Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
751	CVE-2026-24770	0.62%	69.6th	9.8		CVE-2026-24770 is a critical Zip Slip vulnerability in RAGFlow's MinerU parser that allows attackers
752	CVE-2025-21524	0.62%	69.4th	9.8		This critical vulnerability in Oracle JD Edwards EnterpriseOne Tools allows unauthenticated attacker
753	CVE-2025-59245	0.62%	69.4th	9.8		This critical vulnerability in Microsoft SharePoint Online allows authenticated attackers to elevate
754	CVE-2025-30433	0.61%	69.4th	9.8		This vulnerability allows malicious shortcuts in Apple's Shortcuts app to bypass file access restric
755	CVE-2025-32911	0.61%	69.3th	9.0		A use-after-free vulnerability in libsoup's soup_message_headers_get_content_disposition() function
756	CVE-2025-49003	0.61%	69.3th	9.8		This vulnerability allows remote code execution in DataEase by exploiting Java's character conversio
757	CVE-2024-24780	0.61%	69.3th	9.8		This vulnerability allows attackers with UDF creation privileges in Apache IoTDB to execute arbitrar
758	CVE-2025-66022	0.61%	69.2th	9.6		CVE-2025-66022 is a critical vulnerability in FACTION PenTesting Report Generation Framework that al
759	CVE-2025-55637	0.61%	69.2th	9.8		This CVE describes a command injection vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbe
760	CVE-2025-46616	0.61%	69.2th	9.9		Quantum StorNext Web GUI API before version 7.2.4 contains a vulnerability that allows attackers to
761	CVE-2025-24434	0.61%	69.1th	9.1		CVE-2025-24434 is an incorrect authorization vulnerability in Adobe Commerce that allows attackers t
762	CVE-2025-55232	0.61%	69.1th	9.8		CVE-2025-55232 is a critical deserialization vulnerability in Microsoft High Performance Compute Pac
763	CVE-2025-32105	0.6%	69.1th	9.8		A buffer overflow vulnerability in Sangoma IMG2020 HTTP server allows unauthenticated attackers to e
764	CVE-2025-66576	0.6%	69th	9.8		CVE-2025-66576 is a critical remote code execution vulnerability in Remote Keyboard Desktop 1.0.1 th
765	CVE-2024-57450	0.6%	68.9th	9.8		ChestnutCMS versions up to 1.5.0 contain a file upload vulnerability in the Create template function
766	CVE-2025-47777	0.6%	68.9th	9.6		This vulnerability allows stored cross-site scripting (XSS) in 5ire's chatbot responses due to insuf
767	CVE-2025-58428	0.6%	68.9th	9.9		This critical vulnerability in TLS4B ATG systems allows authenticated remote attackers to execute ar
768	CVE-2025-61492	0.6%	68.9th	10.0		A command injection vulnerability in terminal-controller-mcp 0.1.7 allows attackers to execute arbit
769	CVE-2025-23115	0.6%	68.8th	9.0		A Use After Free vulnerability in UniFi Protect Cameras allows remote attackers to execute arbitrary
770	CVE-2025-47787	0.59%	68.8th	9.8		Emlog Pro versions before 2.5.10 contain a critical file upload vulnerability in the store.php compo
771	CVE-2024-14010	0.59%	68.7th	9.8		Typora 1.7.4 contains a command injection vulnerability in PDF export preferences that allows attack
772	CVE-2025-63225	0.59%	68.7th	9.8		The Eurolab ELTS100_UBX device with firmware ELTS100v1.UBX has critical administrative endpoints tha
773	CVE-2025-29287	0.59%	68.6th	9.8		An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to u
774	CVE-2025-22133	0.59%	68.6th	9.9		CVE-2025-22133 is a critical file upload vulnerability in WeGIA web management software that allows
775	CVE-2025-50722	0.59%	68.6th	9.8		This CVE describes an insecure permissions vulnerability in sparkshop v1.1.7 that allows remote atta
776	CVE-2025-23220	0.58%	68.4th	9.8		CVE-2025-23220 is a critical SQL injection vulnerability in WeGIA's adicionar_raca.php endpoint that
777	CVE-2025-23218	0.58%	68.4th	9.8		CVE-2025-23218 is a critical SQL injection vulnerability in WeGIA's adicionar_especie.php endpoint t
778	CVE-2025-3278	0.58%	68.4th	9.8		The UrbanGo Membership WordPress plugin allows unauthenticated attackers to register accounts with a
779	CVE-2025-32461	0.58%	68.5th	9.9		CVE-2025-32461 is a critical remote code execution vulnerability in Tiki Wiki CMS where the wikiplug
780	CVE-2025-5392	0.58%	68.4th	9.8		The GB Forms DB WordPress plugin has a critical remote code execution vulnerability that allows unau
781	CVE-2025-13184	0.58%	68.5th	9.8		This critical vulnerability allows unauthenticated attackers to enable Telnet service and gain root
782	CVE-2025-9523	0.58%	68.4th	9.8		This vulnerability in Tenda AC1206 routers allows remote attackers to execute arbitrary code via a s
783	CVE-2024-57602	0.58%	68.4th	9.8		A privilege escalation vulnerability in EasyAppointments v1.5.0 allows remote attackers to gain elev
784	CVE-2024-12992	0.58%	68.4th	9.8		This critical vulnerability in Pandora FMS allows attackers to execute arbitrary operating system co
785	CVE-2025-20337	0.58%	68.3th	10.0	KEV	An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC allows attackers to
786	CVE-2025-59361	0.58%	68.4th	9.8		CVE-2025-59361 is an OS command injection vulnerability in Chaos Mesh's cleanIptables mutation that
787	CVE-2025-4978	0.58%	68.3th	9.8		This vulnerability allows remote attackers to bypass authentication on Netgear DGND3700 routers via
788	CVE-2025-6222	0.58%	68.3th	9.8		This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites usi
789	CVE-2025-52480	0.58%	68.3th	9.8		CVE-2025-52480 is an argument injection vulnerability in Registrator.jl's gettreesha() function that
790	CVE-2023-47030	0.58%	68.3th	9.8		CVE-2023-47030 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that
791	CVE-2023-47032	0.58%	68.3th	9.8		CVE-2023-47032 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that
792	CVE-2025-64055	0.58%	68.3th	9.8		CVE-2025-64055 is an authentication bypass vulnerability in Fanvil x210 V2 IP phones that allows una
793	CVE-2025-43561	0.57%	68.2th	9.1		This CVE describes an incorrect authorization vulnerability in Adobe ColdFusion that allows high-pri
794	CVE-2025-20646	0.57%	68.1th	9.8		This critical vulnerability in MediaTek WLAN AP firmware allows remote attackers to execute arbitrar
795	CVE-2024-54802	0.57%	68.1th	9.8		This vulnerability allows remote attackers to execute arbitrary code on Netgear WNR854T routers via
796	CVE-2025-13390	0.57%	68.1th	10.0		The WP Directory Kit WordPress plugin has an authentication bypass vulnerability that allows unauthe
797	CVE-2025-1100	0.57%	68.1th	9.8		CVE-2025-1100 is a critical vulnerability in Q-Free MaxTime traffic management software where a hard
798	CVE-2025-1909	0.57%	68th	9.8		The BuddyBoss Platform Pro WordPress plugin has an authentication bypass vulnerability that allows u
799	CVE-2025-24259	0.57%	67.9th	9.8		This vulnerability allows malicious applications to access Safari bookmarks without proper authoriza
800	CVE-2025-24241	0.57%	67.9th	9.8		This macOS vulnerability allows malicious applications to trick users into copying sensitive data to

← Previous Page 16 of 70 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free