Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 6301 | CVE-2025-1163 |
|
39.1th | 5.3 | A critical stack-based buffer overflow vulnerability exists in the Vehicle Parking Management System | |
| 6302 | CVE-2025-0949 |
|
39.2th | 6.3 | This critical SQL injection vulnerability in Tailoring Management System 1.0 allows remote attackers | |
| 6303 | CVE-2025-0947 |
|
39.2th | 6.3 | CVE-2025-0947 is a critical SQL injection vulnerability in itsourcecode Tailoring Management System | |
| 6304 | CVE-2025-0945 |
|
39.2th | 6.3 | CVE-2025-0945 is a critical SQL injection vulnerability in itsourcecode Tailoring Management System | |
| 6305 | CVE-2025-30122 |
|
39.1th | 9.8 | ROADCAM X3 devices have hardcoded default credentials that cannot be changed by users, allowing atta | |
| 6306 | CVE-2025-30115 |
|
39.1th | 9.8 | The Forvia Hella HELLA Driving Recorder DR 820 uses hardcoded default WiFi credentials (SSID and pas | |
| 6307 | CVE-2025-30113 |
|
39.1th | 9.8 | The Forvia Hella HELLA Driving Recorder DR 820 dashcam's Android application contains hardcoded cred | |
| 6308 | CVE-2025-1960 |
|
39.1th | 9.8 | This vulnerability allows attackers to execute unauthorized commands on Schneider Electric systems w | |
| 6309 | CVE-2024-56336 |
|
39.1th | 9.8 | This vulnerability affects SINAMICS S200 industrial drives with specific serial numbers, allowing at | |
| 6310 | CVE-2025-27682 |
|
39.2th | 9.8 | CVE-2025-27682 is an insecure log permissions vulnerability in Vasion Print (formerly PrinterLogic) | |
| 6311 | CVE-2025-20162 |
|
39.2th | 8.6 | A vulnerability in Cisco IOS XE Software's DHCP snooping feature allows unauthenticated remote attac | |
| 6312 | CVE-2025-9286 |
|
39.1th | 9.8 | This vulnerability allows unauthenticated attackers to reset passwords of any WordPress user, includ | |
| 6313 | CVE-2025-13305 |
|
39.2th | 8.8 | A buffer overflow vulnerability in D-Link routers allows remote attackers to execute arbitrary code | |
| 6314 | CVE-2025-13304 |
|
39.2th | 8.8 | A buffer overflow vulnerability in D-Link routers allows remote attackers to execute arbitrary code | |
| 6315 | CVE-2025-27020 |
|
39.1th | 9.8 | An improper SSH configuration in Infinera MTC-9 allows unauthenticated attackers to execute arbitrar | |
| 6316 | CVE-2025-68924 |
|
39.1th | 7.5 | This vulnerability allows authenticated attackers in UmbracoForms to execute arbitrary code by suppl | |
| 6317 | CVE-2026-22198 |
|
39.1th | 6.1 | This CVE describes a pre-authentication stored XSS vulnerability in GestSup's API error logging func | |
| 6318 | CVE-2024-12129 |
|
39th | 8.8 | The Royal Core WordPress plugin has a privilege escalation vulnerability that allows authenticated u | |
| 6319 | CVE-2024-10591 |
|
39th | 8.8 | This vulnerability allows authenticated attackers with at least Contributor-level access in WordPres | |
| 6320 | CVE-2024-55927 |
|
39.1th | 7.6 | This vulnerability in Xerox Workplace Suite allows attackers to predict or forge authentication toke | |
| 6321 | CVE-2024-12237 |
|
39th | 4.3 | This SSRF vulnerability in the WordPress Photo Gallery Slideshow & Masonry Tiled Gallery plugin allo | |
| 6322 | CVE-2025-26907 |
|
39th | 7.5 | This stored cross-site scripting (XSS) vulnerability in the Estatik Mortgage Calculator WordPress pl | |
| 6323 | CVE-2025-1465 |
|
39.1th | 4.1 | This vulnerability in lmxcms 1.41 allows remote attackers to inject malicious code through the db.in | |
| 6324 | CVE-2024-13677 |
|
39th | 8.8 | This vulnerability allows authenticated attackers with subscriber-level access or higher to change a | |
| 6325 | CVE-2024-40591 |
|
39.1th | 8.8 | This vulnerability allows authenticated administrators with Security Fabric permission to escalate t | |
| 6326 | CVE-2024-13343 |
|
39th | 8.8 | The WooCommerce Customers Manager plugin for WordPress has a privilege escalation vulnerability that | |
| 6327 | CVE-2025-2982 |
|
39.1th | 6.3 | This critical vulnerability in Legrand SMS PowerView 1.x allows remote attackers to perform file inc | |
| 6328 | CVE-2025-2361 |
|
39th | 4.3 | This CVE describes a cross-site scripting (XSS) vulnerability in Mercurial SCM's web interface. Atta | |
| 6329 | CVE-2025-1657 |
|
39th | 8.8 | The uListing WordPress plugin has a vulnerability that allows authenticated attackers with subscribe | |
| 6330 | CVE-2024-12810 |
|
39.1th | 8.8 | This vulnerability in the JobCareer WordPress theme allows authenticated users with Subscriber-level | |
| 6331 | CVE-2025-2103 |
|
39th | 8.8 | The SoundRise Music WordPress plugin has an authorization vulnerability that allows authenticated us | |
| 6332 | CVE-2024-50706 |
|
39th | 9.8 | This is an unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ that all | |
| 6333 | CVE-2025-2442 |
|
39.1th | 6.8 | A CWE-1188 vulnerability in Schneider Electric products allows physical attackers to reset devices t | |
| 6334 | CVE-2024-45699 |
|
39th | 5.4 | This CVE describes a reflected Cross-Site Scripting (XSS) vulnerability in Zabbix's /zabbix.php endp | |
| 6335 | CVE-2025-30210 |
|
39.1th | 6.1 | Bruno API IDE versions before 1.39.1 contain a cross-site scripting vulnerability where environment | |
| 6336 | CVE-2025-49591 |
|
39th | 9.1 | CryptPad versions before 2025.3.0 have a critical 2FA bypass vulnerability. Attackers who obtain use | |
| 6337 | CVE-2025-27955 |
|
39th | 6.5 | Clinical Collaboration Platform 12.2.1.5 has a session token vulnerability where logout doesn't inva | |
| 6338 | CVE-2025-9585 |
|
39th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on Comfast CF-N1 routers ru | |
| 6339 | CVE-2025-9583 |
|
39th | 6.3 | A command injection vulnerability in the ping_config function of Comfast CF-N1 firmware version 2.6. | |
| 6340 | CVE-2025-53518 |
|
39th | 9.8 | An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe | |
| 6341 | CVE-2025-52581 |
|
39th | 9.8 | An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh | |
| 6342 | CVE-2025-54387 |
|
39th | 9.8 | CVE-2025-54387 is a path traversal vulnerability in IPX image optimization software that allows atta | |
| 6343 | CVE-2025-56869 |
|
39th | 5.3 | This directory traversal vulnerability in Sync In server allows authenticated attackers to read and | |
| 6344 | CVE-2025-63206 |
|
39th | 9.8 | An authentication bypass vulnerability in Dasan Switch DS2924 web interface allows attackers to gain | |
| 6345 | CVE-2025-14188 |
|
39th | 7.2 | This CVE describes a command injection vulnerability in UGREEN DH2100+ NAS devices that allows remot | |
| 6346 | CVE-2026-23849 |
|
39th | 5.3 | This CVE describes a timing attack vulnerability in File Browser's authentication mechanism that all | |
| 6347 | CVE-2025-15456 |
|
39th | 7.3 | This vulnerability in MiniCMS allows attackers to bypass authentication mechanisms and potentially p | |
| 6348 | CVE-2024-56316 |
|
38.9th | 7.5 | This vulnerability allows remote unauthenticated attackers to send crafted TR069 requests to AXESS A | |
| 6349 | CVE-2024-57679 |
|
38.9th | 6.5 | This vulnerability allows unauthenticated attackers to remotely configure the 2.4G and 5G repeater s | |
| 6350 | CVE-2024-40854 |
|
38.9th | 5.5 | A memory initialization vulnerability in Apple operating systems allows malicious applications to ca |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free