Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
4801	CVE-2024-5647	0.07%	20.5th	6.4	This stored XSS vulnerability in WordPress plugins allows authenticated attackers with contributor-l
4802	CVE-2025-55006	0.07%	20.4th	4.3	Frappe Learning versions 2.33.0 and below have an SVG upload vulnerability that allows attackers to
4803	CVE-2023-32253	0.07%	20.5th	5.9	This vulnerability in the Linux kernel's ksmbd component allows attackers to trigger a deadlock by s
4804	CVE-2025-8116	0.07%	20.4th	6.1	PAD CMS is vulnerable to reflected cross-site scripting (XSS) in printing and PDF save functionality
4805	CVE-2025-43812	0.07%	20.4th	5.4	This cross-site scripting (XSS) vulnerability allows authenticated users to inject malicious scripts
4806	CVE-2025-43820	0.07%	20.4th	5.4	This CVE describes multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal and DXP cal
4807	CVE-2025-43818	0.07%	20.4th	6.1	A cross-site scripting (XSS) vulnerability in Liferay's Calendar widget allows attackers to inject m
4808	CVE-2025-9984	0.07%	20.2th	5.3	The Featured Image from URL (FIFU) WordPress plugin has an authorization bypass vulnerability that a
4809	CVE-2025-9353	0.07%	20.3th	6.4	The Themify Builder WordPress plugin has a stored cross-site scripting vulnerability that allows aut
4810	CVE-2025-57407	0.07%	20.4th	5.4	A stored XSS vulnerability in S-Cart's Admin Log Viewer allows authenticated attackers to inject mal
4811	CVE-2025-43807	0.07%	20.4th	5.4	A stored cross-site scripting (XSS) vulnerability in Liferay Portal and DXP allows attackers to inje
4812	CVE-2025-10648	0.07%	20.2th	5.3	The YourMembership SSO Login WordPress plugin has an authorization vulnerability that allows unauthe
4813	CVE-2025-42906	0.07%	20.4th	5.3	SAP Commerce Cloud contains a path traversal vulnerability that allows users to access the Administr
4814	CVE-2025-62246	0.07%	20.4th	5.4	This CVE describes stored cross-site scripting (XSS) vulnerabilities in Liferay Portal and DXP where
4815	CVE-2025-62238	0.07%	20.4th	5.4	This stored XSS vulnerability allows authenticated attackers to inject malicious scripts into the Ac
4816	CVE-2025-62237	0.07%	20.4th	5.4	A stored cross-site scripting (XSS) vulnerability in Liferay's Commerce view order page allows attac
4817	CVE-2025-62240	0.07%	20.4th	5.4	This CVE describes multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal and DXP cal
4818	CVE-2025-60009	0.07%	20.3th	6.1	This Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4819	CVE-2025-60002	0.07%	20.3th	6.1	This cross-site scripting vulnerability in Juniper Networks Junos Space allows attackers to inject m
4820	CVE-2025-60001	0.07%	20.3th	6.1	This Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4821	CVE-2025-60000	0.07%	20.3th	6.1	This cross-site scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4822	CVE-2025-59999	0.07%	20.3th	6.1	This cross-site scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4823	CVE-2025-59998	0.07%	20.3th	6.1	This Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4824	CVE-2025-59997	0.07%	20.3th	6.1	This Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4825	CVE-2025-59996	0.07%	20.3th	6.1	This cross-site scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4826	CVE-2025-59995	0.07%	20.3th	6.1	This Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4827	CVE-2025-59994	0.07%	20.3th	6.1	This cross-site scripting vulnerability in Juniper Networks Junos Space allows attackers to inject m
4828	CVE-2025-59993	0.07%	20.3th	6.1	This Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4829	CVE-2025-59992	0.07%	20.3th	6.1	This cross-site scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4830	CVE-2025-59991	0.07%	20.3th	6.1	This is a cross-site scripting (XSS) vulnerability in Juniper Networks Junos Space management interf
4831	CVE-2025-59990	0.07%	20.3th	6.1	This Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4832	CVE-2025-59989	0.07%	20.3th	6.1	This cross-site scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4833	CVE-2025-59988	0.07%	20.3th	6.1	This cross-site scripting vulnerability in Juniper Networks Junos Space allows attackers to inject m
4834	CVE-2025-59987	0.07%	20.3th	6.1	This Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4835	CVE-2025-59986	0.07%	20.3th	6.1	This cross-site scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4836	CVE-2025-59985	0.07%	20.3th	6.1	This Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4837	CVE-2025-59984	0.07%	20.3th	6.1	This Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4838	CVE-2025-59983	0.07%	20.3th	6.1	This Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4839	CVE-2025-59982	0.07%	20.3th	6.1	This cross-site scripting vulnerability in Juniper Junos Space allows attackers to inject malicious
4840	CVE-2025-59981	0.07%	20.3th	6.1	This Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos Space allows attackers to in
4841	CVE-2025-11487	0.07%	20.2th	6.3	This CVE describes an SQL injection vulnerability in SourceCodester Farm Management System 1.0, spec
4842	CVE-2025-43771	0.07%	20.4th	5.4	This CVE describes multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal and
4843	CVE-2025-43829	0.07%	20.4th	5.4	This stored cross-site scripting (XSS) vulnerability in Liferay's diagram type products allows remot
4844	CVE-2025-43822	0.07%	20.4th	5.4	This CVE describes stored cross-site scripting (XSS) vulnerabilities in Liferay Portal and DXP where
4845	CVE-2025-43823	0.07%	20.4th	5.4	This cross-site scripting (XSS) vulnerability allows remote attackers to inject malicious scripts in
4846	CVE-2025-56382	0.07%	20.4th	6.1	An authenticated attacker can inject malicious scripts into the Customer Name field in LionCoders Sa
4847	CVE-2025-11286	0.07%	20.2th	4.7	This vulnerability allows remote attackers to perform server-side request forgery (SSRF) attacks aga
4848	CVE-2025-10695	0.07%	20.3th	5.3	CVE-2025-10695 is a Server-Side Request Forgery (SSRF) vulnerability in OpenSupports that allows una
4849	CVE-2025-60449	0.07%	20.4th	4.9	An information disclosure vulnerability in SeaCMS 13.1 allows authenticated administrators to scan a
4850	CVE-2025-20368	0.07%	20.4th	5.7	This CVE describes a cross-site scripting (XSS) vulnerability in Splunk Enterprise and Splunk Cloud

← Previous Page 97 of 331 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free