Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 4001 | CVE-2025-3166 |
|
23.8th | 5.3 | A critical stack-based buffer overflow vulnerability exists in code-projects Product Management Syst | |
| 4002 | CVE-2025-3869 |
|
23.8th | 6.1 | The 4stats WordPress plugin has a Cross-Site Request Forgery vulnerability that allows attackers to | |
| 4003 | CVE-2025-8867 |
|
23.8th | 6.4 | This stored XSS vulnerability in the Graphina WordPress plugin allows authenticated attackers with c | |
| 4004 | CVE-2025-5921 |
|
23.7th | 5.8 | This is a reflected cross-site scripting (XSS) vulnerability in the SureForms WordPress plugin. Atta | |
| 4005 | CVE-2026-21512 |
|
23.9th | 6.5 | This SSRF vulnerability in Azure DevOps Server allows authenticated attackers to make the server sen | |
| 4006 | CVE-2025-8423 |
|
23.7th | 5.4 | The My WP Translate WordPress plugin has a missing capability check vulnerability that allows authen | |
| 4007 | CVE-2025-10046 |
|
23.7th | 4.9 | This SQL injection vulnerability in the ELEX WooCommerce Google Shopping plugin allows authenticated | |
| 4008 | CVE-2025-57611 |
|
23.8th | 5.3 | A null pointer dereference vulnerability in rust-ffmpeg's dump() method allows attackers to cause de | |
| 4009 | CVE-2025-55695 |
|
23.9th | 5.5 | CVE-2025-55695 is an out-of-bounds read vulnerability in Windows WLAN Auto Config Service that allow | |
| 4010 | CVE-2025-58055 |
|
23.8th | 4.3 | Discourse versions 3.5.0 and below contain an authorization bypass vulnerability in AI suggestion en | |
| 4011 | CVE-2024-57494 |
|
23.8th | 6.5 | A cross-site scripting (XSS) vulnerability in Neto E-Commerce CMS allows remote attackers to inject | |
| 4012 | CVE-2025-9191 |
|
23.7th | 6.3 | The Houzez WordPress theme is vulnerable to PHP object injection through deserialization of untruste | |
| 4013 | CVE-2026-23624 |
|
23.7th | 4.3 | This vulnerability in GLPI allows session hijacking when remote authentication via SSO is used. An a | |
| 4014 | CVE-2025-24731 |
|
23.6th | 5.9 | This stored cross-site scripting (XSS) vulnerability in the IP2Location Country Blocker WordPress pl | |
| 4015 | CVE-2025-24727 |
|
23.6th | 5.9 | A stored cross-site scripting (XSS) vulnerability in the CodePeople Contact Form Email WordPress plu | |
| 4016 | CVE-2025-0068 |
|
23.5th | 4.3 | CVE-2025-0068 is an authorization bypass vulnerability in SAP NetWeaver Application Server ABAP wher | |
| 4017 | CVE-2025-23190 |
|
23.5th | 4.3 | This CVE describes an authorization bypass vulnerability in SAP systems where authenticated users ca | |
| 4018 | CVE-2025-30435 |
|
23.5th | 5.5 | A macOS vulnerability allows sandboxed applications to access sensitive user data from system logs. | |
| 4019 | CVE-2025-24226 |
|
23.5th | 5.5 | This vulnerability in Xcode allows malicious applications to access private information they shouldn | |
| 4020 | CVE-2024-45355 |
|
23.7th | 5.5 | This vulnerability allows attackers to bypass authorization controls in Xiaomi phone frameworks, ena | |
| 4021 | CVE-2024-45353 |
|
23.6th | 4.3 | This CVE describes an intent redirection vulnerability in Xiaomi's Quick App framework that allows a | |
| 4022 | CVE-2024-12580 |
|
23.5th | 5.3 | This CVE describes a log injection vulnerability in LibreChat where unvalidated parameters in downlo | |
| 4023 | CVE-2024-12387 |
|
23.6th | 6.5 | This vulnerability allows attackers to crash servers running the binary-husky/gpt_academic repositor | |
| 4024 | CVE-2025-28878 |
|
23.6th | 5.9 | This stored cross-site scripting (XSS) vulnerability in the Awesome Surveys WordPress plugin allows | |
| 4025 | CVE-2025-1881 |
|
23.5th | 4.3 | This vulnerability allows unauthorized access to video footage and live video streams in i-Drive i11 | |
| 4026 | CVE-2025-3588 |
|
23.7th | 5.3 | A stack-based buffer overflow vulnerability exists in jsonschema2pojo 1.2.2's JSON file handler when | |
| 4027 | CVE-2025-48116 |
|
23.5th | 5.3 | This CVE describes a missing authorization vulnerability in the EventON WordPress plugin that allows | |
| 4028 | CVE-2025-47564 |
|
23.5th | 5.3 | This CVE describes a missing authorization vulnerability in the EventON WordPress plugin that allows | |
| 4029 | CVE-2025-4225 |
|
23.7th | 5.3 | This vulnerability allows unauthenticated attackers to send specially crafted GraphQL requests to Gi | |
| 4030 | CVE-2024-42048 |
|
23.7th | 6.5 | This vulnerability in OpenOrange Business Framework 1.15.5 allows authenticated users to write to th | |
| 4031 | CVE-2025-11016 |
|
23.7th | 4.3 | A path traversal vulnerability in kodbox up to version 1.61.09 allows attackers to access files outs | |
| 4032 | CVE-2025-9115 |
|
23.6th | 5.6 | The Etsy Shop WordPress plugin before version 3.0.7 contains a reflected cross-site scripting (XSS) | |
| 4033 | CVE-2023-21479 |
|
23.6th | 5.3 | This vulnerability allows remote attackers to bypass authorization in Smart Suggestions on affected | |
| 4034 | CVE-2020-36862 |
|
23.7th | 6.1 | Nagios XI versions before 5.6.11 have unauthenticated vulnerabilities in the Highcharts export tool. | |
| 4035 | CVE-2025-56699 |
|
23.5th | 5.4 | An unauthenticated SQL injection vulnerability in Base Digitale Group's Centrax Open PSIM version 6. | |
| 4036 | CVE-2025-42902 |
|
23.5th | 5.3 | This memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform allows unauthenticat | |
| 4037 | CVE-2025-61962 |
|
23.7th | 5.9 | A vulnerability in fetchmail's SMTP client can cause a crash when processing malformed authenticatio | |
| 4038 | CVE-2025-47211 |
|
23.6th | 4.9 | A path traversal vulnerability in QNAP operating systems allows authenticated attackers with adminis | |
| 4039 | CVE-2025-12842 |
|
23.5th | 5.3 | This vulnerability allows unauthenticated attackers to send appointment notification emails with att | |
| 4040 | CVE-2025-54293 |
|
23.6th | 6.5 | This path traversal vulnerability in Canonical LXD 5.0 LTS allows authenticated remote attackers to | |
| 4041 | CVE-2025-46215 |
|
23.6th | 5.3 | An improper isolation vulnerability in Fortinet FortiSandbox allows unauthenticated attackers to byp | |
| 4042 | CVE-2025-64747 |
|
23.6th | 5.5 | A stored cross-site scripting (XSS) vulnerability in Directus allows authenticated users with file u | |
| 4043 | CVE-2025-62483 |
|
23.5th | 5.3 | This vulnerability in Zoom Clients allows unauthenticated attackers to access sensitive information | |
| 4044 | CVE-2025-64402 |
|
23.6th | 6.5 | Apache OpenOffice versions through 4.1.15 have a missing authorization vulnerability where documents | |
| 4045 | CVE-2025-65270 |
|
23.6th | 6.1 | This is a reflected cross-site scripting (XSS) vulnerability in ClinCapture EDC clinical trial softw | |
| 4046 | CVE-2025-14375 |
|
23.7th | 6.1 | This reflected XSS vulnerability in the RSS Aggregator WordPress plugin allows unauthenticated attac | |
| 4047 | CVE-2026-1020 |
|
23.5th | 5.3 | The Police Statistics Database System developed by Gotac contains an absolute path traversal vulnera | |
| 4048 | CVE-2025-0869 |
|
23.3th | 4.3 | This vulnerability allows attackers to inject malicious scripts via the browserLang parameter in the | |
| 4049 | CVE-2025-0576 |
|
23.3th | 4.3 | This vulnerability allows attackers to inject malicious scripts into the Mobotix M15 web interface v | |
| 4050 | CVE-2024-26156 |
|
23.4th | 4.8 | ETIC Telecom Remote Access Server (RAS) versions before 4.5.0 are vulnerable to reflected cross-site |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free