Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
451	CVE-2024-47516	1.4%	80.1th	9.8	This vulnerability in Pagure allows remote code execution through argument injection in Git operatio
452	CVE-2025-54574	1.39%	80.1th	9.3	Squid caching proxy versions 6.3 and below contain a heap buffer overflow vulnerability in URN proce
453	CVE-2025-20654	1.39%	80th	9.8	This critical vulnerability in MediaTek wlan service allows remote attackers to execute arbitrary co
454	CVE-2025-27590	1.38%	80th	9.0	This vulnerability in oxidized-web allows unauthenticated attackers to execute arbitrary commands as
455	CVE-2024-50660	1.37%	79.9th	9.8	CVE-2024-50660 is a critical file upload bypass vulnerability in AdPortal 3.0.39 that allows remote
456	CVE-2025-45931	1.37%	79.9th	9.8	This critical vulnerability in D-Link DIR-816-A2 routers allows remote attackers to execute arbitrar
457	CVE-2026-0794	1.36%	79.9th	9.8	CVE-2026-0794 is a use-after-free vulnerability in ALGO 8180 IP Audio Alerter devices that allows re
458	CVE-2026-0770	1.36%	79.9th	9.8	This vulnerability allows remote attackers to execute arbitrary code as root on Langflow installatio
459	CVE-2024-39757	1.36%	79.9th	9.1	This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 ro
460	CVE-2024-57520	1.36%	79.8th	9.8	CVE-2024-57520 is an insecure permissions vulnerability in Asterisk v22 that allows directory traver
461	CVE-2025-54074	1.36%	79.8th	9.8	Cherry Studio desktop client versions 1.2.5 to 1.5.1 are vulnerable to OS command injection when con
462	CVE-2025-69542	1.36%	79.8th	9.8	A command injection vulnerability in D-Link DIR895LA1 routers allows attackers to execute arbitrary
463	CVE-2023-53964	1.33%	79.6th	9.8	This vulnerability allows unauthenticated remote attackers to send a POST request to the /usr/cgi-bi
464	CVE-2023-53771	1.33%	79.6th	9.8	MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to cha
465	CVE-2025-25940	1.32%	79.5th	9.8	CVE-2025-25940 is an insecure XML deserialization vulnerability in VisiCut 2.1 that allows remote co
466	CVE-2025-23922	1.32%	79.5th	10.0	A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all
467	CVE-2025-5947	1.32%	79.5th	9.8	The Service Finder Bookings WordPress plugin has an authentication bypass vulnerability that allows
468	CVE-2025-30911	1.31%	79.5th	9.9	This critical vulnerability in RomethemeKit For Elementor WordPress plugin allows authenticated atta
469	CVE-2025-34184	1.31%	79.4th	9.8	This critical vulnerability allows unauthenticated remote attackers to execute arbitrary operating s
470	CVE-2025-61318	1.31%	79.4th	9.1	Emlog Pro 2.5.20 contains an arbitrary file deletion vulnerability in admin/template.php and admin/p
471	CVE-2024-39367	1.3%	79.4th	9.1	This CVE describes an authenticated OS command injection vulnerability in the Wavlink AC3000 router'
472	CVE-2024-39360	1.3%	79.4th	9.1	This vulnerability allows authenticated attackers to execute arbitrary operating system commands on
473	CVE-2024-7776	1.29%	79.3th	9.1	A path traversal vulnerability in the ONNX framework's download_model function allows attackers to o
474	CVE-2025-27657	1.27%	79.2th	9.8	This critical vulnerability in Vasion Print (formerly PrinterLogic) allows remote attackers to execu
475	CVE-2026-0787	1.27%	79.2th	9.8	CVE-2026-0787 is a command injection vulnerability in ALGO 8180 IP Audio Alerter devices that allows
476	CVE-2026-0759	1.27%	79.2th	9.8	This vulnerability allows remote attackers to execute arbitrary commands on systems running Katana N
477	CVE-2026-0756	1.27%	79.2th	9.8	This is a critical command injection vulnerability in github-kanban-mcp-server that allows unauthent
478	CVE-2026-0755	1.27%	79.2th	9.8	This vulnerability allows remote attackers to execute arbitrary commands on systems running vulnerab
479	CVE-2025-15063	1.27%	79.2th	9.8	This is a critical command injection vulnerability in Ollama MCP Server that allows remote attackers
480	CVE-2025-66401	1.26%	79.1th	9.8	MCP Watch versions 0.1.2 and earlier contain a critical command injection vulnerability in the MCPSc
481	CVE-2025-68916	1.25%	79th	9.1	This vulnerability allows attackers to perform directory traversal through the certsupload.cgi endpo
482	CVE-2023-49886	1.25%	79th	9.8	CVE-2023-49886 is a critical remote code execution vulnerability in IBM Standards Processing Engine
483	CVE-2024-11041	1.25%	79th	9.8	CVE-2024-11041 is a critical remote code execution vulnerability in vLLM v0.6.2 where the MessageQue
484	CVE-2025-10659	1.25%	79th	9.8	CVE-2025-10659 allows unauthenticated attackers to execute arbitrary operating system commands on Te
485	CVE-2026-0769	1.24%	79th	9.8	This vulnerability allows remote attackers to execute arbitrary Python code on Langflow installation
486	CVE-2025-0890	1.24%	78.9th	9.8	This vulnerability involves insecure default credentials for the Telnet function in Zyxel VMG4325-B1
487	CVE-2025-14707	1.23%	78.9th	9.8	This is a critical command injection vulnerability in Shiguangwu sgwbox N3 version 2.0.25 that allow
488	CVE-2025-14706	1.23%	78.9th	9.8	This vulnerability allows remote attackers to execute arbitrary commands on Shiguangwu sgwbox N3 dev
489	CVE-2025-14705	1.23%	78.9th	9.8	This vulnerability allows remote attackers to execute arbitrary commands on Shiguangwu sgwbox N3 NAS
490	CVE-2025-27797	1.23%	78.9th	9.8	This CVE describes an OS command injection vulnerability in Wi-Fi AP UNIT 'AC-WPS-11ac series' devic
491	CVE-2024-39602	1.23%	78.8th	9.1	This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 ro
492	CVE-2024-50658	1.22%	78.7th	9.8	This CVE describes a Server-Side Template Injection vulnerability in AdPortal 3.0.39 that allows rem
493	CVE-2024-12366	1.22%	78.7th	9.8	CVE-2024-12366 is a critical prompt injection vulnerability in PandasAI that allows attackers to exe
494	CVE-2024-48856	1.22%	78.7th	9.8	This critical vulnerability allows unauthenticated attackers to exploit an out-of-bounds write in QN
495	CVE-2026-23515	1.21%	78.7th	9.9	Signal K Server versions before 1.5.0 contain a command injection vulnerability in the set-system-ti
496	CVE-2025-22630	1.21%	78.7th	9.9	This CVE describes a command injection vulnerability in the WordPress Widget Options plugin that all
497	CVE-2022-45969	1.21%	78.6th	9.8	CVE-2022-45969 is a directory traversal vulnerability in Alist v3.4.0 that allows attackers to acces
498	CVE-2024-42533	1.2%	78.6th	9.8	This SQL injection vulnerability in Convivance StandVoice's authentication module allows remote atta
499	CVE-2025-4389	1.2%	78.6th	9.8	The Crawlomatic WordPress plugin allows unauthenticated attackers to upload arbitrary files due to m
500	CVE-2025-21535	1.19%	78.5th	9.8	CVE-2025-21535 is a critical vulnerability in Oracle WebLogic Server that allows unauthenticated att

← Previous Page 10 of 70 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free