Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 501 | CVE-2024-12627 |
|
79.4th | 7.5 | This vulnerability allows authenticated WordPress users with Contributor-level access or higher to p | |
| 502 | CVE-2025-32706 |
|
79.4th | 7.8 | KEV | This vulnerability allows an authorized attacker with local access to exploit improper input validat |
| 503 | CVE-2025-0650 |
|
79.4th | 8.1 | This vulnerability in Open Virtual Network (OVN) allows specially crafted UDP packets to bypass egre | |
| 504 | CVE-2025-2303 |
|
79.4th | 8.8 | This vulnerability allows authenticated WordPress users with Contributor-level access or higher to e | |
| 505 | CVE-2025-29807 |
|
79.3th | 8.7 | This vulnerability allows an authorized attacker to execute arbitrary code on Microsoft Dataverse se | |
| 506 | CVE-2024-13671 |
|
79.3th | 7.5 | The Music Sheet Viewer WordPress plugin contains an arbitrary file read vulnerability that allows un | |
| 507 | CVE-2025-2056 |
|
79.3th | 7.5 | The WP Ghost (Hide My WP Ghost) plugin for WordPress has a path traversal vulnerability in the showF | |
| 508 | CVE-2024-13163 |
|
79.1th | 7.8 | This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti Endpo | |
| 509 | CVE-2024-10954 |
|
79.1th | 8.8 | This vulnerability allows remote code execution on servers running vulnerable versions of the gpt_ac | |
| 510 | CVE-2025-57685 |
|
79.1th | 8.8 | This vulnerability allows unauthenticated attackers to execute arbitrary commands with highest privi | |
| 511 | CVE-2025-1853 |
|
79.1th | 8.8 | A critical stack-based buffer overflow vulnerability in Tenda AC8 routers allows remote attackers to | |
| 512 | CVE-2025-56110 |
|
79.1th | 8.8 | This CVE describes an OS command injection vulnerability in Ruijie RG-BCR860 routers that allows att | |
| 513 | CVE-2025-56109 |
|
79.1th | 8.8 | This CVE describes an OS command injection vulnerability in Ruijie RG-BCR860 routers that allows att | |
| 514 | CVE-2025-0308 |
|
79.1th | 7.5 | This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks agai | |
| 515 | CVE-2024-10950 |
|
79th | 8.8 | This vulnerability allows attackers to execute arbitrary code on servers running vulnerable versions | |
| 516 | CVE-2024-58258 |
|
79th | 7.2 | This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in SugarCRM's API module that | |
| 517 | CVE-2026-2184 |
|
78.9th | 7.3 | This CVE describes an OS command injection vulnerability in the Great Developers Certificate Generat | |
| 518 | CVE-2024-11600 |
|
78.8th | 7.2 | This vulnerability allows authenticated WordPress administrators to execute arbitrary code on server | |
| 519 | CVE-2025-2749 |
|
78.8th | 7.2 | This vulnerability allows authenticated users of Kentico Xperience's Staging Sync Server to upload a | |
| 520 | CVE-2025-6393 |
|
78.8th | 8.8 | This critical buffer overflow vulnerability in TOTOLINK routers allows remote attackers to execute a | |
| 521 | CVE-2024-57542 |
|
78.7th | 8.8 | The Linksys E8450 router firmware contains a command injection vulnerability in the email check func | |
| 522 | CVE-2025-11045 |
|
78.7th | 7.3 | This vulnerability allows remote attackers to execute arbitrary commands on WAYOS LQ series devices | |
| 523 | CVE-2025-21305 |
|
78.7th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin | |
| 524 | CVE-2025-21303 |
|
78.7th | 8.8 | This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code on | |
| 525 | CVE-2025-21302 |
|
78.7th | 8.8 | This is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote a | |
| 526 | CVE-2025-21248 |
|
78.7th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin | |
| 527 | CVE-2025-21246 |
|
78.7th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin | |
| 528 | CVE-2025-21245 |
|
78.7th | 8.8 | This is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote a | |
| 529 | CVE-2025-21239 |
|
78.7th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin | |
| 530 | CVE-2025-21238 |
|
78.7th | 8.8 | This is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote a | |
| 531 | CVE-2025-21237 |
|
78.7th | 8.8 | This is a heap-based buffer overflow vulnerability in the Windows Telephony Service that allows remo | |
| 532 | CVE-2025-21236 |
|
78.7th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin | |
| 533 | CVE-2025-21233 |
|
78.7th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin | |
| 534 | CVE-2025-21223 |
|
78.7th | 8.8 | This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code on | |
| 535 | CVE-2025-21176 |
|
78.6th | 8.8 | This vulnerability allows remote code execution in .NET, .NET Framework, and Visual Studio applicati | |
| 536 | CVE-2025-10792 |
|
78.6th | 8.8 | This CVE describes a remote buffer overflow vulnerability in D-Link DIR-513 A1FW110 routers via the | |
| 537 | CVE-2024-28777 |
|
78.6th | 8.8 | IBM Cognos Controller and IBM Controller contain an unrestricted deserialization vulnerability that | |
| 538 | CVE-2025-21208 |
|
78.5th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on Windows systems running the | |
| 539 | CVE-2025-6807 |
|
78.5th | 7.5 | This vulnerability allows remote attackers to read sensitive files on Marvell QConvergeConsole insta | |
| 540 | CVE-2025-6795 |
|
78.5th | 7.5 | This vulnerability allows unauthenticated remote attackers to perform directory traversal attacks on | |
| 541 | CVE-2025-13645 |
|
78.5th | 7.2 | The Modula Image Gallery WordPress plugin versions 2.13.1 to 2.13.2 contain an arbitrary file deleti | |
| 542 | CVE-2024-13352 |
|
78.5th | 7.1 | The Legull WordPress plugin through version 1.2.2 contains a reflected cross-site scripting (XSS) vu | |
| 543 | CVE-2025-21623 |
|
78.4th | 7.5 | This vulnerability in ClipBucket V5 allows unauthenticated attackers to perform directory traversal | |
| 544 | CVE-2026-0786 |
|
78.4th | 8.8 | CVE-2026-0786 is a command injection vulnerability in ALGO 8180 IP Audio Alerter devices that allows | |
| 545 | CVE-2024-51144 |
|
78.4th | 8.8 | This CSRF vulnerability in Ampache allows attackers to trick authenticated users into performing uni | |
| 546 | CVE-2025-25759 |
|
78.3th | 7.5 | This vulnerability in SUCMS v1.0 allows attackers to perform directory traversal and delete arbitrar | |
| 547 | CVE-2024-7033 |
|
78.3th | 7.2 | This vulnerability allows attackers to write arbitrary files to the server's filesystem by manipulat | |
| 548 | CVE-2025-27751 |
|
78.3th | 7.8 | A use-after-free vulnerability in Microsoft Office Excel allows attackers to execute arbitrary code | |
| 549 | CVE-2024-57728 |
|
78.2th | 7.2 | CVE-2024-57728 is a path traversal vulnerability in SimpleHelp remote support software that allows a | |
| 550 | CVE-2021-47693 |
|
78.2th | 8.8 | This SQL injection vulnerability in Nagios XI's Core Config Manager allows authenticated users to in |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free