Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 3601 | CVE-2025-36262 |
|
25.3th | 4.9 | This vulnerability in IBM Planning Analytics Local allows malicious privileged users to bypass the u | |
| 3602 | CVE-2025-59413 |
|
25.3th | 6.5 | CubeCart versions before 6.5.11 contain a logic flaw in the newsletter subscription endpoint that al | |
| 3603 | CVE-2025-10777 |
|
25.4th | 6.3 | This CVE describes a path traversal vulnerability in JSC R7 R7-Office Document Server's /downloadas/ | |
| 3604 | CVE-2025-11269 |
|
25.4th | 5.3 | The Product Filter by WBW WordPress plugin up to version 3.0.0 has a missing capability check on the | |
| 3605 | CVE-2025-11256 |
|
25.4th | 5.3 | The Kognetiks Chatbot plugin for WordPress has a missing capability check vulnerability that allows | |
| 3606 | CVE-2025-60312 |
|
25.3th | 6.1 | CVE-2025-60312 is a stored cross-site scripting vulnerability in Sourcecodester Markdown to HTML Con | |
| 3607 | CVE-2025-23366 |
|
25.3th | 6.5 | This CVE describes a cross-site scripting (XSS) vulnerability in the HAL Console of Wildfly's manage | |
| 3608 | CVE-2025-13386 |
|
25.4th | 5.3 | The Social Images Widget WordPress plugin has a missing capability check that allows unauthenticated | |
| 3609 | CVE-2025-22397 |
|
25.3th | 6.7 | This path traversal vulnerability in Dell iDRAC9 and iDRAC10 allows authenticated high-privilege att | |
| 3610 | CVE-2025-12157 |
|
25.4th | 5.3 | The Simple User Capabilities WordPress plugin has an authentication bypass vulnerability that allows | |
| 3611 | CVE-2026-2194 |
|
25.4th | 6.3 | This CVE describes a command injection vulnerability in D-Link DI-7100G C1 routers that allows remot | |
| 3612 | CVE-2026-2193 |
|
25.4th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on D-Link DI-7100G routers | |
| 3613 | CVE-2026-1544 |
|
25.4th | 6.3 | This CVE describes an OS command injection vulnerability in D-Link DIR-823X routers via the lan_gate | |
| 3614 | CVE-2025-13676 |
|
25.3th | 6.1 | The JustClick registration plugin for WordPress has a reflected cross-site scripting (XSS) vulnerabi | |
| 3615 | CVE-2025-63296 |
|
25.4th | 6.5 | This vulnerability allows arbitrary code execution as root on KERUI K259 5MP Wi-Fi/Tuya Smart Securi | |
| 3616 | CVE-2025-0741 |
|
25.1th | 5.8 | An authenticated attacker can write messages into other users' chat sessions by manipulating the 'ch | |
| 3617 | CVE-2025-23053 |
|
25.2th | 6.5 | This CVE describes a privilege escalation vulnerability in HPE Aruba Networking Fabric Composer's we | |
| 3618 | CVE-2017-13317 |
|
25.1th | 5.7 | CVE-2017-13317 is an out-of-bounds read vulnerability in Android's HEIF image decoder that could all | |
| 3619 | CVE-2024-43710 |
|
25.1th | 4.3 | A server-side request forgery (SSRF) vulnerability in Kibana's Fleet API allows authenticated users | |
| 3620 | CVE-2025-24027 |
|
25.1th | 6.2 | This is a stored cross-site scripting (XSS) vulnerability in the ps_contactinfo PrestaShop module th | |
| 3621 | CVE-2024-37363 |
|
25.1th | 6.5 | This vulnerability allows unauthorized users to access data sources they shouldn't have permission t | |
| 3622 | CVE-2025-20207 |
|
25.1th | 4.3 | This vulnerability allows authenticated attackers with SNMP credentials to obtain confidential opera | |
| 3623 | CVE-2025-30455 |
|
25.2th | 5.5 | A macOS vulnerability allows malicious applications to access private information due to insufficien | |
| 3624 | CVE-2025-24280 |
|
25.2th | 5.5 | This CVE describes a macOS sandbox escape vulnerability that allows malicious applications to bypass | |
| 3625 | CVE-2023-53010 |
|
25.2th | 5.5 | This CVE describes a buffer overflow vulnerability in the Linux kernel's bnxt driver, triggered when | |
| 3626 | CVE-2023-1333 |
|
25.2th | 4.3 | The RapidLoad Power-Up for Autoptimize WordPress plugin has a missing capability check that allows a | |
| 3627 | CVE-2025-2365 |
|
25.2th | 6.3 | This vulnerability allows remote attackers to perform XML External Entity (XXE) attacks through the | |
| 3628 | CVE-2025-26704 |
|
25.1th | 6.4 | A privilege management vulnerability in ZTE GoldenDB allows authenticated users to escalate their pr | |
| 3629 | CVE-2025-3867 |
|
25.2th | 6.1 | This CSRF vulnerability in the Ajax Comment Form CST WordPress plugin allows attackers to trick admi | |
| 3630 | CVE-2024-0970 |
|
25.2th | 5.3 | The User Activity Tracking and Log WordPress plugin before version 4.1.4 insecurely retrieves client | |
| 3631 | CVE-2025-46749 |
|
25.1th | 4.3 | This is a cross-site scripting (XSS) vulnerability in SEL software where authenticated users can inj | |
| 3632 | CVE-2025-45737 |
|
25.1th | 6.5 | This vulnerability allows attackers to escalate privileges by sending crafted IOCTL commands to the | |
| 3633 | CVE-2025-30675 |
|
25.2th | 4.7 | This vulnerability allows malicious Domain Admins or Resource Admins in Apache CloudStack to bypass | |
| 3634 | CVE-2025-53774 |
|
25.1th | 6.5 | This vulnerability in Microsoft 365 Copilot BizChat allows authenticated attackers to access sensiti | |
| 3635 | CVE-2025-55797 |
|
25.1th | 6.5 | An improper access control vulnerability in FormCms v0.5.4 allows unauthenticated attackers to acces | |
| 3636 | CVE-2025-10759 |
|
25.2th | 5.3 | This CVE describes a CSRF token reuse vulnerability in Webkul QloApps up to version 1.7.0 that allow | |
| 3637 | CVE-2025-8662 |
|
25.2th | 4.3 | OpenAM contains a vulnerability where tampered SAML requests can cause the Identity Provider (IdP) t | |
| 3638 | CVE-2025-34270 |
|
25.2th | 4.9 | Nagios Log Server versions before 2024R2.0.2 expose plaintext AD/LDAP passwords during user import o | |
| 3639 | CVE-2025-62176 |
|
25.2th | 4.3 | Mastodon's streaming server incorrectly allows OAuth clients with valid authentication tokens to sub | |
| 3640 | CVE-2025-61189 |
|
25.1th | 6.3 | Jeecgboot versions 3.8.2 and earlier contain a path traversal vulnerability in the /sys/comment/addF | |
| 3641 | CVE-2025-60935 |
|
25.1th | 6.1 | An open redirect vulnerability in Blitz Panel v1.17.0 allows attackers to redirect authenticated use | |
| 3642 | CVE-2025-13636 |
|
25.1th | 4.3 | This vulnerability in Google Chrome's Split View feature allows attackers to perform UI spoofing by | |
| 3643 | CVE-2026-1173 |
|
25.2th | 5.3 | A denial-of-service vulnerability exists in birkir prime's GraphQL array-based query batch handler. | |
| 3644 | CVE-2025-24794 |
|
25th | 6.7 | The Snowflake Connector for Python uses pickle for OCSP response cache serialization, allowing local | |
| 3645 | CVE-2024-56971 |
|
25th | 6.5 | This vulnerability in Shuqi Novel iOS app allows attackers to access sensitive user information by t | |
| 3646 | CVE-2024-56968 |
|
25th | 6.5 | This vulnerability in the Govee Home iOS app allows attackers to access sensitive user information b | |
| 3647 | CVE-2024-56966 |
|
25th | 6.5 | This vulnerability in Qidian Reader iOS app allows attackers to access sensitive user information by | |
| 3648 | CVE-2024-56964 |
|
25th | 6.5 | This vulnerability in Guazi Used Car iOS app allows attackers to access sensitive user information b | |
| 3649 | CVE-2024-56962 |
|
25th | 6.5 | This vulnerability in WeSing iOS app allows attackers to access sensitive user information by tricki | |
| 3650 | CVE-2024-56959 |
|
25th | 6.5 | This vulnerability in Mashang Consumer Finance Co., Ltd's Anyihua iOS app allows attackers to access |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free