Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 4551 | CVE-2024-56841 |
|
48.6th | 7.4 | Mendix LDAP module versions before 1.1.2 are vulnerable to LDAP injection attacks. This allows unaut | |
| 4552 | CVE-2025-22598 |
|
48.6th | 8.3 | A stored XSS vulnerability in WeGIA's cadastrarSocio.php endpoint allows attackers to inject malicio | |
| 4553 | CVE-2025-22597 |
|
48.6th | 8.3 | A stored XSS vulnerability in WeGIA's CobrancaController.php endpoint allows attackers to inject mal | |
| 4554 | CVE-2023-51313 |
|
48.7th | 8.8 | PHPJabbers Restaurant Booking System v3.0 has a CSV injection vulnerability that allows attackers to | |
| 4555 | CVE-2025-25343 |
|
48.6th | 9.8 | CVE-2025-25343 is a critical buffer overflow vulnerability in Tenda AC6 router firmware that allows | |
| 4556 | CVE-2025-27396 |
|
48.7th | 8.8 | A privilege escalation vulnerability in Siemens SCALANCE LPE9403 industrial routers allows authentic | |
| 4557 | CVE-2025-3083 |
|
48.7th | 7.5 | A vulnerability in MongoDB's mongos query router allows unauthenticated attackers to send specially | |
| 4558 | CVE-2025-10492 |
|
48.6th | 9.8 | A Java deserialization vulnerability in Jaspersoft Library allows remote attackers to execute arbitr | |
| 4559 | CVE-2026-25893 |
|
48.6th | 9.8 | An authentication bypass vulnerability in FUXA web-based SCADA/HMI software allows unauthenticated r | |
| 4560 | CVE-2024-12559 |
|
48.5th | 5.3 | The ClickDesigns WordPress plugin has an authentication bypass vulnerability that allows unauthentic | |
| 4561 | CVE-2025-2815 |
|
48.5th | 8.8 | The Administrator Z WordPress plugin has an authorization bypass vulnerability that allows authentic | |
| 4562 | CVE-2025-24055 |
|
48.5th | 4.3 | An out-of-bounds read vulnerability in the Windows USB Video Driver allows an authorized attacker wi | |
| 4563 | CVE-2025-24351 |
|
48.6th | 8.8 | A remote authenticated attacker with low privileges can execute arbitrary operating system commands | |
| 4564 | CVE-2025-3418 |
|
48.5th | 8.8 | The WPC Admin Columns WordPress plugin allows authenticated attackers with Subscriber-level access o | |
| 4565 | CVE-2025-3417 |
|
48.5th | 8.8 | The Embedder WordPress plugin (versions 1.3-1.3.5) contains a missing capability check that allows a | |
| 4566 | CVE-2025-20663 |
|
48.5th | 7.5 | This vulnerability in MediaTek wlan AP driver allows unauthenticated attackers within wireless range | |
| 4567 | CVE-2025-2933 |
|
48.5th | 8.8 | The Email Notifications for Updates WordPress plugin has a privilege escalation vulnerability that a | |
| 4568 | CVE-2025-3105 |
|
48.5th | 8.8 | The Vehica Core WordPress plugin has a privilege escalation vulnerability that allows authenticated | |
| 4569 | CVE-2025-3063 |
|
48.5th | 8.8 | The Shopper Approved Reviews WordPress plugin versions 2.0-2.1 contain a privilege escalation vulner | |
| 4570 | CVE-2025-49838 |
|
48.5th | 9.8 | This vulnerability allows remote code execution through unsafe deserialization in GPT-SoVITS-WebUI. | |
| 4571 | CVE-2024-48851 |
|
48.5th | 7.2 | This vulnerability in ABB FLXEON allows remote attackers to execute arbitrary code on affected syste | |
| 4572 | CVE-2025-64096 |
|
48.5th | 8.8 | A stack-based buffer overflow vulnerability in CryptoLib's Crypto_Key_update() function allows remot | |
| 4573 | CVE-2025-11665 |
|
48.5th | 4.7 | This CVE describes an OS command injection vulnerability in D-Link DAP-2695 access points through th | |
| 4574 | CVE-2025-11693 |
|
48.6th | 9.8 | The Export WP Page to Static HTML & PDF WordPress plugin exposes authentication cookies in publicly | |
| 4575 | CVE-2024-58299 |
|
48.5th | 9.8 | PCMan FTP Server 2.0 contains a critical buffer overflow vulnerability in the 'pwd' command that all | |
| 4576 | CVE-2025-0611 |
|
48.3th | 8.2 | This vulnerability in Chrome's V8 JavaScript engine allows object corruption that could lead to heap | |
| 4577 | CVE-2024-24424 |
|
48.4th | 7.5 | This vulnerability in Magma's decode_access_point_name_ie function allows attackers to trigger a rea | |
| 4578 | CVE-2024-24444 |
|
48.4th | 7.5 | This vulnerability in OpenAirInterface CN5G AMF allows attackers to cause denial of service by repea | |
| 4579 | CVE-2024-51715 |
|
48.4th | 8.5 | This SQL injection vulnerability in ClickWhale WordPress plugin allows attackers to execute arbitrar | |
| 4580 | CVE-2025-24411 |
|
48.4th | 8.1 | Adobe Commerce has an improper access control vulnerability that allows low-privileged attackers to | |
| 4581 | CVE-2025-29497 |
|
48.4th | 6.5 | CVE-2025-29497 is a memory leak vulnerability in libming v0.4.8's parseSWF_MORPHFILLSTYLES function | |
| 4582 | CVE-2025-29494 |
|
48.4th | 6.5 | CVE-2025-29494 is a memory corruption vulnerability in libming v0.4.8's decompileGETMEMBER function | |
| 4583 | CVE-2025-29492 |
|
48.4th | 6.5 | CVE-2025-29492 is a memory corruption vulnerability in libming v0.4.8 that causes a segmentation fau | |
| 4584 | CVE-2025-29490 |
|
48.4th | 6.5 | A segmentation fault vulnerability in libming v0.4.8's decompileCALLMETHOD function allows attackers | |
| 4585 | CVE-2025-29488 |
|
48.4th | 6.5 | CVE-2025-29488 is a memory leak vulnerability in libming v0.4.8's parseSWF_INITACTION function. This | |
| 4586 | CVE-2024-9070 |
|
48.4th | 9.8 | A deserialization vulnerability in BentoML's runner server allows attackers to execute arbitrary cod | |
| 4587 | CVE-2025-3988 |
|
48.4th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK N150RT routers allows remote attackers to execu | |
| 4588 | CVE-2025-39542 |
|
48.4th | 8.8 | CVE-2025-39542 is an incorrect privilege assignment vulnerability in Jauhari Xelion Xelion Webchat W | |
| 4589 | CVE-2025-39533 |
|
48.4th | 8.8 | This vulnerability allows attackers to update arbitrary WordPress options without proper authorizati | |
| 4590 | CVE-2025-26741 |
|
48.4th | 8.8 | A missing authorization vulnerability in AWEOS GmbH's Email Notifications for Updates WordPress plug | |
| 4591 | CVE-2025-26901 |
|
48.4th | 4.3 | This CVE describes a missing authorization vulnerability in Brizy Pro WordPress plugin that allows a | |
| 4592 | CVE-2025-32220 |
|
48.4th | 5.4 | A missing authorization vulnerability in the Dimitri Grassi Salon booking system WordPress plugin al | |
| 4593 | CVE-2025-40738 |
|
48.4th | 8.8 | A path traversal vulnerability in SINEC NMS allows attackers to write arbitrary files to restricted | |
| 4594 | CVE-2025-13589 |
|
48.3th | N/A | FMS software developed by Otsuka Information Technology contains a reflected cross-site scripting vu | |
| 4595 | CVE-2025-66202 |
|
48.3th | 6.5 | This vulnerability allows unauthenticated attackers to bypass path-based authentication checks in As | |
| 4596 | CVE-2021-47854 |
|
48.3th | 9.8 | CVE-2021-47854 is a critical buffer overflow vulnerability in DD-WRT's UPnP service that allows remo | |
| 4597 | CVE-2026-1019 |
|
48.4th | 9.8 | The Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability | |
| 4598 | CVE-2021-47772 |
|
48.4th | 9.8 | CVE-2021-47772 is a critical buffer overflow vulnerability in 10-Strike Network Inventory Explorer P | |
| 4599 | CVE-2025-0638 |
|
48.3th | 7.5 | CVE-2025-0638 is a denial-of-service vulnerability in Routinator where specially crafted manifest fi | |
| 4600 | CVE-2025-4820 |
|
48.3th | 5.3 | This vulnerability in Cloudflare's quiche QUIC library allows attackers to manipulate congestion con |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free