EPSS-rising vulnerabilities right now
Top CVEs by exploitation probability (EPSS) from the latest model run.
Last updated 6/4/2026, 12:43:41 PM
- EPSS 94.5%MEDIUM5.3CVE-2023-23752⚠ KEV[20230201] - Core - Improper access check in webservice endpoints
- EPSS 94.5%CRITICAL9.8CVE-2018-7600⚠ KEVdrupal7 - security update
- EPSS 94.5%—CVE-2021-22986⚠ KEVF5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability
- EPSS 94.5%CRITICAL9.8CVE-2018-1000861⚠ KEVDeserialization of Untrusted Data in Jenkins
- EPSS 94.5%CRITICAL9.8CVE-2017-1000353⚠ KEVDeserialization of Untrusted Data in Jenkins
- EPSS 94.5%—CVE-2018-13379⚠ KEVFortinet FortiOS SSL VPN Path Traversal Vulnerability
- EPSS 94.5%—CVE-2019-3396⚠ KEVAtlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability
- EPSS 94.5%HIGH7.5CVE-2019-17558⚠ KEVImproper Input Validation in Apache Solr
- EPSS 94.5%CRITICAL9.8CVE-2020-1938⚠ KEVImproper Privilege Management in Tomcat
- EPSS 94.5%CRITICAL9.8CVE-2022-46169⚠ KEVCacti Command Injection Vulnerability
- EPSS 94.5%—CVE-2024-6670⚠ KEVProgress WhatsUp Gold SQL Injection Vulnerability
- EPSS 94.5%—CVE-2019-2725⚠ KEVOracle WebLogic Server, Injection
- EPSS 94.5%CRITICAL10.0CVE-2021-22205⚠ KEVGitLab Community and Enterprise Editions Remote Code Execution Vulnerability
- EPSS 94.5%CRITICAL9.8CVE-2024-23897⚠ KEVArbitrary file read vulnerability through the Jenkins CLI can lead to RCE
- EPSS 94.5%HIGH7.5CVE-2014-0160⚠ KEVopenssl - security update
- EPSS 94.5%CRITICAL9.8CVE-2022-22963⚠ KEVSpring Cloud Function Code Injection with a specially crafted SpEL as a routing expression
- EPSS 94.5%—CVE-2019-11510⚠ KEVIvanti Pulse Connect Secure Arbitrary File Read Vulnerability
- EPSS 94.5%CRITICAL10.0CVE-2022-22947⚠ KEVSpring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
- EPSS 94.5%—CVE-2021-44529⚠ KEVIvanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
- EPSS 94.5%—CVE-2019-15107⚠ KEVWebmin Command Injection Vulnerability
- EPSS 94.5%—CVE-2021-22005⚠ KEVVMware vCenter Server File Upload Vulnerability
- EPSS 94.5%—CVE-2022-44877⚠ KEVCWP Control Web Panel OS Command Injection Vulnerability
- EPSS 94.5%—CVE-2022-1388⚠ KEVF5 BIG-IP Missing Authentication Vulnerability
- EPSS 94.5%—CVE-2019-0708⚠ KEVMicrosoft Remote Desktop Services Remote Code Execution Vulnerability
- EPSS 94.5%—CVE-2020-14882⚠ KEVOracle WebLogic Server Remote Code Execution Vulnerability
- EPSS 94.4%—CVE-2022-30525⚠ KEVZyxel Multiple Firewalls OS Command Injection Vulnerability
- EPSS 94.4%—CVE-2022-22954⚠ KEVVMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability
- EPSS 94.4%HIGH8.8CVE-2019-1003000Protection Mechanism Failure in Jenkins Script Security Plugin
- EPSS 94.4%—CVE-2019-19781⚠ KEVCitrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability
- EPSS 94.4%HIGH8.6CVE-2023-32315⚠ KEVAdministration Console authentication bypass in openfire xmppserver
- EPSS 94.4%—CVE-2021-26084⚠ KEVAtlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
- EPSS 94.4%—CVE-2020-14883⚠ KEVOracle WebLogic Server Unspecified Vulnerability
- EPSS 94.4%—CVE-2017-10271⚠ KEVOracle Corporation WebLogic Server Remote Code Execution Vulnerability
- EPSS 94.4%CRITICAL9.8CVE-2022-24112⚠ KEVapisix/batch-requests plugin allows overwriting the X-REAL-IP header
- EPSS 94.4%—CVE-2022-1040⚠ KEVSophos Firewall Authentication Bypass Vulnerability
- EPSS 94.4%—CVE-2020-14750⚠ KEVOracle WebLogic Server Remote Code Execution Vulnerability
- EPSS 94.4%—CVE-2023-35078⚠ KEVIvanti Endpoint Manager Mobile Authentication Bypass Vulnerability
- EPSS 94.4%HIGH7.5CVE-2021-43798⚠ KEVGrafana path traversal
- EPSS 94.4%—CVE-2021-36260⚠ KEVHikvision Improper Input Validation
- EPSS 94.4%CRITICAL10.0CVE-2023-46604⚠ KEVApache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
- EPSS 94.4%—CVE-2023-46747⚠ KEVF5 BIG-IP Configuration Utility Authentication Bypass Vulnerability
- EPSS 94.4%—CVE-2024-7593⚠ KEVIvanti Virtual Traffic Manager Authentication Bypass Vulnerability
- EPSS 94.4%—CVE-2023-40044⚠ KEVProgress WS_FTP Server Deserialization of Untrusted Data Vulnerability
- EPSS 94.4%—CVE-2022-29464⚠ KEVWSO2 Multiple Products Unrestrictive Upload of File Vulnerability
- EPSS 94.4%CRITICAL9.0CVE-2021-40438⚠ KEVmod_proxy SSRF
- EPSS 94.4%HIGH8.1CVE-2018-11776⚠ KEVApache Struts vulnerable to remote command execution (RCE) due to improper input validation
- EPSS 94.4%—CVE-2019-16759⚠ KEVvBulletin PHP Module Remote Code Execution Vulnerability
- EPSS 94.4%—CVE-2019-7609⚠ KEVKibana Arbitrary Code Execution
- EPSS 94.4%—CVE-2019-9670⚠ KEVSynacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference
- EPSS 94.4%—CVE-2020-3452⚠ KEVCisco ASA and FTD Read-Only Path Traversal Vulnerability
- EPSS 94.4%CRITICAL9.8CVE-2022-22965⚠ KEVRemote Code Execution in Spring Framework
- EPSS 94.4%—CVE-2022-40684⚠ KEVFortinet Multiple Products Authentication Bypass Vulnerability
- EPSS 94.4%—CVE-2024-4040⚠ KEVCrushFTP VFS Sandbox Escape Vulnerability
- EPSS 94.4%—CVE-2020-5902⚠ KEVF5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability
- EPSS 94.4%CRITICAL9.8CVE-2024-36401⚠ KEVRemote Code Execution (RCE) vulnerability in geoserver
- EPSS 94.4%—CVE-2024-3273⚠ KEVD-Link Multiple NAS Devices Command Injection Vulnerability
- EPSS 94.4%—CVE-2020-0796⚠ KEVMicrosoft SMBv3 Remote Code Execution Vulnerability
- EPSS 94.4%—CVE-2021-40539⚠ KEVZoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability
- EPSS 94.4%—CVE-2018-2628⚠ KEVOracle WebLogic Server Unspecified Vulnerability
- EPSS 94.4%—CVE-2023-38035⚠ KEVIvanti Sentry Authentication Bypass Vulnerability
- EPSS 94.4%—CVE-2021-21975⚠ KEVVMware Server Side Request Forgery in vRealize Operations Manager API
- EPSS 94.4%—CVE-2019-0604⚠ KEVMicrosoft SharePoint Remote Code Execution Vulnerability
- EPSS 94.4%—CVE-2023-43208⚠ KEVNextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability
- EPSS 94.4%—CVE-2020-2551⚠ KEVOracle Fusion Middleware Unspecified Vulnerability
- EPSS 94.4%—CVE-2017-3506⚠ KEVOracle WebLogic Server OS Command Injection Vulnerability
- EPSS 94.4%—CVE-2021-21985⚠ KEVVMware vCenter Server Improper Input Validation Vulnerability
- EPSS 94.4%—CVE-2024-21887⚠ KEVIvanti Connect Secure and Policy Secure Command Injection Vulnerability
- EPSS 94.4%—CVE-2020-25213⚠ KEVWordPress File Manager Plugin Remote Code Execution Vulnerability
- EPSS 94.4%—CVE-2017-7269⚠ KEVMicrosoft Windows Server Buffer Overflow Vulnerability
- EPSS 94.4%HIGH8.1CVE-2019-6340⚠ KEVDrupal Core Remote Code Execution Vulnerability
- EPSS 94.4%CRITICAL9.8CVE-2021-42013⚠ KEVPath Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
- EPSS 94.4%—CVE-2022-26134⚠ KEVAtlassian Confluence Server and Data Center Remote Code Execution Vulnerability
- EPSS 94.4%CRITICAL9.8CVE-2016-10033⚠ KEVlibphp-phpmailer - security update
- EPSS 94.4%—CVE-2022-24990⚠ KEVTerraMaster OS Remote Command Execution Vulnerability
- EPSS 94.4%—CVE-2018-0296⚠ KEVCisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability
- EPSS 94.4%—CVE-2019-7256⚠ KEVNice Linear eMerge E3-Series OS Command Injection Vulnerability
- EPSS 94.4%—CVE-2023-35082⚠ KEVIvanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
- EPSS 94.4%—CVE-2021-20090⚠ KEVArcadyan Buffalo Firmware Path Traversal Vulnerability
- EPSS 94.4%—CVE-2022-36804⚠ KEVAtlassian Bitbucket Server and Data Center Command Injection Vulnerability
- EPSS 94.4%MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
- EPSS 94.4%CRITICAL10.0CVE-2022-0543⚠ KEVredis - security update
- EPSS 94.4%—CVE-2022-21587⚠ KEVOracle E-Business Suite Unspecified Vulnerability
- EPSS 94.4%—CVE-2024-28995⚠ KEVSolarWinds Serv-U Path Traversal Vulnerability
- EPSS 94.4%—CVE-2022-35914⚠ KEVTeclib GLPI Remote Code Execution Vulnerability
- EPSS 94.4%—CVE-2020-6287⚠ KEVSAP NetWeaver Missing Authentication for Critical Function Vulnerability
- EPSS 94.4%—CVE-2020-8193⚠ KEVCitrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability
- EPSS 94.4%—CVE-2018-15961⚠ KEVAdobe ColdFusion Unrestricted File Upload Vulnerability
- EPSS 94.4%CRITICAL9.8CVE-2024-4577⚠ KEVArgument Injection in PHP-CGI
- EPSS 94.4%—CVE-2019-16278⚠ KEVNostromo nhttpd Directory Traversal Vulnerability
- EPSS 94.4%—CVE-2021-38647⚠ KEVMicrosoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
- EPSS 94.4%CRITICAL9.8CVE-2021-41773⚠ KEVPath traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
- EPSS 94.4%—CVE-2020-0688⚠ KEVMicrosoft Exchange Server Validation Key Remote Code Execution Vulnerability
- EPSS 94.4%—CVE-2023-24489⚠ KEVCitrix Content Collaboration ShareFile Improper Access Control Vulnerability
- EPSS 94.4%CRITICAL9.8CVE-2023-33246⚠ KEVApache RocketMQ may have remote code execution vulnerability when using update configuration function
- EPSS 94.4%—CVE-2020-15505⚠ KEVIvanti MobileIron Multiple Products Remote Code Execution Vulnerability
- EPSS 94.4%CRITICAL9.8CVE-2020-16846⚠ KEVsalt - security update
- EPSS 94.4%—CVE-2021-35464⚠ KEVForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
- EPSS 94.4%—CVE-2019-1653⚠ KEVCisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
- EPSS 94.4%CRITICAL9.8CVE-2022-24706⚠ KEVRemote Code Execution Vulnerability in Packaging
- EPSS 94.4%—CVE-2019-11580⚠ KEVAtlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability