Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 501 | CVE-2025-52377 |
|
63.2th | 5.4 | This command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router allows authenticated a | |
| 502 | CVE-2024-13364 |
|
63.2th | 5.3 | The Raptive Ads WordPress plugin has an authorization bypass vulnerability that allows unauthenticat | |
| 503 | CVE-2025-2363 |
|
63.2th | 6.3 | This critical vulnerability in lenve VBlog allows remote attackers to perform path traversal attacks | |
| 504 | CVE-2025-4903 |
|
63.1th | 5.3 | This critical vulnerability in D-Link DI-7003GV2 routers allows remote attackers to change passwords | |
| 505 | CVE-2025-27867 |
|
63th | 5.6 | This is a cross-site scripting (XSS) vulnerability in Apache Felix HTTP Webconsole Plugin that allow | |
| 506 | CVE-2025-0840 |
|
62.8th | 5.0 | A stack-based buffer overflow vulnerability exists in GNU Binutils' objdump tool when processing spe | |
| 507 | CVE-2024-35106 |
|
62.8th | 4.6 | A buffer overflow vulnerability exists in the NEXTU FLETA AX1500 WIFI6 router's web interface at /bo | |
| 508 | CVE-2025-2367 |
|
62.8th | 6.3 | This CVE describes a critical OS command injection vulnerability in Oiwtech OIW-2431APGN-HP wireless | |
| 509 | CVE-2024-36403 |
|
62.8th | 5.3 | Matrix Media Repo (MMR) before version 1.3.5 is vulnerable to a disk fill attack where unauthenticat | |
| 510 | CVE-2025-23237 |
|
62.7th | 6.6 | This CVE describes an OS command injection vulnerability in UD-LT2 firmware that allows authenticate | |
| 511 | CVE-2025-2477 |
|
62.7th | 4.7 | The CryoKey WordPress plugin has a reflected cross-site scripting vulnerability in the 'ckemail' par | |
| 512 | CVE-2025-27774 |
|
62.7th | 5.3 | Applio voice conversion tool versions 3.2.7 and earlier contain server-side request forgery (SSRF) a | |
| 513 | CVE-2024-46209 |
|
62.6th | 5.4 | A stored cross-site scripting (XSS) vulnerability in REDAXO CMS v5.17.1 allows attackers to inject m | |
| 514 | CVE-2025-0461 |
|
62.6th | 4.3 | This CVE describes a path traversal vulnerability in Shanghai Lingdang Information Technology's Ling | |
| 515 | CVE-2019-25222 |
|
62.6th | 4.9 | This SQL injection vulnerability in the WordPress Thumbnail Carousel Slider plugin allows unauthenti | |
| 516 | CVE-2025-8712 |
|
62.6th | 5.4 | This CVE describes a missing authorization vulnerability in Ivanti secure access products that allow | |
| 517 | CVE-2025-15139 |
|
62.4th | 6.3 | This CVE describes a command injection vulnerability in TRENDnet TEW-822DRE routers that allows remo | |
| 518 | CVE-2025-15133 |
|
62.4th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on ZSPACE Z4Pro+ devices th | |
| 519 | CVE-2025-15132 |
|
62.4th | 6.3 | This CVE describes a command injection vulnerability in ZSPACE Z4Pro+ devices that allows remote att | |
| 520 | CVE-2025-15131 |
|
62.4th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on ZSPACE Z4Pro+ devices th | |
| 521 | CVE-2025-3051 |
|
62.2th | 6.5 | This vulnerability in Linux::Statm::Tiny for Perl allows untrusted code from the current working dir | |
| 522 | CVE-2025-9808 |
|
62.1th | 5.3 | The Events Calendar WordPress plugin versions up to 6.15.2 expose information about password-protect | |
| 523 | CVE-2025-11138 |
|
62.1th | 6.3 | This CVE describes a remote command injection vulnerability in wenkucms versions up to 3.4. Attacker | |
| 524 | CVE-2025-10964 |
|
62.1th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 devices | |
| 525 | CVE-2025-10963 |
|
62.1th | 6.3 | This CVE describes a command injection vulnerability in Wavlink NU516U1 routers running firmware ver | |
| 526 | CVE-2025-10962 |
|
62.1th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers | |
| 527 | CVE-2025-10960 |
|
62.1th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers | |
| 528 | CVE-2025-10959 |
|
62.1th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers | |
| 529 | CVE-2025-10958 |
|
62.1th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers | |
| 530 | CVE-2025-11303 |
|
62.1th | 6.3 | This CVE describes a command injection vulnerability in Belkin F9K1015 routers. Attackers can remote | |
| 531 | CVE-2025-2990 |
|
62th | 5.3 | This critical vulnerability in Tenda FH1202 routers allows attackers to bypass access controls via t | |
| 532 | CVE-2025-60688 |
|
61.8th | 6.5 | A stack buffer overflow vulnerability in ToToLink router firmware allows unauthenticated attackers t | |
| 533 | CVE-2025-60684 |
|
61.8th | 6.5 | A stack buffer overflow vulnerability in ToToLink router firmware allows unauthenticated attackers t | |
| 534 | CVE-2025-2025 |
|
61.7th | 6.5 | The GiveWP WordPress plugin has an authorization vulnerability that allows unauthenticated attackers | |
| 535 | CVE-2025-1938 |
|
61.6th | 6.5 | This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruptio | |
| 536 | CVE-2025-27299 |
|
61.5th | 5.3 | This path traversal vulnerability in the MyTicket Events WordPress plugin allows attackers to read f | |
| 537 | CVE-2025-5935 |
|
61.5th | 5.3 | A denial-of-service vulnerability in Open5GS AMF/MME component allows remote attackers to crash the | |
| 538 | CVE-2024-53969 |
|
61.4th | 5.4 | This DOM-based Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager allows attackers | |
| 539 | CVE-2024-53967 |
|
61.4th | 5.4 | Adobe Experience Manager versions 6.5.21 and earlier contain a DOM-based cross-site scripting vulner | |
| 540 | CVE-2025-44179 |
|
61.4th | 6.5 | This CVE describes a command injection vulnerability in Hitron CGNF-TWN routers that allows attacker | |
| 541 | CVE-2024-45478 |
|
61.3th | 4.8 | A stored cross-site scripting (XSS) vulnerability exists in the Edit Service Page of Apache Ranger's | |
| 542 | CVE-2025-21401 |
|
61.3th | 4.5 | This vulnerability allows attackers to bypass security features in Microsoft Edge, potentially enabl | |
| 543 | CVE-2025-2733 |
|
61.3th | 6.3 | This critical vulnerability in OpenManus allows remote attackers to execute arbitrary operating syst | |
| 544 | CVE-2025-28401 |
|
61.2th | 6.7 | A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privi | |
| 545 | CVE-2025-1741 |
|
61.1th | 4.7 | This vulnerability in b1gMail allows remote attackers to perform deserialization attacks via the que | |
| 546 | CVE-2025-27776 |
|
61th | 5.3 | Applio versions 3.2.7 and earlier contain a server-side request forgery (SSRF) vulnerability in mode | |
| 547 | CVE-2025-26346 |
|
60.9th | 5.5 | This SQL injection vulnerability in Q-Free MaxTime allows authenticated attackers to execute arbitra | |
| 548 | CVE-2025-12916 |
|
60.9th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on Sangfor Operation and Ma | |
| 549 | CVE-2025-13800 |
|
60.9th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on ADSLR NBR1005GPEV2 route | |
| 550 | CVE-2025-13799 |
|
60.9th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on ADSLR NBR1005GPEV2 route |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free