Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 4051 | CVE-2024-26154 |
|
23.4th | 4.8 | ETIC Telecom Remote Access Server (RAS) versions before 4.5.0 contain a reflected cross-site scripti | |
| 4052 | CVE-2025-23198 |
|
23.3th | 4.6 | This stored XSS vulnerability in LibreNMS allows attackers to inject malicious scripts into device d | |
| 4053 | CVE-2025-0458 |
|
23.3th | 4.3 | This vulnerability allows attackers to inject malicious scripts into the login panel of Virtual Comp | |
| 4054 | CVE-2024-13323 |
|
23.4th | 6.4 | The WP Booking Calendar plugin for WordPress has a stored XSS vulnerability that allows authenticate | |
| 4055 | CVE-2024-56271 |
|
23.3th | 4.3 | This vulnerability allows attackers to bypass authorization controls in the WP SecureSubmit WordPres | |
| 4056 | CVE-2025-23017 |
|
23.3th | 6.0 | WorkOS Hosted AuthKit versions before 2025-01-07 contain an authentication bypass vulnerability wher | |
| 4057 | CVE-2025-25241 |
|
23.4th | 5.4 | CVE-2025-25241 is a missing authorization vulnerability in SAP applications that allows authenticate | |
| 4058 | CVE-2025-24869 |
|
23.4th | 4.3 | CVE-2025-24869 is an information disclosure vulnerability in SAP NetWeaver Application Server Java t | |
| 4059 | CVE-2025-2919 |
|
23.2th | 6.8 | This critical vulnerability in Netis WF-2404 routers allows attackers with physical access to activa | |
| 4060 | CVE-2025-2604 |
|
23.2th | 6.3 | This vulnerability allows remote attackers to execute arbitrary SQL commands via the ID parameter in | |
| 4061 | CVE-2025-2354 |
|
23.3th | 4.3 | This vulnerability in VAM Virtual Airlines Manager 2.6.2 allows attackers to inject malicious script | |
| 4062 | CVE-2025-2042 |
|
23.3th | 4.3 | This vulnerability allows attackers to perform cross-site request forgery (CSRF) attacks against the | |
| 4063 | CVE-2025-3471 |
|
23.3th | 4.9 | The SureForms WordPress plugin before version 1.4.4 lacks proper authorization checks in its REST AP | |
| 4064 | CVE-2025-3056 |
|
23.4th | 5.4 | The Download Manager WordPress plugin allows authenticated attackers with Author-level access or hig | |
| 4065 | CVE-2025-22109 |
|
23.3th | 5.5 | This CVE describes a memory leak and refcount leak vulnerability in the Linux kernel's AX.25 protoco | |
| 4066 | CVE-2025-5283 |
|
23.3th | 5.4 | This CVE describes a use-after-free vulnerability in libvpx (VP8/VP9 video codec library) in Google | |
| 4067 | CVE-2025-32404 |
|
23.4th | 4.8 | An out-of-bounds write vulnerability in RT-Labs P-Net library allows attackers to corrupt memory in | |
| 4068 | CVE-2024-51991 |
|
23.4th | 4.9 | This vulnerability allows authenticated administrators in October CMS to bypass SVG file sanitizatio | |
| 4069 | CVE-2025-6900 |
|
23.3th | 6.3 | This critical vulnerability in code-projects Library System 1.0 allows remote attackers to upload ar | |
| 4070 | CVE-2025-49081 |
|
23.4th | 4.9 | An insufficient input validation vulnerability in Absolute Secure Access warehouse component allows | |
| 4071 | CVE-2025-27714 |
|
23.4th | 6.3 | This vulnerability allows attackers to upload arbitrary files through a specific endpoint, potential | |
| 4072 | CVE-2025-56018 |
|
23.4th | 6.1 | This stored XSS vulnerability in SourceCodester's Pharmacy Product Management System allows attacker | |
| 4073 | CVE-2025-46425 |
|
23.4th | 6.5 | This XXE vulnerability in Dell Storage Manager allows attackers to read arbitrary files on the serve | |
| 4074 | CVE-2025-11518 |
|
23.3th | 5.3 | The WPC Smart Wishlist for WooCommerce WordPress plugin has an Insecure Direct Object Reference vuln | |
| 4075 | CVE-2025-11167 |
|
23.3th | 4.7 | This vulnerability allows unauthenticated attackers to redirect WordPress users to malicious website | |
| 4076 | CVE-2025-60838 |
|
23.4th | 6.5 | This vulnerability in MCMS v6.0.1 allows attackers to upload malicious files to the server, which ca | |
| 4077 | CVE-2025-67163 |
|
23.4th | 6.1 | A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers t | |
| 4078 | CVE-2025-66304 |
|
23.4th | 6.2 | Grav CMS versions before 1.8.0-beta.27 expose password hashes to users with read access to the admin | |
| 4079 | CVE-2026-0822 |
|
23.3th | 6.3 | A heap-based buffer overflow vulnerability in quickjs-ng's js_typed_array_sort function allows remot | |
| 4080 | CVE-2024-12444 |
|
23th | 6.4 | The WP Dispensary WordPress plugin has a stored XSS vulnerability in its 'wpd_menu' shortcode that a | |
| 4081 | CVE-2024-10309 |
|
23.2th | 5.9 | This vulnerability in the Tracking Code Manager WordPress plugin allows users with Contributor-level | |
| 4082 | CVE-2024-13432 |
|
23.1th | 6.1 | The Webcamconsult WordPress plugin has a CSRF vulnerability that allows attackers to trick administr | |
| 4083 | CVE-2024-50807 |
|
23th | 6.1 | Trippo Responsive Filemanager 9.14.0 contains a cross-site scripting vulnerability that allows attac | |
| 4084 | CVE-2024-13298 |
|
23th | 4.8 | This Cross-Site Scripting (XSS) vulnerability in Drupal's Tarte au Citron module allows attackers to | |
| 4085 | CVE-2024-13292 |
|
23th | 4.8 | This Cross-Site Scripting (XSS) vulnerability in Drupal Tooltip module allows attackers to inject ma | |
| 4086 | CVE-2024-13262 |
|
23th | 4.8 | This vulnerability allows attackers to inject malicious scripts into web pages generated by Drupal's | |
| 4087 | CVE-2025-1686 |
|
23.2th | 6.8 | This vulnerability in Pebble Templates allows attackers with template editing privileges to read sen | |
| 4088 | CVE-2025-2596 |
|
23.1th | 5.3 | This vulnerability in Checkmk allows attackers to bypass session logout mechanisms, potentially main | |
| 4089 | CVE-2025-30741 |
|
23.2th | 4.3 | A Pixelfed vulnerability allows unauthorized users to follow private accounts and view private posts | |
| 4090 | CVE-2024-10472 |
|
23.2th | 5.9 | This vulnerability in the Stylish Price List WordPress plugin allows high-privilege users (like cont | |
| 4091 | CVE-2025-2624 |
|
23.1th | 6.3 | CVE-2025-2624 is a critical SQL injection vulnerability in westboy CicadasCMS 1.0 that allows remote | |
| 4092 | CVE-2025-25774 |
|
23th | 6.5 | This vulnerability in Open5GS allows attackers to cause a denial of service by triggering a crash in | |
| 4093 | CVE-2025-28875 |
|
23th | 5.9 | This stored cross-site scripting (XSS) vulnerability in the BP Email Assign Templates WordPress plug | |
| 4094 | CVE-2025-20951 |
|
23th | 5.1 | This vulnerability in Galaxy Store allows local attackers to write arbitrary files with Galaxy Store | |
| 4095 | CVE-2024-45544 |
|
23.1th | 6.6 | This vulnerability allows memory corruption through improper handling of IOCTL calls when adding rou | |
| 4096 | CVE-2024-45540 |
|
23.1th | 6.6 | This vulnerability allows memory corruption through improper handling of IOCTL map buffer requests f | |
| 4097 | CVE-2025-20151 |
|
23.2th | 4.3 | This vulnerability allows authenticated SNMPv3 users to poll Cisco IOS/IOS XE devices even when thei | |
| 4098 | CVE-2025-46736 |
|
23th | 5.3 | This CVE describes a timing attack vulnerability in Umbraco CMS that allows attackers to determine w | |
| 4099 | CVE-2025-5463 |
|
23.1th | 5.5 | This vulnerability allows local authenticated attackers to access sensitive information that was imp | |
| 4100 | CVE-2025-53493 |
|
23th | 6.5 | This vulnerability is a stored cross-site scripting (XSS) flaw in the Mediawiki MintyDocs Extension, |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free