Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1 | CVE-2024-50603 |
|
100th | 10.0 | KEV | This is a critical command injection vulnerability in Aviatrix Controller that allows unauthenticate |
| 2 | CVE-2025-24813 |
|
99.9th | 9.8 | KEV | This vulnerability in Apache Tomcat allows path traversal attacks via internal dot handling in filen |
| 3 | CVE-2024-55591 |
|
99.9th | 9.8 | KEV | This vulnerability allows remote attackers to bypass authentication and gain super-admin privileges |
| 4 | CVE-2025-0282 |
|
99.9th | 9.0 | KEV | A stack-based buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure, and Neurons for |
| 5 | CVE-2025-0108 |
|
99.9th | 9.1 | KEV | An authentication bypass vulnerability in Palo Alto Networks PAN-OS software allows unauthenticated |
| 6 | CVE-2024-48248 |
|
99.9th | 8.6 | KEV | CVE-2024-48248 is an absolute path traversal vulnerability in NAKIVO Backup & Replication that allow |
| 7 | CVE-2024-13159 |
|
99.9th | 9.8 | KEV | CVE-2024-13159 is an absolute path traversal vulnerability in Ivanti Endpoint Manager (EPM) that all |
| 8 | CVE-2024-32640 |
|
99.8th | 9.8 | CVE-2024-32640 is a critical SQL injection vulnerability in MASA CMS that allows attackers to execut | |
| 9 | CVE-2024-23334 |
|
99.8th | 5.9 | This CVE describes a directory traversal vulnerability in aiohttp when using static routes with 'fol | |
| 10 | CVE-2025-29927 |
|
99.8th | 9.1 | This CVE describes an authorization bypass vulnerability in Next.js middleware. Attackers can bypass | |
| 11 | CVE-2024-12849 |
|
99.7th | 7.5 | The Error Log Viewer By WP Guru WordPress plugin contains an unauthenticated arbitrary file read vul | |
| 12 | CVE-2025-47812 |
|
99.7th | 10.0 | KEV | CVE-2025-47812 is a critical remote code execution vulnerability in Wing FTP Server that allows atta |
| 13 | CVE-2025-3248 |
|
99.7th | 9.8 | KEV | CVE-2025-3248 is an unauthenticated remote code execution vulnerability in Langflow's /api/v1/valida |
| 14 | CVE-2025-49113 |
|
99.7th | 9.9 | CVE-2025-49113 is a critical remote code execution vulnerability in Roundcube Webmail affecting auth | |
| 15 | CVE-2025-1661 |
|
99.7th | 9.8 | This vulnerability allows unauthenticated attackers to perform Local File Inclusion (LFI) via the 't | |
| 16 | CVE-2025-4427 |
|
99.6th | 5.3 | KEV | An authentication bypass vulnerability in Ivanti Endpoint Manager Mobile's API allows attackers to a |
| 17 | CVE-2025-1974 |
|
99.6th | 9.8 | CVE-2025-1974 is a critical vulnerability in Kubernetes' ingress-nginx controller that allows unauth | |
| 18 | CVE-2025-47916 |
|
99.6th | 10.0 | This vulnerability allows unauthenticated remote attackers to execute arbitrary PHP code on Invision | |
| 19 | CVE-2018-1160 |
|
99.6th | 9.8 | CVE-2018-1160 is a critical vulnerability in Netatalk that allows remote unauthenticated attackers t | |
| 20 | CVE-2024-13161 |
|
99.5th | 9.8 | KEV | This vulnerability allows remote unauthenticated attackers to perform absolute path traversal attack |
| 21 | CVE-2025-53770 |
|
99.5th | 9.8 | KEV | CVE-2025-53770 is a critical deserialization vulnerability in on-premises Microsoft SharePoint Serve |
| 22 | CVE-2025-64446 |
|
99.5th | 9.8 | KEV | A relative path traversal vulnerability in Fortinet FortiWeb web application firewalls allows attack |
| 23 | CVE-2025-0107 |
|
99.5th | 9.8 | An unauthenticated OS command injection vulnerability in Palo Alto Networks Expedition allows attack | |
| 24 | CVE-2025-30208 |
|
99.5th | 5.3 | This CVE describes a path traversal vulnerability in Vite development servers where attackers can by | |
| 25 | CVE-2025-61882 |
|
99.5th | 9.8 | KEV | This critical vulnerability in Oracle E-Business Suite's Concurrent Processing component allows unau |
| 26 | CVE-2025-31161 |
|
99.5th | 9.8 | KEV | This critical authentication bypass vulnerability in CrushFTP allows unauthenticated attackers to ga |
| 27 | CVE-2025-30406 |
|
99.5th | 9.0 | KEV | This vulnerability in Gladinet CentreStack allows remote code execution through deserialization atta |
| 28 | CVE-2024-43468 |
|
99.4th | 9.8 | KEV | CVE-2024-43468 is a critical SQL injection vulnerability in Microsoft Configuration Manager that all |
| 29 | CVE-2025-2746 |
|
99.4th | 9.8 | KEV | An authentication bypass vulnerability in Kentico Xperience's Staging Sync Server allows attackers t |
| 30 | CVE-2025-3102 |
|
99.4th | 8.1 | The SureTriggers WordPress plugin has an authentication bypass vulnerability that allows unauthentic | |
| 31 | CVE-2024-55556 |
|
99.4th | 9.8 | CVE-2024-55556 is a critical remote command execution vulnerability in Crater Invoice that allows un | |
| 32 | CVE-2025-30066 |
|
99.4th | 8.6 | KEV | CVE-2025-30066 is a supply chain attack where malicious commits were injected into the tj-actions/ch |
| 33 | CVE-2024-36597 |
|
99.4th | 8.8 | Aegon Life v1.0 Life Insurance Management System contains a SQL injection vulnerability in the clien | |
| 34 | CVE-2020-36847 |
|
99.4th | 9.8 | This vulnerability allows unauthenticated attackers to rename uploaded PHP files with .png extension | |
| 35 | CVE-2025-1302 |
|
99.4th | 9.8 | CVE-2025-1302 is a critical Remote Code Execution vulnerability in jsonpath-plus versions before 10. | |
| 36 | CVE-2025-11749 |
|
99.3th | 9.8 | The AI Engine WordPress plugin exposes bearer tokens through an unauthenticated REST API endpoint wh | |
| 37 | CVE-2025-29306 |
|
99.3th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on FoxCMS v1.2.5 systems throug | |
| 38 | CVE-2025-57788 |
|
99.3th | 6.5 | This vulnerability allows unauthenticated attackers to execute API calls without credentials in Comm | |
| 39 | CVE-2025-1316 |
|
99.3th | 9.8 | KEV | The Edimax IC-7100 network camera has an OS command injection vulnerability (CWE-78) that allows rem |
| 40 | CVE-2025-59528 |
|
99.3th | 10.0 | Flowise versions 3.0.5 and below contain a critical remote code execution vulnerability in the Custo | |
| 41 | CVE-2026-24061 |
|
99.3th | 9.8 | KEV | This vulnerability in GNU Inetutils telnetd allows remote attackers to bypass authentication by sett |
| 42 | CVE-2025-2563 |
|
99.3th | 8.1 | The User Registration & Membership WordPress plugin before version 4.1.2 contains a privilege escala | |
| 43 | CVE-2025-52691 |
|
99.2th | 10.0 | KEV | This critical vulnerability allows unauthenticated attackers to upload arbitrary files to any locati |
| 44 | CVE-2016-15043 |
|
99.2th | 9.8 | The WP Mobile Detector WordPress plugin allows unauthenticated attackers to upload arbitrary files d | |
| 45 | CVE-2025-13315 |
|
99.2th | 9.8 | CVE-2025-13315 is an authentication bypass vulnerability in Twonky Server that allows unauthenticate | |
| 46 | CVE-2025-61757 |
|
99.2th | 9.8 | KEV | This critical vulnerability in Oracle Identity Manager allows unauthenticated attackers to remotely |
| 47 | CVE-2024-46506 |
|
99.2th | 10.0 | CVE-2024-46506 is an unauthenticated remote command injection vulnerability in NetAlertX that allows | |
| 48 | CVE-2025-9316 |
|
99.1th | N/A | N-central versions before 2025.4 can generate session IDs for unauthenticated users, potentially all | |
| 49 | CVE-2025-21293 |
|
99th | 8.8 | This vulnerability allows attackers to elevate privileges in Active Directory Domain Services, poten | |
| 50 | CVE-2019-25224 |
|
99th | 9.8 | This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands o |
Page 1 of 710
Next →
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free