Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 4251 | CVE-2025-1748 |
|
22.4th | 4.7 | This CVE describes HTML injection vulnerabilities in OpenCart's account registration endpoint that a | |
| 4252 | CVE-2025-1356 |
|
22.5th | 6.3 | This critical SQL injection vulnerability in needyamin Library Card System 1.0 allows remote attacke | |
| 4253 | CVE-2025-25900 |
|
22.5th | 4.9 | A buffer overflow vulnerability exists in TP-Link TL-WR841ND V11 routers via the username and passwo | |
| 4254 | CVE-2025-30441 |
|
22.5th | 5.5 | This vulnerability in Xcode allows malicious apps to overwrite arbitrary files on the system due to | |
| 4255 | CVE-2025-24218 |
|
22.5th | 5.5 | A privacy vulnerability in macOS allowed applications to access user contact information without pro | |
| 4256 | CVE-2024-9770 |
|
22.5th | 4.7 | This vulnerability in the WP-Recall WordPress plugin allows administrators to perform SQL injection | |
| 4257 | CVE-2025-2577 |
|
22.5th | 6.4 | The Bitspecter Suite WordPress plugin up to version 1.0.0 has a stored XSS vulnerability in SVG file | |
| 4258 | CVE-2025-1314 |
|
22.5th | 4.3 | This CSRF vulnerability in the Custom Twitter Feeds WordPress plugin allows unauthenticated attacker | |
| 4259 | CVE-2024-54560 |
|
22.6th | 5.5 | This vulnerability allows a malicious app to modify other applications without proper App Management | |
| 4260 | CVE-2025-22019 |
|
22.5th | 5.5 | A Linux kernel vulnerability in bcachefs filesystem's subvolume destruction function allows local at | |
| 4261 | CVE-2025-36572 |
|
22.5th | 6.5 | Dell PowerStore version 4.0.0.0 contains hard-coded credentials in its image file, allowing attacker | |
| 4262 | CVE-2025-43838 |
|
22.5th | 6.5 | This CVE describes a Missing Authorization vulnerability in ChoPlugins Custom PC Builder Lite for Wo | |
| 4263 | CVE-2024-56427 |
|
22.5th | 6.5 | This vulnerability in Samsung Exynos processors allows attackers to trigger out-of-bounds memory acc | |
| 4264 | CVE-2025-26784 |
|
22.5th | 6.5 | A memory corruption vulnerability in Samsung Exynos processors allows attackers to write data beyond | |
| 4265 | CVE-2025-47814 |
|
22.4th | 4.5 | CVE-2025-47814 is a heap-based buffer overflow vulnerability in GNU PSPP's libpspp-core.a library th | |
| 4266 | CVE-2025-47201 |
|
22.4th | 4.4 | This cross-site scripting (XSS) vulnerability in Intrexx Portal Server allows attackers to inject ma | |
| 4267 | CVE-2025-5728 |
|
22.5th | 6.3 | This critical vulnerability in SourceCodester Open Source Clinic Management System 1.0 allows remote | |
| 4268 | CVE-2024-13973 |
|
22.4th | 6.8 | This CVE describes a post-authentication SQL injection vulnerability in Sophos Firewall's WebAdmin i | |
| 4269 | CVE-2025-36582 |
|
22.5th | 4.8 | Dell NetWorker versions 19.12.0.1 and earlier contain an algorithm downgrade vulnerability that allo | |
| 4270 | CVE-2025-55737 |
|
22.4th | 6.5 | This vulnerability in flaskBlog allows any authenticated user to delete arbitrary comments belonging | |
| 4271 | CVE-2025-42946 |
|
22.5th | 6.9 | This directory traversal vulnerability in SAP S/4HANA Bank Communication Management allows authentic | |
| 4272 | CVE-2025-60116 |
|
22.5th | 5.4 | This CVE describes a missing authorization vulnerability in the Grand Conference Theme Custom Post T | |
| 4273 | CVE-2025-10148 |
|
22.4th | 5.3 | A vulnerability in curl's WebSocket implementation uses a fixed 32-bit mask pattern for all outgoing | |
| 4274 | CVE-2025-62398 |
|
22.5th | 5.4 | This authentication bypass vulnerability allows attackers with valid credentials to circumvent multi | |
| 4275 | CVE-2025-43907 |
|
22.5th | 6.5 | This CVE describes a path traversal vulnerability in Dell PowerProtect Data Domain systems where att | |
| 4276 | CVE-2025-12043 |
|
22.5th | 5.3 | The Autochat Automatic Conversation WordPress plugin has an authentication bypass vulnerability that | |
| 4277 | CVE-2025-7623 |
|
22.4th | 5.4 | This vulnerability allows authenticated attackers with SSH access to the BMC to execute arbitrary co | |
| 4278 | CVE-2025-13265 |
|
22.5th | 6.3 | This CVE describes a path traversal vulnerability in the lsfusion platform's unpackFile function tha | |
| 4279 | CVE-2025-13239 |
|
22.5th | 4.3 | This vulnerability in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5 allows | |
| 4280 | CVE-2025-59089 |
|
22.4th | 5.9 | This vulnerability in kdcproxy allows denial-of-service attacks when an attacker can redirect connec | |
| 4281 | CVE-2025-60723 |
|
22.5th | 6.3 | A race condition vulnerability in Windows DirectX allows authenticated attackers to cause denial of | |
| 4282 | CVE-2025-29699 |
|
22.4th | 6.5 | NetSurf 3.11 contains a use-after-free vulnerability in the dom_node_set_text_content function that | |
| 4283 | CVE-2025-66737 |
|
22.5th | 4.3 | Yealink T21P_E2 phones running firmware 52.84.0.15 have a directory traversal vulnerability in the d | |
| 4284 | CVE-2025-14253 |
|
22.5th | 4.9 | Vitals ESP software from Galaxy Software Services contains an absolute path traversal vulnerability | |
| 4285 | CVE-2025-41012 |
|
22.5th | 5.3 | This vulnerability in TCMAN GIM v11 allows unauthenticated attackers to determine whether specific u | |
| 4286 | CVE-2026-21639 |
|
22.5th | 5.4 | This vulnerability allows attackers within Wi-Fi range to execute arbitrary code on affected Ubiquit | |
| 4287 | CVE-2026-0707 |
|
22.5th | 5.3 | This vulnerability in Keycloak's Authorization header parser allows attackers to bypass authenticati | |
| 4288 | CVE-2025-20942 |
|
22.5th | 4.4 | This vulnerability allows local attackers to reset the OAID (Open Anonymous Device Identifier) on Sa | |
| 4289 | CVE-2026-1684 |
|
22.6th | 5.3 | A denial-of-service vulnerability exists in Free5GC SMF's PFCP UDP Endpoint component, specifically | |
| 4290 | CVE-2026-1683 |
|
22.6th | 5.3 | A denial-of-service vulnerability exists in Free5GC SMF's PFCP handler that allows remote attackers | |
| 4291 | CVE-2026-1738 |
|
22.5th | 5.3 | CVE-2026-1738 is a reachable assertion vulnerability in Open5GS SGWC component that allows remote at | |
| 4292 | CVE-2026-1737 |
|
22.5th | 5.3 | This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the Create | |
| 4293 | CVE-2026-1736 |
|
22.5th | 5.3 | A reachable assertion vulnerability in Open5GS SGWC component allows remote attackers to cause denia | |
| 4294 | CVE-2024-13599 |
|
22.3th | 6.4 | This stored XSS vulnerability in LearnPress WordPress plugin allows authenticated attackers with LP | |
| 4295 | CVE-2024-13548 |
|
22.3th | 6.4 | The Power Ups for Elementor WordPress plugin has a stored XSS vulnerability in its 'magic-button' sh | |
| 4296 | CVE-2025-24701 |
|
22.3th | 4.4 | A Server-Side Request Forgery (SSRF) vulnerability in Kiboko Labs Chained Quiz WordPress plugin allo | |
| 4297 | CVE-2024-13583 |
|
22.3th | 6.4 | The Simple Gallery with Filter WordPress plugin has a stored XSS vulnerability in all versions up to | |
| 4298 | CVE-2024-13659 |
|
22.3th | 6.4 | The Listamester WordPress plugin has a stored XSS vulnerability that allows authenticated attackers | |
| 4299 | CVE-2025-21558 |
|
22.4th | 5.4 | This vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management allows authenticat | |
| 4300 | CVE-2024-42173 |
|
22.3th | 4.8 | HCL MyXalytics has an improper password policy vulnerability that allows attackers to guess or brute |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free