Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
351	CVE-2025-13326	0.02%	2.5th	3.9	Mattermost Desktop App versions before 6.0.0 for macOS fail to enable Hardened Runtime when packaged
352	CVE-2026-2069	0.01%	2.5th	3.3	A stack-based buffer overflow vulnerability exists in llama.cpp's GBNF grammar handler. This allows
353	CVE-2026-1990	0.01%	2.5th	3.3	A null pointer dereference vulnerability in oatpp versions up to 1.3.1 allows local attackers to cau
354	CVE-2025-36411	0.01%	2.2th	3.5	IBM ApplinX 11.1 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to
355	CVE-2025-15535	0.01%	2.4th	3.3	A null pointer dereference vulnerability in nicbarker clay library versions up to 0.14 allows local
356	CVE-2026-1991	0.01%	2.5th	3.3	This vulnerability in libuvc allows local attackers to cause a denial of service through null pointe
357	CVE-2025-14836	0.01%	2.2th	2.7	This vulnerability in ZZCMS 2025 allows attackers to store user data in cleartext on disk through th
358	CVE-2025-31186	0.01%	2.1th	3.3	This CVE describes a permissions vulnerability in Xcode that allows applications to bypass macOS Pri
359	CVE-2025-15564	0.01%	2.5th	3.3	This vulnerability in Mapnik up to version 4.2.0 allows local attackers to trigger a divide-by-zero
360	CVE-2025-12734	0.01%	2.4th	3.5	This vulnerability allows authenticated GitLab users to inject malicious HTML content into merge req
361	CVE-2025-65185	0.01%	2.2th	2.8	This vulnerability in Entrinsik Informer v5.10.1 allows attackers to enumerate valid usernames by an
362	CVE-2025-66556	0.01%	1.9th	3.5	This vulnerability in Nextcloud Talk allows participants with chat permissions to delete poll drafts
363	CVE-2026-1751	0.01%	1.9th	3.1	This vulnerability in GitLab CE/EE allows unauthorized users to edit merge request approval rules un
364	CVE-2025-46277	0.01%	1.9th	3.3	A macOS, iOS, iPadOS, and watchOS vulnerability allows applications to access a user's Safari browsi
365	CVE-2025-43517	0.01%	1.9th	3.3	This CVE describes a macOS privacy vulnerability where applications could access protected user data
366	CVE-2025-43518	0.01%	1.9th	3.3	This CVE describes a logic flaw in Apple's spellcheck API that could allow malicious applications to
367	CVE-2026-1485	0.01%	2th	2.8	A buffer underflow vulnerability in Glib's content type parsing logic allows integer wraparound for
368	CVE-2025-57840	0.01%	2th	2.2	This CVE describes a privilege bypass vulnerability in Android Debug Bridge (ADB) that could allow u
369	CVE-2026-2241	0.01%	1.9th	3.3	CVE-2026-2241 is an out-of-bounds read vulnerability in the os_strftime function of Janet programmin
370	CVE-2026-2242	0.01%	1.9th	3.3	This vulnerability in janet-lang allows local attackers to perform out-of-bounds read operations via
371	CVE-2025-3950	0.01%	2th	3.5	This vulnerability in GitLab allows authenticated users to bypass asset proxy protection by referenc
372	CVE-2026-2240	0.01%	1.9th	3.3	CVE-2026-2240 is an out-of-bounds read vulnerability in the janet programming language's compiler fu
373	CVE-2025-57784	0.01%	1.4th	3.3	A timing attack vulnerability exists in Hiawatha webserver version 11.7's Tomahawk management client
374	CVE-2025-66548	0.01%	1.4th	3.3	This vulnerability in Nextcloud Deck allows attackers to spoof file extensions using Right-to-Left O
375	CVE-2025-43404	0.01%	1.4th	3.3	A sandbox escape vulnerability in macOS allows malicious applications to bypass intended restriction
376	CVE-2025-43516	0.01%	1.6th	3.3	A session management vulnerability in macOS Voice Control allows users with Voice Control enabled to
377	CVE-2025-12792	0.01%	1.6th	3.2	The Canva for Mac desktop app distributed through the Mac App Store was built without Apple's Harden
378	CVE-2025-14594	0.01%	1.6th	3.5	This vulnerability allows authenticated users to view certain pipeline values via API queries in aff
379	CVE-2026-20646	0.01%	1.6th	3.3	A macOS logging vulnerability allows malicious applications to access sensitive location information
380	CVE-2026-21674	0.01%	1.7th	3.3	CVE-2026-21674 is a memory leak vulnerability in iccDEV's XML parsing functionality (iccFromXml) tha
381	CVE-2026-20681	0.01%	1.6th	3.3	This macOS vulnerability allows applications to access sensitive contact information that should be
382	CVE-2026-2245	0.01%	1.7th	3.3	An out-of-bounds read vulnerability exists in CCExtractor's MPEG-TS file parser affecting versions u
383	CVE-2025-67852	0.01%	1.6th	3.5	An open redirect vulnerability in Moodle's OAuth login flow allows attackers to redirect authenticat
384	CVE-2025-13611	0.01%	1.4th	2.0	This vulnerability in GitLab CE/EE allows authenticated users with access to certain logs to obtain
385	CVE-2026-22250	0.01%	1.4th	2.5	CVE-2026-22250 is a vulnerability in the wlc Weblate command-line client where SSL certificate verif
386	CVE-2026-1409	0.01%	1.4th	2.0	This vulnerability in Beetel 777VR1 routers allows attackers to bypass authentication rate limiting
387	CVE-2025-65083	0.01%	1.2th	3.2	GoSign Desktop versions through 2.4.1 disable TLS certificate validation when configured to use a pr
388	CVE-2026-24883	0.01%	1.3th	3.7	This vulnerability in GnuPG allows an attacker to crash the application by sending a specially craft
389	CVE-2025-40818	0.01%	1th	3.3	SINEMA Remote Connect Server versions before V3.2 SP4 store SSL/TLS private keys with insufficient p
390	CVE-2026-25815	0.01%	1th	3.2	This vulnerability allows attackers to decrypt LDAP credentials stored in FortiOS configuration file
391	CVE-2026-20601	0.01%	0.9th	3.3	This CVE describes a permissions vulnerability in macOS that allows applications to monitor keystrok
392	CVE-2025-59700	0.01%	1th	3.9	This vulnerability allows a physically proximate attacker with root access to modify the Recovery Pa
393	CVE-2025-13053	0.01%	1th	3.7	This vulnerability allows man-in-the-middle attackers to intercept and potentially modify communicat
394	CVE-2026-1700	0.01%	1th	3.5	This vulnerability allows remote attackers to inject malicious scripts via the Message parameter in
395	CVE-2026-20656	0.01%	1th	3.3	A logic vulnerability in Apple's iOS, iPadOS, Safari, and macOS allows malicious applications to acc
396	CVE-2025-12654	0.01%	0.9th	2.7	The WPvivid Backup & Migration WordPress plugin allows authenticated attackers with Administrator pr
397	CVE-2025-24090	0.01%	1th	3.3	This CVE describes an information disclosure vulnerability in iOS/iPadOS where malicious apps could
398	CVE-2025-15288	0.01%	0.8th	3.1	CVE-2025-15288 is an improper access control vulnerability in Tanium Interact that could allow authe
399	CVE-2026-25046	0.01%	0.7th	2.9	This vulnerability allows arbitrary command execution through shell injection in development scripts
400	CVE-2026-20663	0.01%	0.8th	3.3	This vulnerability allows malicious apps to enumerate a user's installed applications on iOS and iPa

← Previous Page 8 of 9 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free