Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
551	CVE-2024-41790	1.02%	76.9th	9.1	This vulnerability allows authenticated remote attackers to execute arbitrary code with root privile
552	CVE-2024-41788	1.02%	76.9th	9.1	This vulnerability allows authenticated remote attackers to execute arbitrary code with root privile
553	CVE-2025-56005	1.02%	76.8th	9.8	CVE-2025-56005 is a critical vulnerability in the PLY (Python Lex-Yacc) library that allows remote c
554	CVE-2025-63690	1.02%	76.8th	9.1	This vulnerability allows remote attackers to execute arbitrary code on pig-mesh Pig servers by expl
555	CVE-2025-47855	1.01%	76.7th	9.8	An unauthenticated attacker can obtain device configuration files from vulnerable FortiFone systems
556	CVE-2025-30012	1.01%	76.7th	10.0	This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands a
557	CVE-2025-61304	1.01%	76.7th	9.8	This CVE describes an OS command injection vulnerability in Dynatrace ActiveGate's ping extension. A
558	CVE-2025-1009	1%	76.6th	9.8	A use-after-free vulnerability in Firefox and Thunderbird allows attackers to cause potentially expl
559	CVE-2025-21628	1%	76.6th	9.1	This SQL injection vulnerability in Chatwoot allows authenticated users to execute arbitrary SQL que
560	CVE-2025-32973	1%	76.6th	9.0	This vulnerability in XWiki allows attackers to gain programming rights through a privilege escalati
561	CVE-2024-14003	0.99%	76.5th	9.8	Nagios XI versions before 2024R1.2 contain a critical remote code execution vulnerability in the NRD
562	CVE-2025-20124	0.99%	76.4th	9.9	This vulnerability allows authenticated attackers with read-only admin credentials to execute arbitr
563	CVE-2025-6389	0.99%	76.4th	9.8	The Sneeit Framework WordPress plugin has a critical Remote Code Execution vulnerability that allows
564	CVE-2025-20363	0.98%	76.4th	9.0	This critical vulnerability allows remote attackers to execute arbitrary code with root privileges o
565	CVE-2025-14500	0.98%	76.4th	9.8	This vulnerability allows unauthenticated remote attackers to execute arbitrary operating system com
566	CVE-2025-61811	0.98%	76.3th	9.1	This CVE describes an Improper Access Control vulnerability in Adobe ColdFusion that allows high-pri
567	CVE-2024-32641	0.98%	76.4th	9.8	CVE-2024-32641 is a critical remote code execution vulnerability in Masa CMS that allows unauthentic
568	CVE-2024-8019	0.98%	76.3th	9.1	This vulnerability in PyTorch Lightning's LightningApp allows attackers to write arbitrary files via
569	CVE-2025-28399	0.98%	76.3th	9.8	A privilege escalation vulnerability in Erick xmall v1.1 and earlier allows remote attackers to gain
570	CVE-2025-28412	0.98%	76.3th	9.8	A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privi
571	CVE-2025-28410	0.98%	76.3th	9.8	A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain administrative
572	CVE-2025-28408	0.98%	76.3th	9.8	A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privi
573	CVE-2025-28405	0.98%	76.3th	9.8	A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privi
574	CVE-2025-28402	0.98%	76.3th	9.8	A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privi
575	CVE-2024-13790	0.97%	76.3th	9.8	This vulnerability allows unauthenticated attackers to perform Local File Inclusion (LFI) in the Min
576	CVE-2024-58308	0.97%	76.2th	9.8	CVE-2024-58308 is a critical SQL injection vulnerability in Quick.CMS 6.7 that allows unauthenticate
577	CVE-2025-22204	0.97%	76.2th	9.8	This vulnerability allows remote attackers to execute arbitrary code on Joomla websites using the So
578	CVE-2025-65294	0.97%	76.2th	9.8	Aqara Hub devices contain an undocumented remote access mechanism that allows attackers to execute a
579	CVE-2025-30727	0.96%	76.1th	9.8	This critical vulnerability in Oracle E-Business Suite's iSurvey Module allows unauthenticated attac
580	CVE-2025-30457	0.96%	76.1th	9.8	This macOS vulnerability allows malicious applications to create symbolic links to protected disk re
581	CVE-2025-63218	0.96%	76.1th	9.8	This vulnerability allows unauthenticated remote attackers to completely compromise Axel Technology
582	CVE-2025-25388	0.95%	76th	9.8	A SQL injection vulnerability in PHPGurukul Land Record System v1.0 allows remote attackers to execu
583	CVE-2025-25914	0.95%	76th	9.8	A SQL injection vulnerability in Online Exam Mastering System v1.0 allows remote attackers to execut
584	CVE-2025-58045	0.94%	75.9th	9.8	This vulnerability in Dataease allows attackers to exploit the DB2 JDBC connection string to trigger
585	CVE-2026-25643	0.94%	75.8th	9.1	CVE-2026-25643 is a critical Remote Command Execution vulnerability in Frigate NVR software that all
586	CVE-2025-11367	0.94%	75.8th	9.8	CVE-2025-11367 allows remote attackers to execute arbitrary code on systems running vulnerable versi
587	CVE-2024-51138	0.93%	75.7th	9.8	A critical stack-based buffer overflow vulnerability in DrayTek router TR069 STUN server URL parsing
588	CVE-2024-10901	0.93%	75.7th	9.8	This vulnerability in eosphoros-ai/db-gpt allows attackers to execute arbitrary SQL queries via an u
589	CVE-2025-7384	0.93%	75.6th	9.8	This vulnerability allows unauthenticated attackers to perform PHP object injection through deserial
590	CVE-2025-1023	0.93%	75.6th	9.8	A critical SQL injection vulnerability in ChurchCRM versions 5.13.0 and earlier allows attackers to
591	CVE-2024-57430	0.93%	75.6th	9.8	An SQL injection vulnerability in PHPJabbers Cinema Booking System v2.0 allows attackers to manipula
592	CVE-2025-58384	0.93%	75.6th	10.0	This vulnerability allows remote attackers to execute arbitrary code on DOXENSE WATCHDOC systems by
593	CVE-2024-13786	0.9%	75.3th	9.8	The Education WordPress theme has a PHP object injection vulnerability that allows unauthenticated a
594	CVE-2025-61913	0.9%	75.3th	9.9	This vulnerability in Flowise allows authenticated attackers to read and write arbitrary files anywh
595	CVE-2025-23045	0.9%	75.2th	9.8	This vulnerability allows authenticated attackers to execute arbitrary code within CVAT's Nuclio fun
596	CVE-2024-49649	0.9%	75.2th	9.8	This vulnerability allows attackers to include local files on the server through improper input vali
597	CVE-2024-10442	0.89%	75.2th	10.0	This critical vulnerability allows remote attackers to execute arbitrary code on affected Synology s
598	CVE-2025-0960	0.89%	75.1th	9.8	AutomationDirect C-more EA9 HMI devices contain a buffer overflow vulnerability due to insufficient
599	CVE-2025-34071	0.89%	75.1th	9.8	This critical vulnerability in GFI Kerio Control allows attackers with administrative access to uplo
600	CVE-2024-54808	0.89%	75.1th	9.8	This CVE describes a critical stack-based buffer overflow vulnerability in Netgear WNR854T routers t

← Previous Page 12 of 70 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free