Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
601	CVE-2025-31215	0.38%	58.7th	6.5	This vulnerability allows malicious web content to cause unexpected process crashes in Apple's Safar
602	CVE-2025-8978	0.38%	58.7th	6.6	This vulnerability in D-Link DIR-619L routers allows attackers to upload malicious firmware due to i
603	CVE-2024-54761	0.38%	58.7th	6.3	BigAnt Office Messenger 5.6.06 contains a SQL injection vulnerability in the 'dev_code' parameter th
604	CVE-2025-2742	0.38%	58.7th	5.4	This critical vulnerability in ruoyi-vue-pro 2.4.1 allows remote attackers to perform path traversal
605	CVE-2024-13539	0.38%	58.6th	5.3	The AForms Eats WordPress plugin discloses full server path information through a publicly accessibl
606	CVE-2023-42961	0.38%	58.6th	6.3	This vulnerability allows a sandboxed process to bypass sandbox restrictions through a path handling
607	CVE-2025-11018	0.37%	58.5th	5.3	This CVE describes a path traversal vulnerability in Four-Faith Water Conservancy Informatization Pl
608	CVE-2025-10709	0.37%	58.5th	5.3	This CVE describes a path traversal vulnerability in Four-Faith Water Conservancy Informatization Pl
609	CVE-2025-10708	0.37%	58.5th	5.3	This CVE describes a path traversal vulnerability in Four-Faith Water Conservancy Informatization Pl
610	CVE-2024-50859	0.37%	58.5th	4.8	This vulnerability allows attackers to execute malicious JavaScript in victims' browsers when they u
611	CVE-2024-13537	0.37%	58.5th	5.3	The C9 Blocks WordPress plugin contains a publicly accessible file (composer-setup.php) that disclos
612	CVE-2025-4135	0.37%	58.5th	6.3	This CVE describes a critical command injection vulnerability in Netgear WG302v2 wireless access poi
613	CVE-2025-59259	0.37%	58.4th	6.5	This vulnerability in Windows Local Session Manager allows authenticated attackers to cause denial o
614	CVE-2025-59257	0.37%	58.4th	6.5	This vulnerability in Windows Local Session Manager allows authenticated attackers to send specially
615	CVE-2023-45760	0.37%	58.4th	4.3	This CVE describes a Missing Authorization vulnerability in the wpDiscuz WordPress plugin that allow
616	CVE-2025-3874	0.37%	58.3th	6.5	The WordPress Simple Shopping Cart plugin has an Insecure Direct Object Reference vulnerability that
617	CVE-2025-10442	0.37%	58.3th	6.3	This vulnerability allows remote attackers to execute arbitrary operating system commands on Tenda A
618	CVE-2025-4076	0.37%	58.2th	6.3	This critical vulnerability in LB-LINK BL-AC3600 routers allows remote attackers to execute arbitrar
619	CVE-2025-2357	0.37%	58.1th	6.3	A critical memory corruption vulnerability in DCMTK's JPEG-LS decoder allows remote attackers to pot
620	CVE-2025-8878	0.37%	58.1th	6.5	This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes throug
621	CVE-2025-68509	0.37%	58.1th	6.1	This CVE describes an open redirect vulnerability in the WordPress User Submitted Posts plugin that
622	CVE-2025-5147	0.37%	58th	6.3	This critical vulnerability in Netcore routers allows remote attackers to execute arbitrary commands
623	CVE-2025-14093	0.37%	58th	4.7	This CVE describes an OS command injection vulnerability in Edimax BR-6478AC V3 routers. Attackers c
624	CVE-2023-51320	0.36%	57.9th	5.3	PHPJabbers Night Club Booking Software v1.0 has a CSV injection vulnerability in the Languages secti
625	CVE-2023-33302	0.36%	57.9th	4.7	This vulnerability allows authenticated attackers with regular webmail access to trigger a buffer ov
626	CVE-2024-57151	0.36%	57.9th	6.8	This SQL injection vulnerability in rainrocka xinhu allows remote attackers to execute arbitrary SQL
627	CVE-2025-20762	0.36%	57.9th	6.5	This vulnerability in MediaTek modems allows remote denial of service through system crashes when de
628	CVE-2025-20761	0.36%	57.9th	6.5	This vulnerability in MediaTek modems allows remote denial of service attacks when a user equipment
629	CVE-2025-20760	0.36%	57.9th	6.5	This vulnerability in MediaTek modems allows reading uninitialized heap data when a device connects
630	CVE-2025-32196	0.36%	57.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the News Kit Elementor Addons WordPress plug
631	CVE-2025-32169	0.36%	57.8th	6.5	This DOM-based Cross-Site Scripting (XSS) vulnerability in the Showeblogin Social WordPress plugin a
632	CVE-2025-26357	0.36%	57.7th	4.9	This vulnerability allows authenticated remote attackers to read sensitive files on Q-Free MaxTime s
633	CVE-2024-53942	0.36%	57.8th	4.8	This vulnerability allows remote attackers to execute arbitrary operating system commands with root
634	CVE-2024-56370	0.36%	57.7th	6.5	Net::Xero 0.044 and earlier for Perl uses non-cryptographically secure random number generation via
635	CVE-2025-21213	0.36%	57.6th	4.6	This Secure Boot vulnerability allows attackers with physical access or administrative privileges to
636	CVE-2025-0373	0.36%	57.6th	6.0	A stack buffer overflow vulnerability in FreeBSD's cd9660, tarfs, and ext2fs filesystems allows atta
637	CVE-2025-13435	0.36%	57.5th	5.6	CVE-2025-13435 is a path traversal vulnerability in Dreampie Resty's HttpClient module that allows a
638	CVE-2025-48744	0.36%	57.5th	6.4	This vulnerability in SIGB PMB allows attackers to perform Local File Inclusion (LFI) and achieve re
639	CVE-2025-55139	0.36%	57.5th	6.8	This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in multiple Ivanti security pr
640	CVE-2025-21219	0.36%	57.5th	4.3	This vulnerability allows attackers to bypass security zone restrictions in Windows when processing
641	CVE-2025-1339	0.36%	57.5th	6.3	This critical vulnerability in TOTOLINK X18 routers allows remote attackers to execute arbitrary ope
642	CVE-2025-1178	0.36%	57.5th	5.6	A memory corruption vulnerability exists in GNU Binutils' bfd_putl64 function within the ld componen
643	CVE-2025-53082	0.36%	57.4th	6.1	CVE-2025-53082 is an arbitrary file deletion vulnerability in Samsung DMS that allows attackers to d
644	CVE-2025-20793	0.35%	57.2th	6.5	This vulnerability in MediaTek modems allows remote denial of service through system crashes when de
645	CVE-2025-0617	0.35%	57.1th	5.9	This XML entity expansion vulnerability in HX 10.0.0 and earlier allows attackers to cause denial of
646	CVE-2025-3057	0.35%	57.1th	6.1	This Cross-Site Scripting (XSS) vulnerability in Drupal core allows attackers to inject malicious sc
647	CVE-2025-20349	0.35%	57th	6.3	This vulnerability allows authenticated attackers with at least Observer role credentials to execute
648	CVE-2026-2135	0.35%	57th	6.3	This vulnerability allows remote attackers to execute arbitrary commands on UTT HiPER 810 routers by
649	CVE-2021-47921	0.35%	57th	6.5	Free Photo & Video Vault 0.0.2 contains a directory traversal vulnerability that allows remote attac
650	CVE-2025-50688	0.35%	56.9th	6.5	This CVE describes a command injection vulnerability in TwistedWeb 14.0.0 that allows remote attacke

← Previous Page 13 of 331 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free