Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
1	CVE-2024-48248	93.97%	99.9th	8.6	KEV	CVE-2024-48248 is an absolute path traversal vulnerability in NAKIVO Backup & Replication that allow
2	CVE-2024-12849	92.6%	99.7th	7.5		The Error Log Viewer By WP Guru WordPress plugin contains an unauthenticated arbitrary file read vul
3	CVE-2025-3102	86.91%	99.4th	8.1		The SureTriggers WordPress plugin has an authentication bypass vulnerability that allows unauthentic
4	CVE-2025-30066	86.6%	99.4th	8.6	KEV	CVE-2025-30066 is a supply chain attack where malicious commits were injected into the tj-actions/ch
5	CVE-2024-36597	86.55%	99.4th	8.8		Aegon Life v1.0 Life Insurance Management System contains a SQL injection vulnerability in the clien
6	CVE-2025-2563	83.89%	99.3th	8.1		The User Registration & Membership WordPress plugin before version 4.1.2 contains a privilege escala
7	CVE-2025-21293	79.13%	99th	8.8		This vulnerability allows attackers to elevate privileges in Active Directory Domain Services, poten
8	CVE-2025-30004	78.59%	99th	8.8		Xorcom CompletePBX versions up to 5.2.35 contain an authenticated command injection vulnerability in
9	CVE-2025-0994	77.8%	99th	8.8	KEV	This vulnerability allows authenticated users to execute arbitrary code on Trimble Cityworks servers
10	CVE-2025-5777	77.56%	99th	7.5	KEV	CVE-2025-5777 (CitrixBleed 2) is a memory disclosure vulnerability in Citrix NetScaler ADC and Gatew
11	CVE-2025-1232	77.24%	98.9th	8.8		This vulnerability in the Site Reviews WordPress plugin allows unauthenticated attackers to inject m
12	CVE-2025-27363	76.68%	98.9th	8.1	KEV	This CVE describes an out-of-bounds write vulnerability in FreeType versions 2.13.0 and below when p
13	CVE-2024-48456	76.36%	98.9th	7.5		This vulnerability allows a remote attacker to obtain sensitive information, specifically the admin
14	CVE-2024-12971	73.65%	98.8th	8.8		This CVE allows attackers to execute arbitrary operating system commands on Pandora FMS servers by i
15	CVE-2013-10061	73.14%	98.8th	7.2		This CVE describes an authenticated OS command injection vulnerability in Netgear DGN1000B routers t
16	CVE-2025-21333	72.93%	98.7th	7.8	KEV	This vulnerability allows a local authenticated attacker to escalate privileges on Windows Hyper-V h
17	CVE-2024-6842	72.56%	98.7th	7.5		This vulnerability allows unauthenticated attackers to access the /setup-complete API endpoint in An
18	CVE-2025-26794	72.09%	98.7th	7.5		Exim mail servers running versions 4.98 before 4.98.1 with SQLite hints and ETRN serialization enabl
19	CVE-2025-13316	72.01%	98.7th	8.1		CVE-2025-13316 is a cryptographic vulnerability in Twonky Server 8.5.2 where hard-coded encryption k
20	CVE-2025-60787	70.31%	98.6th	7.2		MotionEye v0.43.1b4 and earlier contains an OS command injection vulnerability where authenticated a
21	CVE-2024-46981	69.35%	98.6th	7.0		This CVE describes a use-after-free vulnerability in Redis where an authenticated user can craft a m
22	CVE-2025-49704	69.3%	98.6th	8.8	KEV	This CVE describes a code injection vulnerability in Microsoft Office SharePoint that allows authent
23	CVE-2023-52163	69.15%	98.6th	8.8	KEV	This vulnerability allows remote attackers to execute arbitrary commands on Digiever DS-2105 Pro dev
24	CVE-2025-40536	69.07%	98.6th	8.1	KEV	SolarWinds Web Help Desk contains a security control bypass vulnerability that allows unauthenticate
25	CVE-2025-11371	68.16%	98.6th	7.5	KEV	An unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and TrioFox allows att
26	CVE-2024-42845	63.69%	98.4th	8.0		This CVE describes an eval injection vulnerability in InVesalius's DICOM file reader that allows att
27	CVE-2023-4911	63.62%	98.4th	7.8	KEV	CVE-2023-4911 is a buffer overflow vulnerability in the GNU C Library's dynamic loader (ld.so) that
28	CVE-2013-10050	61.92%	98.3th	8.8		This CVE describes an authenticated OS command injection vulnerability in multiple D-Link router mod
29	CVE-2025-34026	58.55%	98.2th	7.5	KEV	This CVE describes an authentication bypass vulnerability in the Versa Concerto SD-WAN orchestration
30	CVE-2025-20029	58.33%	98.1th	8.8		This command injection vulnerability in F5 BIG-IP's iControl REST API and tmsh save command allows a
31	CVE-2025-49619	58.2%	98.1th	8.5		Skyvern versions through 0.1.85 have a server-side template injection vulnerability in workflow bloc
32	CVE-2025-11700	58.1%	98.1th	7.5		N-central versions before 2025.4 are vulnerable to XML External Entity (XXE) injection attacks, allo
33	CVE-2025-14847	57.73%	98.1th	7.5	KEV	This vulnerability allows unauthenticated clients to read uninitialized heap memory from MongoDB ser
34	CVE-2024-20154	57.34%	98.1th	8.8		This vulnerability allows remote code execution on affected mobile devices when they connect to a ma
35	CVE-2025-4428	57.24%	98.1th	7.2	KEV	This vulnerability allows authenticated attackers to execute arbitrary code on Ivanti Endpoint Manag
36	CVE-2013-10032	56.8%	98.1th	8.8		This CVE describes an authenticated remote code execution vulnerability in GetSimpleCMS 3.2.1 where
37	CVE-2020-36848	56.2%	98th	7.5		The Total Upkeep WordPress backup plugin exposes sensitive information through publicly accessible f
38	CVE-2025-24367	55.97%	98th	8.8		An authenticated Cacti user can abuse graph creation functionality to write arbitrary PHP files to t
39	CVE-2005-10004	54%	97.9th	8.8		This vulnerability allows authenticated users to execute arbitrary shell commands on Cacti servers t
40	CVE-2025-1098	53.87%	97.9th	8.8		This vulnerability in ingress-nginx allows attackers to inject arbitrary nginx configuration via the
41	CVE-2025-1323	53.21%	97.9th	7.5		This SQL injection vulnerability in the WP-Recall WordPress plugin allows unauthenticated attackers
42	CVE-2025-58034	52.96%	97.9th	7.2	KEV	This OS command injection vulnerability in Fortinet FortiWeb web application firewalls allows authen
43	CVE-2024-12471	52.38%	97.9th	8.8		This vulnerability allows authenticated WordPress users with subscriber-level access or higher to up
44	CVE-2024-48457	52.36%	97.9th	7.5		This vulnerability in multiple Netis router models allows remote attackers to access sensitive infor
45	CVE-2025-21385	52.13%	97.8th	8.8		This Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows authenticated atta
46	CVE-2022-35737	51.94%	97.8th	7.5		This SQLite vulnerability allows array-bounds overflow when processing extremely large string argume
47	CVE-2025-34079	51.89%	97.8th	7.8		This vulnerability allows authenticated attackers with administrator credentials to execute arbitrar
48	CVE-2025-57790	51.71%	97.8th	8.8		This CVE describes a path traversal vulnerability that allows remote attackers to access files outsi
49	CVE-2013-10059	50.83%	97.8th	7.2		This CVE describes an authenticated OS command injection vulnerability in D-Link DIR-615H1 routers r
50	CVE-2025-34086	50.83%	97.8th	8.8		This vulnerability allows authenticated users in Bolt CMS 3.7.0 and earlier to achieve remote code e

Page 1 of 265 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free