Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 401 | CVE-2025-68157 |
|
0.7th | 3.7 | This CVE describes a security bypass vulnerability in Webpack's HTTP(S) resolver when the experiment | |
| 402 | CVE-2025-68458 |
|
0.7th | 3.7 | This CVE describes a security bypass vulnerability in Webpack's HTTP(S) resolver when the experiment | |
| 403 | CVE-2024-44210 |
|
0.7th | 3.3 | A macOS permissions vulnerability allows applications to access sensitive user data they shouldn't h | |
| 404 | CVE-2026-1421 |
|
0.7th | 3.5 | This vulnerability allows attackers to inject malicious scripts into the Online Examination System 1 | |
| 405 | CVE-2025-55307 |
|
0.8th | 3.3 | This vulnerability in Foxit PDF software allows attackers to trigger an out-of-bounds read by tricki | |
| 406 | CVE-2025-15504 |
|
0.7th | 3.3 | A null pointer dereference vulnerability exists in LIEF's ELF binary parser that can cause denial of | |
| 407 | CVE-2025-54342 |
|
0.5th | 3.3 | This vulnerability in Desktop Alert PingAlert's Application Server exposes sensitive information due | |
| 408 | CVE-2026-20796 |
|
0.6th | 3.1 | This vulnerability allows deactivated Mattermost users to learn team names they shouldn't have acces | |
| 409 | CVE-2025-66546 |
|
0.5th | 3.3 | This vulnerability in Nextcloud Calendar allows attackers to blindly book appointments using sequent | |
| 410 | CVE-2025-15506 |
|
0.4th | 3.3 | This vulnerability in OpenColorIO allows local attackers to perform out-of-bounds read operations vi | |
| 411 | CVE-2025-43522 |
|
0.4th | 3.3 | A code-signing downgrade vulnerability in Intel-based Mac computers allows malicious apps to bypass | |
| 412 | CVE-2025-65681 |
|
0.4th | 3.3 | This vulnerability in Tutor (Open edX deployment tool) allows local unauthorized attackers to access | |
| 413 | CVE-2025-63292 |
|
0.5th | 3.5 | This vulnerability exposes subscribers' IMSI identifiers in plaintext during EAP-SIM authentication | |
| 414 | CVE-2026-22281 |
|
0.4th | 3.5 | A Time-of-check Time-of-use (TOCTOU) race condition vulnerability in Dell PowerScale OneFS allows lo | |
| 415 | CVE-2026-23901 |
|
0.4th | 2.5 | This CVE describes an observable timing discrepancy vulnerability in Apache Shiro authentication. At | |
| 416 | CVE-2025-31963 |
|
0.4th | 2.9 | This vulnerability allows a local attacker to make unauthorized configuration changes to HCL BigFix | |
| 417 | CVE-2026-1407 |
|
0.3th | 2.0 | This vulnerability in Beetel 777VR1 routers allows attackers with physical access to the device to e | |
| 418 | CVE-2026-1408 |
|
0.3th | 2.0 | This vulnerability in Beetel 777VR1 routers allows attackers with physical access to bypass weak pas | |
| 419 | CVE-2026-2345 |
|
0.3th | 3.6 | The Proctorio Chrome Extension vulnerability allows malicious websites to send messages that the ext | |
| 420 | CVE-2025-9615 |
|
0.2th | 3.3 | This CVE describes an improper preservation of permissions vulnerability in NetworkManager where the | |
| 421 | CVE-2026-25211 |
|
0.2th | 3.2 | Llama Stack versions before 0.4.0rc3 expose pgvector database passwords in initialization logs. This | |
| 422 | CVE-2025-33081 |
|
0.2th | 3.3 | IBM Concert versions 1.0.0 through 2.1.0 store sensitive information in log files that local users c | |
| 423 | CVE-2026-24515 |
|
0.2th | 2.9 | This vulnerability in libexpat's XML_ExternalEntityParserCreate function fails to copy unknown encod | |
| 424 | CVE-2025-58380 |
|
0.2th | 2.3 | This vulnerability allows authenticated administrators on Brocade Fabric OS to use the 'grep' shell | |
| 425 | CVE-2025-58381 |
|
0.2th | 2.3 | This vulnerability in Brocade Fabric OS allows authenticated administrators to abuse shell commands | |
| 426 | CVE-2025-66331 |
|
0.2th | 3.3 | This CVE describes a denial-of-service vulnerability in Huawei office services where attackers can d | |
| 427 | CVE-2025-66332 |
|
0.2th | 3.3 | This CVE describes a denial of service vulnerability in Huawei office services where specially craft | |
| 428 | CVE-2025-66333 |
|
0.2th | 3.3 | This CVE describes a denial-of-service vulnerability in Huawei's office service. Successful exploita | |
| 429 | CVE-2025-66334 |
|
0.2th | 3.3 | This CVE describes a denial of service vulnerability in Huawei office services where attackers can d | |
| 430 | CVE-2025-64763 |
|
0.1th | 3.7 | Envoy proxy versions 1.33.12, 1.34.10, 1.35.6, 1.36.2 and earlier have a CONNECT tunnel desynchroniz | |
| 431 | CVE-2025-68164 |
|
0.1th | 2.7 | This vulnerability in JetBrains TeamCity allows attackers to enumerate open ports on the server when | |
| 432 | CVE-2025-22873 |
|
0.1th | 3.8 | This vulnerability in Go's os.Root implementation allows directory traversal to access the parent di | |
| 433 | CVE-2025-67739 |
|
0.1th | 3.1 | This vulnerability in JetBrains TeamCity allows attackers to disclose local file paths through impro | |
| 434 | CVE-2025-67740 |
|
0.1th | 2.7 | This vulnerability in JetBrains TeamCity allows improper access control that could expose GitHub App | |
| 435 | CVE-2025-68162 |
|
0th | 2.7 | This vulnerability in JetBrains TeamCity allows attackers to load malicious extensions via Maven emb | |
| 436 | CVE-2025-65014 |
|
0th | 3.7 | A weak password policy vulnerability in LibreNMS allows administrators to create user accounts with | |
| 437 | CVE-2025-64773 |
|
0th | 2.7 | A race condition vulnerability in JetBrains YouTrack allows bypassing helpdesk Agent license limits. |
← Previous
Page 9 of 9
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free