Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
601	CVE-2024-57583	4.29%	88.6th	9.8		This CVE describes a command injection vulnerability in Tenda AC18 routers that allows attackers to
602	CVE-2025-55590	4.29%	88.6th	6.5		This CVE describes a command injection vulnerability in TOTOLINK A3002R routers via the bupload.html
603	CVE-2025-1946	4.28%	88.6th	6.3		This critical vulnerability in hzmanyun Education and Training System 2.1 allows remote attackers to
604	CVE-2025-26667	4.28%	88.6th	6.5		This vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthorized network a
605	CVE-2024-50960	4.28%	88.6th	7.2		A command injection vulnerability in the Nmap diagnostic tool within Extron SMP/SME admin web consol
606	CVE-2013-10044	4.26%	88.6th	8.8		This CVE describes a critical vulnerability chain in OpenEMR where an authenticated attacker can per
607	CVE-2024-49601	4.26%	88.6th	7.3		CVE-2024-49601 is an OS command injection vulnerability in Dell Unity storage systems that allows un
608	CVE-2024-11848	4.25%	88.5th	8.1		The NitroPack WordPress plugin has an authorization bypass vulnerability that allows authenticated u
609	CVE-2025-1716	4.25%	88.5th	9.8		CVE-2025-1716 is a critical vulnerability in picklescan versions before 0.0.21 where the tool fails
610	CVE-2025-29972	4.21%	88.5th	9.9		This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Azure services that allows
611	CVE-2025-60188	4.19%	88.5th	7.5		This vulnerability in the Atarim Visual Collaboration WordPress plugin allows attackers to retrieve
612	CVE-2025-28256	4.17%	88.4th	9.8		This vulnerability allows remote attackers to execute arbitrary code on TOTOLINK A3100R routers by e
613	CVE-2025-6485	4.17%	88.4th	6.3		This critical vulnerability allows remote attackers to execute arbitrary operating system commands o
614	CVE-2024-14015	4.13%	88.4th	7.1		This vulnerability in the WordPress eCommerce Plugin allows attackers to inject malicious scripts vi
615	CVE-2025-21334	4.13%	88.4th	7.8	KEV	This vulnerability allows an authenticated attacker with local access to a Windows Hyper-V host to e
616	CVE-2025-61045	4.13%	88.4th	9.8		This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK X18 routers by
617	CVE-2025-22912	4.04%	88.2th	9.8		CVE-2025-22912 is a command injection vulnerability in RE11S v1.11 that allows attackers to execute
618	CVE-2025-22906	4.04%	88.2th	9.8		CVE-2025-22906 is a critical command injection vulnerability in RE11S v1.11 that allows attackers to
619	CVE-2024-12854	4.03%	88.2th	8.8		The Garden Gnome Package WordPress plugin allows authenticated attackers with Author-level access or
620	CVE-2025-69200	3.99%	88.1th	7.5		An unauthenticated remote attacker can trigger generation and download of configuration backup ZIP f
621	CVE-2024-13910	3.97%	88.1th	7.2		This vulnerability allows authenticated WordPress administrators to delete arbitrary files on the se
622	CVE-2025-31477	3.97%	88.1th	9.8		CVE-2025-31477 is a critical vulnerability in Tauri's shell plugin that allows remote code execution
623	CVE-2024-11270	3.97%	88.1th	8.8		This vulnerability in the WordPress WebinarPress plugin allows authenticated attackers with subscrib
624	CVE-2025-11580	3.96%	88.1th	5.3		PowerJob versions up to 5.1.2 have a missing authorization vulnerability in the /user/list endpoint
625	CVE-2025-24659	3.94%	88.1th	7.6		This SQL injection vulnerability in WordPress Download Manager Premium Packages allows attackers to
626	CVE-2023-33300	3.93%	88.1th	5.3		This command injection vulnerability in Fortinet FortiNAC allows attackers to execute arbitrary comm
627	CVE-2025-49212	3.93%	88.1th	9.8		This vulnerability allows unauthenticated remote attackers to execute arbitrary code on Trend Micro
628	CVE-2024-11816	3.91%	88th	8.8		This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to ex
629	CVE-2025-3816	3.88%	88th	4.7		This critical vulnerability in westboy CicadasCMS 2.0 allows remote attackers to execute arbitrary o
630	CVE-2025-45042	3.87%	88th	9.8		This vulnerability allows remote attackers to execute arbitrary commands on Tenda AC9 routers via th
631	CVE-2025-3515	3.87%	88th	8.1		This vulnerability allows unauthenticated attackers to upload malicious files like .phar extensions
632	CVE-2025-20055	3.84%	87.9th	9.8		This CVE describes an OS command injection vulnerability in Y'S corporation STEALTHONE D220/D340 net
633	CVE-2025-2251	3.84%	87.9th	6.2		This vulnerability allows remote code execution on WildFly and JBoss EAP servers through untrusted d
634	CVE-2025-61810	3.82%	87.9th	8.4		This vulnerability allows attackers to execute arbitrary code on ColdFusion servers by sending malic
635	CVE-2024-54767	3.8%	87.8th	7.5		An access control vulnerability in AVM FRITZ!Box 7530 AX routers allows unauthenticated attackers to
636	CVE-2024-54958	3.8%	87.8th	6.1		Nagios XI 2024R1.2.2 contains a stored XSS vulnerability in the Tools page that allows authenticated
637	CVE-2024-12853	3.78%	87.8th	8.8		The Modula Image Gallery WordPress plugin allows authenticated attackers with Author-level access or
638	CVE-2026-21513	3.77%	87.8th	8.8	KEV	This vulnerability in the MSHTML Framework allows attackers to bypass security protections remotely,
639	CVE-2024-58312	3.75%	87.8th	7.5		CVE-2024-58312 is an unauthenticated path traversal vulnerability in xbtitFM 4.1.18 that allows atta
640	CVE-2024-13365	3.74%	87.7th	9.8		The CleanTalk Security & Malware plugin for WordPress has a critical vulnerability allowing unauthen
641	CVE-2025-5502	3.74%	87.7th	6.3		This critical vulnerability in TOTOLINK X15 routers allows remote attackers to execute arbitrary com
642	CVE-2025-2096	3.72%	87.7th	6.3		This critical vulnerability in TOTOLINK EX1800T routers allows remote attackers to execute arbitrary
643	CVE-2024-10553	3.69%	87.7th	9.8		This vulnerability allows unauthenticated remote attackers to execute arbitrary code on H2O-3 machin
644	CVE-2025-0912	3.68%	87.6th	9.8		The Donations Widget WordPress plugin contains a PHP object injection vulnerability that allows unau
645	CVE-2025-43849	3.64%	87.6th	9.8		This vulnerability allows remote attackers to execute arbitrary code on systems running Retrieval-ba
646	CVE-2025-27782	3.64%	87.6th	9.8		Applio voice conversion tool versions 3.2.8-bugfix and prior contain an arbitrary file write vulnera
647	CVE-2025-10211	3.64%	87.6th	6.3		This is a Server-Side Request Forgery (SSRF) vulnerability in ChanCMS 3.3.0 that allows attackers to
648	CVE-2025-8324	3.63%	87.6th	9.8		CVE-2025-8324 is an unauthenticated SQL injection vulnerability in Zohocorp ManageEngine Analytics P
649	CVE-2025-59304	3.6%	87.5th	9.8		A directory traversal vulnerability in Swetrix Web Analytics API allows attackers to bypass path res
650	CVE-2025-2485	3.59%	87.5th	7.5		This vulnerability in the Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin all

← Previous Page 13 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free