Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
801	CVE-2024-47605	2.29%	84.4th	5.4		This is a cross-site scripting (XSS) vulnerability in SilverStripe's asset-admin module. When users
802	CVE-2024-57011	2.29%	84.4th	8.8		This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLIN
803	CVE-2025-2610	2.29%	84.4th	7.6		An authenticated stored cross-site scripting (XSS) vulnerability in MagnusBilling's Alarm Module all
804	CVE-2025-66472	2.29%	84.4th	6.1		This CVE describes a reflected cross-site scripting (XSS) vulnerability in XWiki Platform that allow
805	CVE-2024-24451	2.28%	84.4th	7.5		A stack overflow vulnerability in OpenAirInterface's 5G AMF component allows attackers to cause deni
806	CVE-2026-1547	2.28%	84.4th	6.3		This CVE describes a remote command injection vulnerability in Totolink A7000R routers. Attackers ca
807	CVE-2024-13098	2.28%	84.3th	5.4		This vulnerability allows attackers to inject malicious scripts into WordPress admin pages via unsan
808	CVE-2025-0314	2.27%	84.3th	8.7		This vulnerability allows attackers to inject malicious scripts through improperly rendered file typ
809	CVE-2025-20188	2.27%	84.3th	10.0		This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a
810	CVE-2025-1724	2.27%	84.3th	7.4		This vulnerability allows attackers to take over AD-only accounts in Zoho Analytics products due to
811	CVE-2025-6621	2.26%	84.3th	6.3		This critical vulnerability in TOTOLINK CA300-PoE routers allows remote attackers to execute arbitra
812	CVE-2025-6619	2.26%	84.3th	6.3		This critical vulnerability in TOTOLINK CA300-PoE routers allows remote attackers to execute arbitra
813	CVE-2024-13410	2.26%	84.3th	9.8		This CVE describes a PHP Object Injection vulnerability in CozyStay and TinySalt WordPress plugins.
814	CVE-2025-3065	2.26%	84.3th	9.1		The Database Toolset WordPress plugin contains an arbitrary file deletion vulnerability that allows
815	CVE-2024-9458	2.25%	84.3th	4.8		The Reservit Hotel WordPress plugin before version 3.0 contains a stored cross-site scripting (XSS)
816	CVE-2025-67643	2.25%	84.3th	4.3		The Jenkins Redpen - Pipeline Reporter for Jira Plugin vulnerability allows attackers with Item/Conf
817	CVE-2025-3693	2.25%	84.2th	8.8		This critical vulnerability in Tenda W12 routers allows remote attackers to execute arbitrary code v
818	CVE-2025-29868	2.24%	84.2th	6.5		This vulnerability in Apache Answer allows external image providers to obtain the IP addresses of us
819	CVE-2024-13645	2.23%	84.2th	9.8		The tagDiv Composer WordPress plugin has a PHP object instantiation vulnerability that allows unauth
820	CVE-2024-13170	2.22%	84.2th	7.5		This vulnerability allows remote unauthenticated attackers to cause denial of service through an out
821	CVE-2024-13168	2.22%	84.2th	7.5		An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) allows remote unauthenticated
822	CVE-2024-13167	2.22%	84.2th	7.5		An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) allows remote unauthenticated
823	CVE-2024-13166	2.22%	84.2th	7.5		An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) allows remote unauthenticated
824	CVE-2024-13165	2.22%	84.2th	7.5		An out-of-bounds write vulnerability in Ivanti Endpoint Manager (EPM) allows remote unauthenticated
825	CVE-2026-20931	2.22%	84.1th	8.0		This vulnerability in Windows Telephony Service allows an authorized attacker on the same network to
826	CVE-2025-24354	2.22%	84.1th	5.3		Imgproxy fails to block the 0.0.0.0 address even when loopback source addresses are restricted, allo
827	CVE-2025-53144	2.22%	84.1th	8.8		A type confusion vulnerability in Windows Message Queuing allows authenticated attackers to execute
828	CVE-2025-50286	2.21%	84.1th	8.1		This vulnerability allows authenticated admin users in Grav CMS to upload malicious plugins through
829	CVE-2024-12600	2.21%	84.1th	7.2		This vulnerability allows authenticated attackers with Shop Manager or higher privileges to perform
830	CVE-2024-57228	2.19%	84.1th	8.0		This CVE describes a command injection vulnerability in Linksys E7350 routers where an attacker can
831	CVE-2024-57211	2.19%	84.1th	8.0		This CVE describes a command injection vulnerability in TOTOLINK A6000R routers that allows attacker
832	CVE-2025-4078	2.19%	84th	4.3		This vulnerability in Wangshen SecGate 3600 2400 allows attackers to perform path traversal attacks
833	CVE-2023-28760	2.18%	84th	7.5		This vulnerability allows unauthenticated attackers on the local network to execute arbitrary code a
834	CVE-2024-13770	2.18%	84th	8.1		This CVE describes a PHP object injection vulnerability in the Puzzles WordPress theme that allows u
835	CVE-2024-13777	2.18%	84th	8.1		This vulnerability allows unauthenticated attackers to inject PHP objects via deserialization of unt
836	CVE-2025-9501	2.18%	84th	9.0		The W3 Total Cache WordPress plugin before version 2.8.13 contains a command injection vulnerability
837	CVE-2025-21391	2.18%	84th	7.1	KEV	This Windows Storage Elevation of Privilege vulnerability allows authenticated attackers to gain SYS
838	CVE-2024-9053	2.18%	84th	9.8		CVE-2024-9053 is a critical remote code execution vulnerability in vLLM's AsyncEngineRPCServer where
839	CVE-2025-26356	2.17%	84th	7.2		This path traversal vulnerability in Q-Free MaxTime allows authenticated remote attackers to overwri
840	CVE-2025-26354	2.17%	84th	7.2		This path traversal vulnerability in Q-Free MaxTime allows authenticated remote attackers to overwri
841	CVE-2024-13628	2.17%	84th	6.1		The WP Pricing Table WordPress plugin through version 1.1 contains a reflected cross-site scripting
842	CVE-2025-1702	2.17%	84th	7.5		This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks thro
843	CVE-2022-50791	2.17%	84th	7.8		This vulnerability allows unauthenticated attackers to execute arbitrary commands on SOUND4 IMPACT/F
844	CVE-2026-2167	2.16%	84th	6.3		This CVE describes a remote command injection vulnerability in Totolink WA300 routers. Attackers can
845	CVE-2026-1326	2.16%	84th	6.3		This CVE describes a command injection vulnerability in Totolink NR1800X routers that allows remote
846	CVE-2025-51390	2.16%	83.9th	9.8		This CVE describes a command injection vulnerability in TOTOLINK N600R routers that allows attackers
847	CVE-2025-24364	2.16%	83.9th	7.2		Authenticated attackers with admin panel access to vaultwarden can execute arbitrary system commands
848	CVE-2025-2784	2.15%	83.9th	7.0		CVE-2025-2784 is a heap buffer over-read vulnerability in libsoup's skip_insight_whitespace() functi
849	CVE-2024-12433	2.14%	83.9th	9.8		This CVE allows remote attackers to execute arbitrary code on systems running vulnerable versions of
850	CVE-2026-1192	2.14%	83.9th	7.3		This CVE describes a command injection vulnerability in Tosei Online Store Management System 1.01. A

← Previous Page 17 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free