Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
501	CVE-2026-1601	6.37%	90.8th	6.3		This vulnerability allows remote attackers to execute arbitrary commands on Totolink A7000R routers
502	CVE-2024-49747	6.3%	90.7th	9.8		This critical vulnerability in Android's Bluetooth GATT server allows remote attackers to execute ar
503	CVE-2022-3180	6.26%	90.7th	9.8		CVE-2022-3180 is an unauthenticated privilege escalation vulnerability in the WPGateway WordPress pl
504	CVE-2023-28354	6.21%	90.7th	9.8		CVE-2023-28354 is a critical remote code execution vulnerability in Opsview Monitor Agent 6.8 that a
505	CVE-2024-12152	6.19%	90.6th	7.5		The MIPL WC Multisite Sync WordPress plugin contains a directory traversal vulnerability that allows
506	CVE-2025-15503	6.15%	90.6th	7.3		CVE-2025-15503 is an unrestricted file upload vulnerability in Sangfor Operation and Maintenance Man
507	CVE-2025-2094	6.14%	90.6th	6.3		This critical vulnerability in TOTOLINK EX1800T routers allows remote attackers to execute arbitrary
508	CVE-2025-21417	6.04%	90.5th	8.8		This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
509	CVE-2025-21413	6.04%	90.5th	8.8		This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
510	CVE-2025-21411	6.04%	90.5th	8.8		This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
511	CVE-2025-21409	6.04%	90.5th	8.8		This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
512	CVE-2025-21339	6.04%	90.5th	8.8		This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
513	CVE-2024-13979	5.99%	90.5th	9.8		This is a critical SQL injection vulnerability in the St. Joe ERP system that allows unauthenticated
514	CVE-2025-24104	5.98%	90.5th	5.5		This vulnerability allows an attacker to modify protected system files on iOS/iPadOS devices by rest
515	CVE-2025-43559	5.98%	90.5th	9.1		This CVE describes an improper input validation vulnerability in Adobe ColdFusion that allows authen
516	CVE-2025-27222	5.94%	90.4th	8.6		CVE-2025-27222 is a path traversal vulnerability in TRUfusion Enterprise's /trufusionPortal/getCobra
517	CVE-2025-46819	5.94%	90.4th	6.3		This vulnerability in Redis allows authenticated users to execute specially crafted LUA scripts that
518	CVE-2025-30216	5.93%	90.4th	9.4		A heap overflow vulnerability in CryptoLib's TM protocol processing allows attackers to trigger arbi
519	CVE-2025-29805	5.89%	90.4th	7.5		CVE-2025-29805 is an information disclosure vulnerability in Outlook for Android that allows unautho
520	CVE-2026-21510	5.83%	90.3th	8.8	KEV	A protection mechanism failure in Windows Shell allows attackers to bypass security features over a
521	CVE-2026-21858	5.82%	90.3th	10.0		This vulnerability in n8n workflow automation platform allows unauthenticated remote attackers to ex
522	CVE-2025-6218	5.81%	90.3th	7.8	KEV	This vulnerability in WinRAR allows attackers to execute arbitrary code by tricking users into openi
523	CVE-2025-11307	5.81%	90.3th	8.8		This vulnerability in the WP Go Maps WordPress plugin allows unauthenticated attackers to inject mal
524	CVE-2025-52207	5.8%	90.3th	9.9		This vulnerability allows unauthenticated attackers to upload PHP scripts to arbitrary directories o
525	CVE-2025-44862	5.77%	90.3th	6.3		This CVE describes a command injection vulnerability in TOTOLINK CA300-POE routers that allows attac
526	CVE-2025-44846	5.77%	90.3th	6.3		This CVE describes a command injection vulnerability in TOTOLINK CA600-PoE routers that allows attac
527	CVE-2025-44838	5.77%	90.3th	6.3		This CVE describes a command injection vulnerability in TOTOLINK CP900 routers that allows attackers
528	CVE-2025-44836	5.77%	90.3th	6.3		This command injection vulnerability in TOTOLINK CP900 routers allows attackers to execute arbitrary
529	CVE-2025-44854	5.77%	90.3th	6.3		This CVE describes a command injection vulnerability in TOTOLINK CP900 routers that allows attackers
530	CVE-2025-10666	5.77%	90.3th	8.8		A buffer overflow vulnerability in D-Link DIR-825 routers allows remote attackers to execute arbitra
531	CVE-2024-37301	5.75%	90.3th	7.2		CVE-2024-37301 is a server-side template injection vulnerability in Document Merge Service versions
532	CVE-2025-21355	5.74%	90.2th	8.6		CVE-2025-21355 is a missing authentication vulnerability in Microsoft Bing that allows unauthorized
533	CVE-2024-13129	5.74%	90.2th	8.8		CVE-2024-13129 is a critical OS command injection vulnerability in Roxy-WI's action_service function
534	CVE-2024-54880	5.71%	90.2th	9.1		SeaCMS V13.1 contains an incorrect access control vulnerability that allows attackers to bypass regi
535	CVE-2025-44866	5.67%	90.2th	6.3		This CVE describes a command injection vulnerability in Tenda W20E routers that allows attackers to
536	CVE-2025-44864	5.67%	90.2th	6.3		This CVE describes a command injection vulnerability in Tenda W20E routers that allows attackers to
537	CVE-2024-55417	5.66%	90.2th	4.3		CVE-2024-55417 allows authenticated users in DevDojo Voyager to bypass file type verification when u
538	CVE-2025-2007	5.64%	90.1th	8.1		This vulnerability in the Import Export Suite for CSV and XML Datafeed WordPress plugin allows authe
539	CVE-2024-57972	5.59%	90.1th	6.5		This vulnerability allows remote attackers to cause Denial of Service on Microsoft HoloLens devices
540	CVE-2025-25605	5.59%	90.1th	6.5		This vulnerability allows remote attackers to execute arbitrary commands on Totolink X5000R routers
541	CVE-2025-0528	5.59%	90.1th	7.2		This critical vulnerability in Tenda AC8, AC10, and AC18 routers allows remote attackers to execute
542	CVE-2025-25296	5.55%	90.1th	6.1		This vulnerability allows attackers to inject malicious HTML/JavaScript through Label Studio's uploa
543	CVE-2025-2609	5.52%	90th	8.2		An unauthenticated cross-site scripting (XSS) vulnerability in MagnusBilling's login logging compone
544	CVE-2025-21335	5.49%	90th	7.8	KEV	This vulnerability allows an authenticated attacker with guest VM access to execute arbitrary code w
545	CVE-2024-28988	5.46%	90th	9.8		CVE-2024-28988 is a critical Java deserialization vulnerability in SolarWinds Web Help Desk that all
546	CVE-2025-61044	5.45%	90th	9.8		This CVE describes a command injection vulnerability in TOTOLINK X18 routers that allows attackers t
547	CVE-2025-49586	5.44%	90th	8.8		This vulnerability allows any XWiki user with edit rights on an App Within Minutes application to es
548	CVE-2025-21377	5.41%	89.9th	6.5		This vulnerability allows attackers to spoof NTLM hash disclosure, potentially enabling credential t
549	CVE-2025-56266	5.41%	89.9th	9.8		A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitra
550	CVE-2024-12313	5.4%	89.9th	8.1		The Compare Products for WooCommerce WordPress plugin is vulnerable to PHP object injection through

← Previous Page 11 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free