Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 7601 | CVE-2024-6583 |
|
34.9th | 4.3 | A path traversal vulnerability in stangirard/quivr allows attackers to upload files to arbitrary S3 | |
| 7602 | CVE-2025-30236 |
|
35th | 8.6 | This vulnerability in Shearwater SecurEnvoy SecurAccess Enrol allows attackers to bypass password au | |
| 7603 | CVE-2023-40723 |
|
34.9th | 8.1 | This vulnerability in Fortinet FortiSIEM allows attackers to execute unauthorized code or commands v | |
| 7604 | CVE-2025-21092 |
|
34.8th | 6.5 | GMOD Apollo lacks proper access controls when updating user information, allowing attackers to escal | |
| 7605 | CVE-2025-43857 |
|
35th | 6.5 | This vulnerability in Ruby's Net::IMAP library allows a malicious or compromised IMAP server to caus | |
| 7606 | CVE-2025-5016 |
|
34.9th | 4.7 | The Relevanssi WordPress plugin has a stored XSS vulnerability in excerpt highlighting functionality | |
| 7607 | CVE-2025-45841 |
|
35th | 9.8 | This vulnerability allows authenticated attackers to execute arbitrary code on TOTOLINK NR1800X rout | |
| 7608 | CVE-2025-41431 |
|
34.8th | 7.5 | This vulnerability allows undisclosed requests to cause the Traffic Management Microkernel (TMM) to | |
| 7609 | CVE-2025-41399 |
|
34.8th | 7.5 | This vulnerability allows attackers to cause memory exhaustion on F5 BIG-IP systems by sending speci | |
| 7610 | CVE-2025-36504 |
|
34.8th | 7.5 | This vulnerability affects F5 BIG-IP systems with HTTP/2 httprouter profiles configured on virtual s | |
| 7611 | CVE-2025-46726 |
|
35th | 9.1 | Langroid applications using the XMLToolMessage class with untrusted XML input are vulnerable to XML | |
| 7612 | CVE-2025-4143 |
|
34.9th | 6.1 | This CVE describes an OAuth redirect URI validation vulnerability in the workers-oauth-provider libr | |
| 7613 | CVE-2025-6328 |
|
34.9th | 8.8 | A critical stack-based buffer overflow vulnerability in D-Link DIR-815 router firmware allows remote | |
| 7614 | CVE-2025-3774 |
|
35th | 7.2 | The Wise Chat WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers | |
| 7615 | CVE-2025-2939 |
|
34.9th | 5.6 | The Ninja Tables WordPress plugin is vulnerable to PHP object injection via deserialization of untru | |
| 7616 | CVE-2025-46117 |
|
34.9th | 9.1 | This vulnerability allows authenticated attackers to execute arbitrary commands as root on Ruckus wi | |
| 7617 | CVE-2025-50979 |
|
35th | 8.6 | NodeBB v4.3.0 contains a SQL injection vulnerability in the search-categories API endpoint that allo | |
| 7618 | CVE-2025-20244 |
|
34.8th | 7.7 | This vulnerability allows authenticated VPN users to send specially crafted HTTP requests to Cisco A | |
| 7619 | CVE-2025-11122 |
|
34.8th | 8.8 | A stack-based buffer overflow vulnerability in Tenda AC18 routers allows remote attackers to execute | |
| 7620 | CVE-2025-10838 |
|
34.8th | 8.8 | A buffer overflow vulnerability in Tenda AC21 routers allows remote attackers to execute arbitrary c | |
| 7621 | CVE-2025-10324 |
|
34.9th | 7.3 | This CVE describes a command injection vulnerability in Wavlink WL-WN578W2 routers that allows remot | |
| 7622 | CVE-2025-59281 |
|
34.9th | 7.8 | This CVE describes a local privilege escalation vulnerability in XBox Gaming Services where an autho | |
| 7623 | CVE-2025-58715 |
|
34.9th | 8.8 | An integer overflow vulnerability in Microsoft Windows Speech components allows authenticated attack | |
| 7624 | CVE-2025-11586 |
|
34.8th | 8.8 | This vulnerability in Tenda AC7 routers allows remote attackers to execute arbitrary code via a stac | |
| 7625 | CVE-2025-11526 |
|
34.8th | 8.8 | This vulnerability in Tenda AC7 routers allows remote attackers to execute arbitrary code via a stac | |
| 7626 | CVE-2025-11385 |
|
34.8th | 8.8 | A buffer overflow vulnerability in Tenda AC20 routers allows remote attackers to execute arbitrary c | |
| 7627 | CVE-2025-59369 |
|
34.9th | N/A | A SQL injection vulnerability in bwdpi allows authenticated remote attackers to execute arbitrary SQ | |
| 7628 | CVE-2025-65502 |
|
34.9th | 4.3 | A null pointer dereference vulnerability in Cesanta Mongoose's add_ca_certs() function allows remote | |
| 7629 | CVE-2025-27456 |
|
34.9th | 7.5 | This vulnerability allows attackers to perform brute-force attacks against SMB server login mechanis | |
| 7630 | CVE-2025-27449 |
|
34.9th | 7.5 | The MEAC300-FNADE4 device lacks rate limiting for authentication attempts, allowing attackers to sys | |
| 7631 | CVE-2025-1710 |
|
34.9th | 7.5 | CVE-2025-1710 is an authentication brute-force vulnerability in maxView Storage Manager that allows | |
| 7632 | CVE-2025-66169 |
|
34.8th | 5.3 | This CVE describes a Cypher Injection vulnerability in Apache Camel's camel-neo4j component, allowin | |
| 7633 | CVE-2026-20811 |
|
34.9th | 7.8 | This vulnerability is a type confusion flaw in Windows Win32K - ICOMP that allows an authenticated a | |
| 7634 | CVE-2024-55226 |
|
34.7th | 5.4 | Vaultwarden v1.32.5 contains an authenticated reflected cross-site scripting (XSS) vulnerability in | |
| 7635 | CVE-2024-13241 |
|
34.7th | 9.1 | This CVE describes an Improper Authorization vulnerability in Drupal Open Social that allows attacke | |
| 7636 | CVE-2024-37417 |
|
34.7th | 4.3 | This CSRF vulnerability in the Coachify WordPress theme allows attackers to trick authenticated admi | |
| 7637 | CVE-2025-27110 |
|
34.8th | 7.5 | Libmodsecurity3 version 3.0.13 fails to decode HTML entities containing leading zeroes, potentially | |
| 7638 | CVE-2024-36259 |
|
34.7th | 7.5 | This vulnerability allows authenticated remote attackers to extract sensitive information from Odoo' | |
| 7639 | CVE-2024-11346 |
|
34.8th | 7.3 | A type confusion vulnerability in Lexmark printer PostScript interpreters allows attackers to inject | |
| 7640 | CVE-2025-0332 |
|
34.8th | 7.8 | This vulnerability in Progress Telerik UI for WinForms allows attackers to perform path traversal at | |
| 7641 | CVE-2025-26366 |
|
34.8th | 7.5 | An unauthenticated remote attacker can disable front panel authentication in Q-Free MaxTime systems | |
| 7642 | CVE-2025-26365 |
|
34.8th | 7.5 | This vulnerability allows unauthenticated remote attackers to enable front panel authentication on Q | |
| 7643 | CVE-2025-26364 |
|
34.8th | 7.5 | An unauthenticated remote attacker can disable authentication profile servers in Q-Free MaxTime traf | |
| 7644 | CVE-2025-26363 |
|
34.8th | 7.5 | This vulnerability allows unauthenticated remote attackers to enable authentication profile servers | |
| 7645 | CVE-2024-8685 |
|
34.8th | 4.3 | This path traversal vulnerability in Revolution Pi allows authenticated attackers to list directorie | |
| 7646 | CVE-2024-54564 |
|
34.7th | 6.5 | This vulnerability allows files received via AirDrop to bypass macOS/iOS quarantine flagging, which | |
| 7647 | CVE-2024-57440 |
|
34.8th | 7.5 | This vulnerability allows remote attackers to execute arbitrary code on affected D-Link DSL-3788 rou | |
| 7648 | CVE-2024-12886 |
|
34.8th | 7.5 | This vulnerability allows attackers to crash the Ollama server by sending malicious gzip bomb HTTP r | |
| 7649 | CVE-2025-2205 |
|
34.8th | 4.4 | This stored XSS vulnerability in the GDPR Cookie Compliance WordPress plugin allows authenticated ad | |
| 7650 | CVE-2025-27925 |
|
34.8th | 8.5 | CVE-2025-27925 is an insecure deserialization vulnerability in Nintex Automation that allows attacke |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free