Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
8001	CVE-2025-12387	0.14%	34th	N/A	A vulnerability in Pix-Link LV-WR21Q routers allows remote attackers to cause a denial of service (D
8002	CVE-2026-23978	0.14%	34th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
8003	CVE-2025-69046	0.14%	34th	8.1	This CVE describes a PHP Local File Inclusion vulnerability in the iRecco Core WordPress plugin. Att
8004	CVE-2025-57155	0.14%	34th	7.5	A NULL pointer dereference vulnerability in owntone-server's DAAP service allows remote attackers to
8005	CVE-2025-53596	0.14%	34th	4.9	A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with admi
8006	CVE-2025-53590	0.14%	34th	4.9	A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with admi
8007	CVE-2025-53589	0.14%	34th	4.9	A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with admi
8008	CVE-2025-53414	0.14%	34th	4.9	A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with admi
8009	CVE-2025-53405	0.14%	34th	4.9	A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with admi
8010	CVE-2025-52431	0.14%	34th	4.9	A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with admi
8011	CVE-2025-52430	0.14%	34th	4.9	A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with admi
8012	CVE-2025-52426	0.14%	34th	4.9	A NULL pointer dereference vulnerability in QNAP operating systems allows remote attackers with admi
8013	CVE-2024-13370	0.14%	33.9th	6.5	This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to up
8014	CVE-2024-55925	0.14%	33.9th	7.5	This vulnerability allows attackers to bypass API host restrictions in Xerox Workplace Suite by forg
8015	CVE-2024-13281	0.14%	33.9th	9.1	This CVE describes an incorrect authorization vulnerability in Drupal's Monster Menus module that al
8016	CVE-2024-13277	0.14%	33.9th	9.1	This vulnerability allows attackers to bypass authorization controls in Drupal Smart IP Ban module,
8017	CVE-2024-13134	0.14%	33.8th	6.3	This critical vulnerability in ZeroWdd studentmanager 1.0 allows remote attackers to upload arbitrar
8018	CVE-2025-0719	0.14%	33.8th	6.1	IBM Cloud Pak for Data versions 4.0.0 through 4.8.5 and 5.0.0 contain a cross-site scripting (XSS) v
8019	CVE-2024-13439	0.14%	33.9th	4.3	The Team – Team Members Showcase Plugin for WordPress has a missing capability check in its respon
8020	CVE-2025-26157	0.14%	33.9th	5.9	A SQL injection vulnerability in the Beauty Parlour Management System V1.1 allows remote attackers t
8021	CVE-2024-36556	0.14%	33.9th	9.1	This CVE describes a hardcoded password vulnerability in Forever KidsWatch smartwatches. Attackers c
8022	CVE-2025-3018	0.14%	33.9th	6.3	This critical SQL injection vulnerability in SourceCodester Online Eyewear Shop 1.0 allows attackers
8023	CVE-2024-12065	0.14%	33.9th	7.5	A local file inclusion vulnerability in haotian-liu/llava's Gradio web UI allows attackers to read a
8024	CVE-2024-55594	0.14%	33.9th	5.6	CVE-2024-55594 is an improper input validation vulnerability in Fortinet FortiWeb web application fi
8025	CVE-2023-42784	0.14%	33.9th	5.6	CVE-2023-42784 is an improper input validation vulnerability in Fortinet FortiWeb web application fi
8026	CVE-2025-0071	0.14%	33.8th	4.9	SAP Web Dispatcher and Internet Communication Manager allow administrators to enable debugging trace
8027	CVE-2025-2113	0.14%	33.7th	7.3	This critical SQL injection vulnerability in AT Software Solutions ATSVD allows attackers to execute
8028	CVE-2025-1903	0.14%	33.8th	7.3	CVE-2025-1903 is a critical SQL injection vulnerability in Codezips Online Shopping Website 1.0 that
8029	CVE-2025-22235	0.14%	33.9th	7.3	This Spring Security vulnerability allows unauthorized access to /null endpoints when EndpointReques
8030	CVE-2025-39436	0.14%	33.9th	9.1	This vulnerability allows attackers to upload malicious files to WordPress sites using the I Draw pl
8031	CVE-2025-3211	0.14%	33.9th	6.3	A critical SQL injection vulnerability in code-projects Patient Record Management System 1.0 allows
8032	CVE-2025-3207	0.14%	33.9th	6.3	This critical SQL injection vulnerability in Patient Record Management System 1.0 allows remote atta
8033	CVE-2025-39356	0.14%	33.8th	9.8	This vulnerability allows attackers to inject malicious objects through deserialization of untrusted
8034	CVE-2025-39354	0.14%	33.8th	9.8	This vulnerability allows attackers to inject malicious objects through deserialization of untrusted
8035	CVE-2025-39349	0.14%	33.8th	9.8	CVE-2025-39349 is a PHP object injection vulnerability in the CiyaShop WordPress theme that allows a
8036	CVE-2025-32928	0.14%	33.8th	9.8	This vulnerability in the ThemeGoods Altair WordPress theme allows attackers to inject malicious obj
8037	CVE-2025-47581	0.14%	33.8th	9.8	This vulnerability allows attackers to execute arbitrary code on WordPress sites by exploiting insec
8038	CVE-2025-39410	0.14%	33.8th	9.8	This vulnerability allows remote attackers to execute arbitrary PHP code through deserialization of
8039	CVE-2025-32821	0.14%	33.8th	7.2	A command injection vulnerability in SMA100 SSL-VPN appliances allows authenticated administrators t
8040	CVE-2025-5015	0.14%	33.9th	8.8	An unauthenticated cross-site scripting vulnerability in AccuWeather and Custom RSS widgets allows a
8041	CVE-2025-30515	0.14%	33.8th	9.8	CVE-2025-30515 is a path traversal vulnerability in CyberData 011209 Intercom systems that allows au
8042	CVE-2025-7918	0.14%	33.9th	9.8	CVE-2025-7918 is a critical SQL injection vulnerability in WinMatrix3 Web package that allows unauth
8043	CVE-2025-52688	0.14%	33.8th	9.8	This vulnerability allows remote attackers to execute arbitrary commands with root privileges on aff
8044	CVE-2025-54878	0.14%	33.8th	8.6	A heap buffer overflow vulnerability in NASA CryptoLib versions 1.4.0 and prior allows attackers to
8045	CVE-2025-11117	0.14%	33.8th	8.8	A buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1 allows remote attacker
8046	CVE-2025-10756	0.14%	33.8th	8.8	A buffer overflow vulnerability in UTT HiPER 840G routers allows remote attackers to execute arbitra
8047	CVE-2025-56706	0.14%	33.9th	8.0	The Edimax BR-6473AX router firmware version 1.0.28 contains a remote code execution vulnerability i
8048	CVE-2025-11372	0.14%	33.8th	6.5	This vulnerability in the LearnPress WordPress LMS plugin allows unauthenticated attackers to perfor
8049	CVE-2025-10313	0.14%	33.9th	7.2	This vulnerability in the Find And Replace content WordPress plugin allows unauthenticated attackers
8050	CVE-2025-11652	0.14%	33.8th	8.8	A buffer overflow vulnerability in UTT 进取 518G routers allows remote attackers to execute arbitr

← Previous Page 161 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free