Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 4901 | CVE-2025-43762 |
|
20th | 6.5 | This vulnerability in Liferay Portal and DXP allows authenticated users to upload unlimited files th | |
| 4902 | CVE-2025-43752 |
|
20th | 6.5 | This vulnerability in Liferay Portal and DXP allows authenticated users to upload unlimited files th | |
| 4903 | CVE-2025-53156 |
|
20.2th | 5.5 | This vulnerability in the Storage Port Driver allows an authenticated attacker with local access to | |
| 4904 | CVE-2025-51053 |
|
20.1th | 6.1 | This Cross-site scripting (XSS) vulnerability in Vedo Suite's /api_vedo/ endpoint allows attackers t | |
| 4905 | CVE-2025-60106 |
|
20.1th | 4.9 | CVE-2025-60106 is a missing authorization vulnerability in the Roxnor EmailKit WordPress plugin that | |
| 4906 | CVE-2025-10763 |
|
20.1th | 6.3 | This vulnerability allows remote attackers to upload arbitrary files to the academico-sis system via | |
| 4907 | CVE-2025-8487 |
|
20.1th | 5.4 | The Kubio AI Page Builder WordPress plugin has an authorization bypass vulnerability that allows aut | |
| 4908 | CVE-2025-10689 |
|
20.1th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-645 routers b | |
| 4909 | CVE-2025-59476 |
|
20th | 5.3 | This vulnerability allows attackers who can control log message content in Jenkins to insert line br | |
| 4910 | CVE-2025-61514 |
|
20.1th | 6.5 | An arbitrary file upload vulnerability in CoCalc allows attackers to upload malicious SVG files that | |
| 4911 | CVE-2025-20329 |
|
20th | 4.9 | This vulnerability allows authenticated administrators on Cisco TelePresence and RoomOS systems to v | |
| 4912 | CVE-2025-37145 |
|
20th | 4.9 | This vulnerability allows authenticated attackers to download arbitrary files from AOS-10 GW and AOS | |
| 4913 | CVE-2025-37144 |
|
20th | 4.9 | This vulnerability allows authenticated attackers to download arbitrary files from affected Aruba ne | |
| 4914 | CVE-2025-61911 |
|
20.1th | 6.5 | This vulnerability in python-ldap allows LDAP injection attacks when applications use the library's | |
| 4915 | CVE-2025-61776 |
|
20.1th | 4.7 | Dependency-Track versions before 4.13.5 may inadvertently send private NuGet repository credentials | |
| 4916 | CVE-2025-13787 |
|
20.1th | 5.4 | This vulnerability in ZenTao's file handler allows attackers to manipulate file deletion operations | |
| 4917 | CVE-2025-64515 |
|
20th | 4.3 | Open Forms versions before 3.2.7 and 3.3.3 contain an input validation vulnerability where form fiel | |
| 4918 | CVE-2023-41656 |
|
20.1th | 5.4 | This CVE describes a Missing Authorization vulnerability in the Better Elementor Addons WordPress pl | |
| 4919 | CVE-2023-25445 |
|
20.1th | 5.4 | This CVE describes a Missing Authorization vulnerability in HappyFiles Pro WordPress plugin that all | |
| 4920 | CVE-2025-12492 |
|
20th | 5.3 | This vulnerability allows unauthenticated attackers to extract sensitive user information from WordP | |
| 4921 | CVE-2026-23633 |
|
20th | 6.5 | This vulnerability in Gogs allows attackers to read or write arbitrary files on the server through p | |
| 4922 | CVE-2023-54341 |
|
20th | 6.1 | Webgrind versions 1.1 and earlier contain a reflected cross-site scripting vulnerability that allows | |
| 4923 | CVE-2025-67004 |
|
20.1th | 6.5 | This CVE describes a potential directory traversal vulnerability in CouchCMS 2.4 that could allow au | |
| 4924 | CVE-2026-1812 |
|
20.1th | 6.3 | This is a path traversal vulnerability in bolo-solo blogging software that allows attackers to manip | |
| 4925 | CVE-2026-1810 |
|
20.1th | 6.3 | This CVE describes a path traversal vulnerability in bolo-blog's bolo-solo software up to version 2. | |
| 4926 | CVE-2024-13458 |
|
19.8th | 6.4 | This vulnerability allows authenticated WordPress users with contributor-level access or higher to i | |
| 4927 | CVE-2024-13542 |
|
19.8th | 6.4 | This vulnerability allows authenticated attackers with contributor-level access or higher to inject | |
| 4928 | CVE-2024-12504 |
|
19.8th | 6.4 | This stored XSS vulnerability in the Broadcast Live Video WordPress plugin allows authenticated atta | |
| 4929 | CVE-2025-0648 |
|
19.8th | 4.9 | A configuration change vulnerability in M-Files Server's database driver allows highly privileged at | |
| 4930 | CVE-2024-12477 |
|
19.8th | 6.4 | The Avada Builder WordPress plugin has a stored XSS vulnerability that allows authenticated attacker | |
| 4931 | CVE-2024-13590 |
|
19.8th | 6.4 | The Ketchup Shortcodes WordPress plugin has a stored XSS vulnerability in its 'spacer' shortcode tha | |
| 4932 | CVE-2024-21245 |
|
19.7th | 5.4 | This vulnerability in Oracle JD Edwards EnterpriseOne Tools allows authenticated attackers with low | |
| 4933 | CVE-2025-21648 |
|
19.7th | 5.5 | This vulnerability in the Linux kernel's netfilter conntrack module allows an attacker to trigger a | |
| 4934 | CVE-2024-12240 |
|
19.8th | 6.4 | This stored XSS vulnerability in Page Builder by SiteOrigin WordPress plugin allows authenticated at | |
| 4935 | CVE-2024-12851 |
|
19.8th | 6.4 | This stored XSS vulnerability in Element Pack Elementor Addons allows authenticated WordPress users | |
| 4936 | CVE-2024-56274 |
|
19.9th | 6.5 | This stored cross-site scripting (XSS) vulnerability in the Astra Widgets WordPress plugin allows at | |
| 4937 | CVE-2024-12624 |
|
19.8th | 6.4 | This stored XSS vulnerability in the Sina Extension for Elementor WordPress plugin allows authentica | |
| 4938 | CVE-2024-33504 |
|
19.7th | 4.1 | This vulnerability in FortiManager allows attackers with JSON API access permissions to decrypt sens | |
| 4939 | CVE-2023-37482 |
|
19.7th | 5.3 | This vulnerability allows unauthenticated remote attackers to determine valid usernames on affected | |
| 4940 | CVE-2024-57278 |
|
19.9th | 5.4 | A reflected Cross-Site Scripting vulnerability in QingScan's web interface allows attackers to injec | |
| 4941 | CVE-2024-9612 |
|
19.9th | 6.5 | This vulnerability allows attackers to bypass front-end visibility restrictions by directly calling | |
| 4942 | CVE-2025-27431 |
|
19.9th | 5.4 | SAP NetWeaver Application Server Java's user management functionality contains a stored cross-site s | |
| 4943 | CVE-2025-1296 |
|
19.8th | 6.5 | Nomad audit logs unintentionally expose sensitive workload identity tokens and client secret tokens. | |
| 4944 | CVE-2025-27585 |
|
19.9th | 5.4 | A stored cross-site scripting (XSS) vulnerability in Serosoft Academia Student Information System Ea | |
| 4945 | CVE-2025-3706 |
|
19.9th | 6.1 | The eHRMS software from 104 Corporation contains a reflected cross-site scripting (XSS) vulnerabilit | |
| 4946 | CVE-2025-28102 |
|
19.8th | 6.1 | A stored cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to inject mal | |
| 4947 | CVE-2024-57493 |
|
19.9th | 5.5 | A vulnerability in redoxOS relibc allows a local attacker to cause denial of service via the setsock | |
| 4948 | CVE-2025-32945 |
|
19.7th | 4.3 | This vulnerability allows authenticated PeerTube users to create playlists in other users' channels | |
| 4949 | CVE-2025-22003 |
|
19.7th | 5.5 | This CVE describes a one-byte out-of-bounds read vulnerability in the Linux kernel's CAN (Controller | |
| 4950 | CVE-2025-48381 |
|
19.9th | 4.3 | This vulnerability allows authenticated CVAT users to enumerate all task, project, label, job, and q |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free