Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 3551 | CVE-2024-6863 |
|
25.6th | 6.5 | This vulnerability in h2oai/h2o-3 version 3.46.0 exposes an endpoint that allows attackers to encryp | |
| 3552 | CVE-2025-40325 |
|
25.5th | 5.5 | A race condition vulnerability in the Linux kernel's RAID10 discard handling could cause system inst | |
| 3553 | CVE-2025-22116 |
|
25.6th | 5.5 | This CVE describes a kernel error handling flaw in the idpf (Intel Data Path Function) driver where | |
| 3554 | CVE-2025-29632 |
|
25.5th | 5.4 | A buffer overflow vulnerability in Free5gc v4.0.0 allows remote attackers to cause denial of service | |
| 3555 | CVE-2025-1493 |
|
25.6th | 5.3 | This vulnerability in IBM Db2 allows authenticated users to cause denial of service by concurrently | |
| 3556 | CVE-2025-25020 |
|
25.5th | 6.5 | This vulnerability in IBM QRadar Suite Software and IBM Cloud Pak for Security allows authenticated | |
| 3557 | CVE-2025-20344 |
|
25.4th | 6.5 | This vulnerability allows authenticated administrators to exploit path traversal via crafted backup | |
| 3558 | CVE-2025-59426 |
|
25.5th | 4.3 | This CVE describes an open redirect vulnerability in Lobe Chat's OIDC implementation. Attackers can | |
| 3559 | CVE-2025-42893 |
|
25.5th | 6.1 | An Open Redirect vulnerability in SAP Business Connector allows unauthenticated attackers to craft m | |
| 3560 | CVE-2023-47232 |
|
25.6th | 4.3 | This vulnerability in the WP Affiliate Disclosure WordPress plugin allows attackers to perform unaut | |
| 3561 | CVE-2025-37177 |
|
25.5th | 6.5 | An arbitrary file deletion vulnerability in the command-line interface of Aruba mobility conductors | |
| 3562 | CVE-2025-58424 |
|
25.4th | 5.3 | This vulnerability affects BIG-IP systems where undisclosed traffic can cause data corruption and un | |
| 3563 | CVE-2024-13349 |
|
25.3th | 6.4 | The Stockdio Historical Chart WordPress plugin has a stored XSS vulnerability in all versions up to | |
| 3564 | CVE-2025-24723 |
|
25.3th | 5.9 | This stored cross-site scripting (XSS) vulnerability in the Booking Calendar Contact Form WordPress | |
| 3565 | CVE-2025-22578 |
|
25.3th | 5.9 | This stored cross-site scripting (XSS) vulnerability in the WP Cookie WordPress plugin allows attack | |
| 3566 | CVE-2024-11627 |
|
25.4th | 6.8 | This CVE describes a session fixation vulnerability in Progress Sitefinity CMS where session identif | |
| 3567 | CVE-2025-1560 |
|
25.3th | 6.4 | The WOW Entrance Effects (WEE!) WordPress plugin has a stored cross-site scripting vulnerability tha | |
| 3568 | CVE-2025-1571 |
|
25.3th | 6.4 | This vulnerability allows authenticated WordPress users with contributor-level access or higher to i | |
| 3569 | CVE-2025-1757 |
|
25.3th | 6.4 | The WordPress Portfolio Builder plugin has a stored XSS vulnerability in all versions up to 1.1.7. A | |
| 3570 | CVE-2024-6261 |
|
25.3th | 6.4 | This stored XSS vulnerability in the Final Tiles Grid WordPress gallery plugin allows authenticated | |
| 3571 | CVE-2025-27303 |
|
25.3th | 5.9 | This stored cross-site scripting (XSS) vulnerability in the Contact Form 7 Star Rating WordPress plu | |
| 3572 | CVE-2024-12452 |
|
25.3th | 6.4 | The Ziggeo WordPress plugin has a stored XSS vulnerability in all versions up to 3.1 that allows aut | |
| 3573 | CVE-2025-1410 |
|
25.3th | 6.4 | This stored XSS vulnerability in the Pie Calendar WordPress plugin allows authenticated attackers wi | |
| 3574 | CVE-2024-13155 |
|
25.3th | 6.4 | The Unlimited Elements For Elementor WordPress plugin has a stored XSS vulnerability in its Transpar | |
| 3575 | CVE-2024-13395 |
|
25.3th | 6.4 | The Threepress WordPress plugin has a stored cross-site scripting vulnerability that allows authenti | |
| 3576 | CVE-2024-13588 |
|
25.3th | 6.4 | The Simplebooklet PDF Viewer WordPress plugin has a stored XSS vulnerability that allows authenticat | |
| 3577 | CVE-2024-37603 |
|
25.4th | 4.6 | A type confusion vulnerability exists in the user data import/export function of Mercedes Benz NTG 6 | |
| 3578 | CVE-2024-37601 |
|
25.4th | 4.6 | A heap buffer overflow vulnerability exists in the user data import/export function of Mercedes Benz | |
| 3579 | CVE-2024-11746 |
|
25.3th | 6.4 | This stored XSS vulnerability in the Woocommerce Brands WordPress plugin allows authenticated attack | |
| 3580 | CVE-2025-25105 |
|
25.3th | 5.9 | This stored cross-site scripting (XSS) vulnerability in the Pop Up WordPress plugin allows attackers | |
| 3581 | CVE-2025-25073 |
|
25.3th | 5.9 | This stored cross-site scripting (XSS) vulnerability in the Easy WP Tiles WordPress plugin allows at | |
| 3582 | CVE-2025-22641 |
|
25.3th | 5.9 | This stored cross-site scripting (XSS) vulnerability in the FM Notification Bar WordPress plugin all | |
| 3583 | CVE-2025-2167 |
|
25.4th | 5.4 | The Event post plugin for WordPress has a stored cross-site scripting (XSS) vulnerability that allow | |
| 3584 | CVE-2025-28936 |
|
25.3th | 5.9 | This stored cross-site scripting (XSS) vulnerability in the Lunar WordPress plugin allows attackers | |
| 3585 | CVE-2025-28926 |
|
25.3th | 5.9 | This stored cross-site scripting (XSS) vulnerability in the WordPress Post Read Time plugin allows a | |
| 3586 | CVE-2024-13649 |
|
25.3th | 6.4 | This vulnerability allows authenticated WordPress users with Contributor-level access or higher to i | |
| 3587 | CVE-2025-1783 |
|
25.3th | 6.4 | The Gallery Styles WordPress plugin has a stored XSS vulnerability that allows authenticated attacke | |
| 3588 | CVE-2024-13757 |
|
25.3th | 6.4 | This vulnerability allows authenticated WordPress users with contributor-level access or higher to i | |
| 3589 | CVE-2024-13686 |
|
25.4th | 4.3 | The VW Storefront WordPress theme has a missing capability check vulnerability that allows authentic | |
| 3590 | CVE-2024-6857 |
|
25.4th | 4.3 | This CSRF vulnerability in WP MultiTasking WordPress plugin allows attackers to trick logged-in admi | |
| 3591 | CVE-2025-3153 |
|
25.4th | 6.5 | Concrete CMS versions below 8.5.20 and 9 below 9.4.0RC2 are vulnerable to CSRF and XSS attacks in th | |
| 3592 | CVE-2025-31728 |
|
25.3th | 5.5 | The Jenkins AsakusaSatellite Plugin 0.1.1 and earlier displays API keys in plaintext on job configur | |
| 3593 | CVE-2025-46722 |
|
25.3th | 4.2 | This vulnerability in vLLM's image hashing function allows hash collisions where different-sized ima | |
| 3594 | CVE-2025-4866 |
|
25.3th | 6.3 | CVE-2025-4866 is a critical code injection vulnerability in weibocom rill-flow's Management Console | |
| 3595 | CVE-2025-4207 |
|
25.3th | 5.9 | A buffer over-read vulnerability in PostgreSQL's GB18030 encoding validation allows attackers to cau | |
| 3596 | CVE-2025-38290 |
|
25.3th | 5.5 | A race condition vulnerability in the Linux kernel's ath12k WiFi driver can cause kernel panic durin | |
| 3597 | CVE-2025-50461 |
|
25.2th | 6.5 | This CVE describes a deserialization vulnerability in Volcengine's verl 3.0.0 that allows arbitrary | |
| 3598 | CVE-2025-8938 |
|
25.3th | 6.3 | This vulnerability in TOTOLINK N350R routers allows attackers to enable a backdoor via the Telnet se | |
| 3599 | CVE-2025-50234 |
|
25.3th | 6.5 | MCCMS v2.7.0 has a server-side request forgery (SSRF) vulnerability that allows attackers to make th | |
| 3600 | CVE-2025-50233 |
|
25.4th | 6.5 | This vulnerability in QCMS 6.0.5 allows authenticated users to perform directory traversal attacks b |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free