	0.02%	4.4th	3.2	This vulnerability allows a physically proximate attacker to modify or erase tamper event logs on En
309	CVE-2025-64786	0.02%	4.3th	3.3	Acrobat Reader has an improper cryptographic signature verification vulnerability that allows attack
310	CVE-2025-64787	0.02%	4.3th	3.3	This CVE describes an Improper Verification of Cryptographic Signature vulnerability in Adobe Acroba
311	CVE-2026-23553	0.02%	4.4th	2.9	This Xen hypervisor vulnerability allows indirect branch predictor poisoning between guest tasks, br
312	CVE-2024-54556	0.02%	4.3th	2.4	This vulnerability allows a user to view restricted content from the lock screen on Apple iOS and iP
313	CVE-2026-1415	0.02%	4.5th	3.3	A null pointer dereference vulnerability exists in GPAC multimedia framework versions up to 2.4.0. A
314	CVE-2026-1416	0.02%	4.5th	3.3	A null pointer dereference vulnerability exists in GPAC's DumpMovieInfo function, allowing local att
315	CVE-2026-1417	0.02%	4.5th	3.3	This CVE describes a null pointer dereference vulnerability in GPAC's MP4Box tool that can cause app
316	CVE-2025-66558	0.02%	4.2th	3.1	A vulnerability in Nextcloud's Twofactor WebAuthn plugin allows attackers to remove a user's WebAuth
317	CVE-2025-20622	0.02%	3.8th	3.8	This vulnerability in Intel NPU Drivers for Windows allows unprivileged local users to potentially a
318	CVE-2025-1823	0.02%	3.8th	3.5	This vulnerability in IBM Jazz Reporting Service allows authenticated users on the host network to e
319	CVE-2025-68163	0.02%	3.9th	3.5	This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to injec
320	CVE-2025-2134	0.02%	3.8th	3.5	IBM Jazz Reporting Service has an insufficient resource pooling vulnerability that allows authentica
321	CVE-2025-6666	0.02%	4.1th	2.0	This vulnerability in motogadget mo.lock Ignition Lock devices allows attackers to exploit a hard-co
322	CVE-2025-5467	0.02%	3.4th	3.3	This vulnerability in Canonical's Apport crash reporting tool creates crash files with incorrect gro
323	CVE-2025-55174	0.02%	3.5th	3.2	A file handling vulnerability in KDE Skanpage allows partial file content disclosure when overwritin
324	CVE-2025-55703	0.02%	3.7th	2.5	An error-based SQL injection vulnerability in Sunbird Power IQ 9.2.0 API allows attackers to manipul
325	CVE-2025-43395	0.02%	3.4th	3.3	This macOS vulnerability allows malicious applications to bypass symlink protections and access prot
326	CVE-2025-27550	0.02%	3.8th	3.5	This vulnerability in IBM Jazz Reporting Service allows authenticated users on the same network to a
327	CVE-2025-54821	0.02%	3.5th	1.9	This CVE describes an improper privilege management vulnerability in multiple Fortinet products that
328	CVE-2025-13640	0.02%	3.6th	3.5	This vulnerability in Google Chrome's password implementation allows a local attacker with physical
329	CVE-2026-20972	0.02%	3.7th	3.3	This vulnerability in Samsung's UwbTest Android application allows local attackers to improperly exp
330	CVE-2025-67646	0.02%	3.5th	3.5	This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the TableProgressTracking Me
331	CVE-2025-67899	0.02%	3.6th	2.9	CVE-2025-67899 is an unbounded recursion vulnerability in uriparser library versions through 0.9.9 t
332	CVE-2025-46643	0.02%	3.5th	2.3	A heap-based buffer overflow vulnerability in Dell PowerProtect Data Domain with DD OS allows high-p
333	CVE-2026-1998	0.02%	3.5th	3.3	A memory corruption vulnerability in MicroPython's mp_import_all function allows local attackers to
334	CVE-2025-11961	0.02%	3.2th	1.9	CVE-2025-11961 is a heap-based buffer overflow vulnerability in libpcap's pcap_ether_aton() function
335	CVE-2025-11964	0.02%	3.2th	1.9	A buffer overflow vulnerability exists in libpcap on Windows when converting certain Windows error m
336	CVE-2026-0519	0.02%	3.2th	3.4	Secure Access versions 12.70 through 14.20 may write unredacted authentication tokens to logs under
337	CVE-2025-43532	0.02%	3.2th	2.8	This CVE describes a memory corruption vulnerability in Apple operating systems caused by improper b
338	CVE-2025-66382	0.02%	3.3th	2.9	CVE-2025-66382 is a denial-of-service vulnerability in libexpat where a specially crafted XML file (
339	CVE-2023-29144	0.02%	3.1th	3.3	Malwarebytes 1.0.14 for Linux has a signature computation vulnerability that allows malware to bypas
340	CVE-2025-15320	0.02%	2.5th	3.3	A denial of service vulnerability in Tanium Client could allow an attacker to crash the client servi
341	CVE-2026-2259	0.02%	2.7th	3.3	This CVE describes a memory corruption vulnerability in the lobster::Parser::ParseStatements functio
342	CVE-2025-43437	0.02%	2.8th	3.3	This CVE describes an information disclosure vulnerability in iOS/iPadOS that allows apps to fingerp
343	CVE-2026-2258	0.02%	2.7th	3.3	CVE-2026-2258 is a memory corruption vulnerability in aardappel lobster's WaveFunctionCollapse funct
344	CVE-2026-0510	0.02%	2.8th	3.0	CVE-2026-0510 is a cryptographic weakness in SAP NetWeaver Application Server for Java's User Manage
345	CVE-2025-66372	0.02%	2.8th	2.8	CVE-2025-66372 is an XML External Entity (XXE) vulnerability in Mustang library versions before 2.16
346	CVE-2025-62840	0.02%	2.7th	3.3	This vulnerability in QNAP HBS 3 Hybrid Backup Sync allows error messages to expose sensitive applic
347	CVE-2026-2246	0.02%	2.7th	3.3	A memory corruption vulnerability in AprilRobotics apriltag library versions up to 3.4.5 allows loca
348	CVE-2025-64696	0.02%	2.8th	3.3	The Brother iPrint&Scan Android app versions 6.13.7 and earlier improperly stores application files
349	CVE-2025-59485	0.02%	2.7th	3.3	This vulnerability allows local authenticated users on Windows systems running MaLion Security Point
350	CVE-2025-13321	0.02%	2.7th	3.3	Mattermost Desktop App versions before 6.0.0 fail to properly clear sensitive information from logs

← Previous Page 7 of 9 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free