Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 4101 | CVE-2025-9787 |
|
52th | 6.1 | ManageEngine Applications Manager versions 177400 and below contain a stored cross-site scripting vu | |
| 4102 | CVE-2025-0502 |
|
52th | 9.1 | This vulnerability allows attackers to access private files and directories in CrafterCMS through im | |
| 4103 | CVE-2025-0613 |
|
52th | 6.1 | The Photo Gallery by 10Web WordPress plugin before version 1.8.34 contains a stored cross-site scrip | |
| 4104 | CVE-2025-28091 |
|
52th | 9.1 | This SSRF vulnerability in maccms10 allows attackers to make the server send arbitrary HTTP requests | |
| 4105 | CVE-2025-28089 |
|
52th | 9.1 | This SSRF vulnerability in maccms10 allows attackers to make the server send unauthorized requests t | |
| 4106 | CVE-2025-25650 |
|
51.9th | 9.1 | This vulnerability in Dorset DG 201 Digital Lock allows attackers to clone NFC cards by exploiting i | |
| 4107 | CVE-2025-24049 |
|
51.9th | 8.4 | This command injection vulnerability in Azure CLI allows local attackers to execute arbitrary comman | |
| 4108 | CVE-2025-46661 |
|
52th | 10.0 | CVE-2025-46661 is an unauthenticated remote code execution vulnerability in IPW Systems Metazo throu | |
| 4109 | CVE-2025-46727 |
|
51.9th | 7.5 | This vulnerability in Rack's query parser allows attackers to send HTTP requests with extremely larg | |
| 4110 | CVE-2025-7437 |
|
51.9th | 9.8 | The Ebook Store WordPress plugin allows unauthenticated attackers to upload arbitrary files due to m | |
| 4111 | CVE-2025-6679 |
|
51.9th | 9.8 | The Bit Form builder plugin for WordPress allows unauthenticated attackers to upload arbitrary files | |
| 4112 | CVE-2025-10220 |
|
51.9th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code or bypass security features in | |
| 4113 | CVE-2025-69255 |
|
51.9th | 4.0 | A malformed gRPC GetMetrics request can cause RustFS to panic and crash the handler thread, enabling | |
| 4114 | CVE-2025-15471 |
|
51.9th | 9.8 | This CVE describes a remote command injection vulnerability in TRENDnet TEW-713RE routers. Attackers | |
| 4115 | CVE-2025-1135 |
|
51.8th | 7.2 | This SQL injection vulnerability in ChurchCRM allows attackers with administrator privileges to exec | |
| 4116 | CVE-2025-1134 |
|
51.8th | 7.2 | This SQL injection vulnerability in ChurchCRM allows attackers with administrator privileges to exec | |
| 4117 | CVE-2024-13920 |
|
51.8th | 4.9 | This vulnerability allows authenticated WordPress administrators to perform directory traversal atta | |
| 4118 | CVE-2025-3564 |
|
51.8th | 4.3 | This vulnerability allows unauthorized access to the Teacher String Handler component in huanfenz/co | |
| 4119 | CVE-2024-51800 |
|
51.8th | 9.8 | CVE-2024-51800 is an incorrect privilege assignment vulnerability in the Favethemes Homey WordPress | |
| 4120 | CVE-2025-32002 |
|
51.9th | 9.8 | This vulnerability allows remote unauthenticated attackers to execute arbitrary operating system com | |
| 4121 | CVE-2025-4200 |
|
51.8th | 8.1 | This vulnerability allows unauthenticated attackers to include and execute arbitrary PHP files on Wo | |
| 4122 | CVE-2025-45968 |
|
51.9th | 9.8 | System PDV v1.0 contains an Insecure Direct Object Reference (IDOR) vulnerability that allows remote | |
| 4123 | CVE-2025-8958 |
|
51.9th | 8.8 | A stack-based buffer overflow vulnerability exists in Tenda TX3 router firmware version 16.03.13.11_ | |
| 4124 | CVE-2025-48572 |
|
51.8th | 7.8 | KEV | This Android vulnerability allows malicious apps to launch activities from the background without pr |
| 4125 | CVE-2026-25475 |
|
51.8th | 6.5 | OpenClaw versions before 2026.1.30 contain a path traversal vulnerability in the isValidMedia() func | |
| 4126 | CVE-2024-13361 |
|
51.7th | 6.3 | The AI Power WordPress plugin has an authorization vulnerability that allows authenticated users wit | |
| 4127 | CVE-2024-45424 |
|
51.7th | 5.3 | A business logic error in certain Zoom Workplace applications allows unauthenticated attackers to ac | |
| 4128 | CVE-2024-56973 |
|
51.7th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Alvaria Unified IP Unified D | |
| 4129 | CVE-2025-24967 |
|
51.7th | 5.4 | A stored cross-site scripting (XSS) vulnerability in reNgine's admin panel allows attackers to injec | |
| 4130 | CVE-2025-20209 |
|
51.7th | 7.5 | An unauthenticated remote attacker can send malformed IKEv2 packets to Cisco IOS XR devices, causing | |
| 4131 | CVE-2025-6143 |
|
51.7th | 8.8 | This critical vulnerability in TOTOLINK EX1200T routers allows remote attackers to execute arbitrary | |
| 4132 | CVE-2025-6137 |
|
51.7th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK T10 routers allows remote attackers to execute | |
| 4133 | CVE-2025-29093 |
|
51.7th | 8.2 | A file upload vulnerability in Motivian Content Management System v41.0.0 allows remote attackers to | |
| 4134 | CVE-2025-48543 |
|
51.7th | 8.8 | KEV | This CVE describes a use-after-free vulnerability in Android's Chrome sandbox that allows local atta |
| 4135 | CVE-2025-9950 |
|
51.7th | 4.9 | The Error Log Viewer WordPress plugin contains a directory traversal vulnerability that allows authe | |
| 4136 | CVE-2025-12539 |
|
51.7th | 10.0 | The TNC Toolbox: Web Performance WordPress plugin exposes cPanel API credentials in publicly accessi | |
| 4137 | CVE-2024-13367 |
|
51.6th | 6.5 | The Sandbox WordPress plugin allows authenticated attackers with Subscriber-level access or higher t | |
| 4138 | CVE-2023-27539 |
|
51.6th | 5.3 | CVE-2023-27539 is a denial-of-service vulnerability in Rack's header parsing component that allows a | |
| 4139 | CVE-2024-13468 |
|
51.6th | 7.5 | The Trash Duplicate and 301 Redirect WordPress plugin has an authorization vulnerability that allows | |
| 4140 | CVE-2024-6839 |
|
51.6th | 5.3 | CVE-2024-6839 is an improper regex path matching vulnerability in flask-cors 4.0.1 that causes longe | |
| 4141 | CVE-2024-8682 |
|
51.6th | 5.3 | This vulnerability allows unauthenticated attackers to register user accounts on WordPress sites usi | |
| 4142 | CVE-2025-3536 |
|
51.6th | 6.5 | This vulnerability allows attackers to bypass authorization controls in Tutorials-Website Employee M | |
| 4143 | CVE-2025-6772 |
|
51.6th | 7.3 | This critical vulnerability in eosphoros-ai DB-GPT allows remote attackers to perform path traversal | |
| 4144 | CVE-2025-13188 |
|
51.7th | 9.8 | A stack-based buffer overflow vulnerability in the authentication.cgi component of D-Link DIR-816L r | |
| 4145 | CVE-2025-15228 |
|
51.6th | 9.8 | CVE-2025-15228 is a critical arbitrary file upload vulnerability in WELLTEND TECHNOLOGY's BPMFlowWeb | |
| 4146 | CVE-2025-15226 |
|
51.6th | 9.8 | WMPro software from Sunnet contains an unauthenticated arbitrary file upload vulnerability that allo | |
| 4147 | CVE-2026-24888 |
|
51.6th | 6.5 | Maker.js versions up to 0.19.1 contain a prototype pollution vulnerability in the extendObject funct | |
| 4148 | CVE-2025-21310 |
|
51.5th | 6.6 | This Windows Digital Media vulnerability allows attackers to gain elevated privileges on affected sy | |
| 4149 | CVE-2025-21260 |
|
51.5th | 6.6 | This Windows Digital Media vulnerability allows attackers to gain elevated privileges on affected sy | |
| 4150 | CVE-2025-21255 |
|
51.5th | 6.6 | This Windows Digital Media vulnerability allows attackers to gain elevated privileges on affected sy |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free