Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
451	CVE-2025-27134	8.06%	91.9th	8.8		This privilege escalation vulnerability in Joplin server allows non-admin users to modify their own
452	CVE-2025-2473	8.03%	91.9th	7.3		This critical SQL injection vulnerability in PHPGurukul Company Visitor Management System 2.0 allows
453	CVE-2025-42599	8.01%	91.9th	9.8	KEV	CVE-2025-42599 is a critical stack-based buffer overflow vulnerability in Active! mail 6 that allows
454	CVE-2025-28138	7.88%	91.8th	9.8		This vulnerability allows unauthenticated attackers to execute arbitrary commands on TOTOLINK A800R
455	CVE-2025-8876	7.85%	91.8th	8.8	KEV	CVE-2025-8876 is an OS command injection vulnerability in N-able N-central management software cause
456	CVE-2025-56132	7.83%	91.8th	7.3		LiquidFiles filetransfer server versions prior to 4.2 have a user enumeration vulnerability in the p
457	CVE-2025-63749	7.77%	91.8th	6.5		CVE-2025-63749 is a command injection vulnerability in pnetlab 5.3.11 that allows attackers to execu
458	CVE-2025-5605	7.68%	91.7th	4.3		An authentication bypass vulnerability in WSO2 Management Console allows attackers with console acce
459	CVE-2025-34035	7.63%	91.7th	9.8		An unauthenticated remote OS command injection vulnerability in EnGenius EnShare Cloud Service allow
460	CVE-2025-2907	7.6%	91.7th	9.8		This vulnerability in the Order Delivery Date WordPress plugin allows unauthenticated attackers to m
461	CVE-2025-30355	7.54%	91.6th	7.1		A malicious Matrix server can craft events that cause Synapse homeservers to stop federating with ot
462	CVE-2025-44177	7.54%	91.6th	8.2		An unauthenticated directory traversal vulnerability in White Star Software Protop version 4.4.2-202
463	CVE-2025-34205	7.42%	91.6th	9.8		This vulnerability allows unauthenticated attackers to reset the database administrator password to
464	CVE-2025-45858	7.41%	91.5th	9.8		This CVE describes a command injection vulnerability in TOTOLINK A3002R routers that allows attacker
465	CVE-2025-1128	7.36%	91.5th	9.8		This vulnerability in the Everest Forms WordPress plugin allows unauthenticated attackers to upload,
466	CVE-2025-21204	7.33%	91.5th	7.8		This vulnerability allows an authorized attacker with local access to exploit improper link resoluti
467	CVE-2025-21173	7.33%	91.5th	7.3		This CVE describes a privilege escalation vulnerability in .NET that allows authenticated attackers
468	CVE-2025-24459	7.27%	91.4th	4.6		This vulnerability allows reflected cross-site scripting (XSS) attacks on the Vault Connection page
469	CVE-2025-29042	7.2%	91.4th	9.8		This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-832x routers
470	CVE-2025-29040	7.2%	91.4th	9.8		This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR 823x routers
471	CVE-2025-55591	6.98%	91.2th	9.8		This critical command injection vulnerability in TOTOLINK-A3002R routers allows attackers to execute
472	CVE-2024-57022	6.95%	91.2th	8.8		This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLIN
473	CVE-2024-57021	6.95%	91.2th	8.8		This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLIN
474	CVE-2024-57020	6.95%	91.2th	8.8		This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLIN
475	CVE-2024-57019	6.95%	91.2th	8.8		This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLIN
476	CVE-2024-57018	6.95%	91.2th	8.8		This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLIN
477	CVE-2024-57017	6.95%	91.2th	8.8		This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLIN
478	CVE-2024-57016	6.95%	91.2th	8.8		This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers where an attacke
479	CVE-2024-57015	6.95%	91.2th	8.8		This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers where attackers
480	CVE-2024-57013	6.95%	91.2th	8.8		This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers where attackers
481	CVE-2024-57012	6.95%	91.2th	8.8		This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLIN
482	CVE-2025-21311	6.84%	91.2th	9.8		This vulnerability allows attackers to exploit weaknesses in Windows NTLM v1 authentication to gain
483	CVE-2025-25231	6.81%	91.1th	7.5		Omnissa Workspace ONE UEM contains a path traversal vulnerability in secondary context paths that al
484	CVE-2025-24118	6.79%	91.1th	7.1		This is a memory corruption vulnerability in Apple operating systems that allows malicious applicati
485	CVE-2024-57609	6.78%	91.1th	8.6		A code injection vulnerability in Pygwalker's login redirection function allows attackers to execute
486	CVE-2026-23550	6.72%	91.1th	10.0		This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p
487	CVE-2025-22226	6.7%	91.1th	7.1	KEV	This vulnerability allows attackers with administrative privileges on a virtual machine to read memo
488	CVE-2025-1338	6.67%	91th	7.3		This critical vulnerability in NUUO Camera software allows remote attackers to execute arbitrary com
489	CVE-2026-21891	6.64%	91th	9.4		This vulnerability allows authentication bypass in ZimaOS by exploiting improper password validation
490	CVE-2025-1025	6.61%	91th	7.5		CVE-2025-1025 is an arbitrary file upload vulnerability in Cockpit CMS where attackers can bypass up
491	CVE-2024-56898	6.59%	91th	8.8		A broken access control vulnerability in Geovision GV-ASWeb versions v6.1.0.0 and earlier allows low
492	CVE-2025-32023	6.59%	91th	7.0		This CVE describes a memory corruption vulnerability in Redis hyperloglog operations that allows aut
493	CVE-2025-57639	6.59%	91th	6.5		This CVE describes an OS command injection vulnerability in Tenda AC9 routers where an attacker can
494	CVE-2025-22654	6.54%	90.9th	10.0		This vulnerability allows attackers to upload malicious files to WordPress sites using the Simplifie
495	CVE-2025-53624	6.49%	90.9th	10.0		The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid
496	CVE-2025-54251	6.45%	90.8th	4.3		Adobe Experience Manager versions 6.5.23.0 and earlier contain an XML injection vulnerability that a
497	CVE-2025-24990	6.43%	90.8th	7.8	KEV	This CVE describes an elevation of privilege vulnerability in the Agere Modem driver (ltmdm64.sys) t
498	CVE-2025-3249	6.4%	90.8th	6.3		This critical vulnerability in TOTOLINK A6000R routers allows remote attackers to execute arbitrary
499	CVE-2025-50757	6.39%	90.8th	6.5		This CVE describes a command injection vulnerability in Wavlink WN535K3 routers that allows attacker
500	CVE-2025-50755	6.39%	90.8th	6.5		This vulnerability allows attackers to execute arbitrary commands on Wavlink WN535K3 routers by send

← Previous Page 10 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free