Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
801	CVE-2025-20229	0.75%	72.7th	8.0	This vulnerability allows low-privileged Splunk users without admin or power roles to execute arbitr
802	CVE-2024-7806	0.75%	72.6th	8.8	This vulnerability allows non-admin users to execute arbitrary code remotely via CSRF attacks in ope
803	CVE-2021-47850	0.75%	72.6th	7.5	Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbi
804	CVE-2024-13714	0.74%	72.6th	8.8	This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to up
805	CVE-2025-36574	0.74%	72.4th	8.2	Dell Wyse Management Suite versions before 5.2 contain an absolute path traversal vulnerability that
806	CVE-2025-67171	0.74%	72.5th	7.5	This directory traversal vulnerability in RiteCMS v3.1.0 allows attackers to bypass access controls
807	CVE-2025-67160	0.74%	72.5th	7.5	This directory traversal vulnerability in Vatilon v1.12.37-20240124 allows attackers to access sensi
808	CVE-2025-21368	0.74%	72.4th	8.8	This vulnerability allows remote code execution through Microsoft Digest Authentication, enabling at
809	CVE-2024-45199	0.74%	72.4th	8.8	This vulnerability allows attackers to execute arbitrary code remotely by injecting malicious parame
810	CVE-2024-45198	0.74%	72.4th	8.8	This CVE describes a remote code execution vulnerability in insightsoftware Spark JDBC where attacke
811	CVE-2025-67255	0.74%	72.4th	8.8	NagiosXI 2026R1.0.1 build 1762361101 contains a SQL injection vulnerability in dashboard parameters
812	CVE-2025-27730	0.74%	72.4th	7.8	CVE-2025-27730 is a use-after-free vulnerability in Windows Digital Media components that allows aut
813	CVE-2025-27467	0.74%	72.4th	7.8	This vulnerability allows an authorized attacker to exploit a use-after-free flaw in Windows Digital
814	CVE-2025-26675	0.74%	72.4th	7.8	This vulnerability allows an authorized attacker with local access to exploit an out-of-bounds read
815	CVE-2025-49582	0.73%	72.3th	8.0	XWiki's required rights analyzers for dangerous macros are incomplete, allowing attackers to hide ma
816	CVE-2025-27481	0.73%	72.3th	8.8	A stack-based buffer overflow vulnerability in Windows Telephony Service allows remote attackers to
817	CVE-2025-21221	0.73%	72.3th	8.8	A heap-based buffer overflow vulnerability in Windows Telephony Service allows remote attackers to e
818	CVE-2025-1936	0.73%	72.2th	7.3	This vulnerability in Firefox and Thunderbird allows attackers to hide malicious code in web extensi
819	CVE-2025-9526	0.73%	72.2th	8.8	A remote stack-based buffer overflow vulnerability exists in the Linksys E1700 router's web interfac
820	CVE-2024-11425	0.73%	72.2th	7.5	An unauthenticated attacker can send a specially crafted HTTPS packet to the webserver, causing a bu
821	CVE-2025-6085	0.73%	72.2th	7.2	The Make Connector WordPress plugin allows authenticated attackers with Administrator privileges to
822	CVE-2025-1012	0.73%	72.2th	7.5	A race condition during concurrent delazification in Mozilla products could lead to use-after-free v
823	CVE-2025-22783	0.73%	72.1th	8.5	This SQL injection vulnerability in the Squirrly SEO WordPress plugin allows attackers to execute ar
824	CVE-2025-49630	0.72%	72.1th	7.5	This vulnerability allows untrusted clients to trigger a denial of service attack against Apache HTT
825	CVE-2025-30213	0.72%	72th	8.8	This vulnerability in Frappe framework allows authenticated system users to create documents in a sp
826	CVE-2025-65878	0.72%	72th	7.5	The warehouse management system version 1.2 contains an arbitrary file read vulnerability via direct
827	CVE-2025-6763	0.72%	72th	8.1	This CVE describes an authentication bypass vulnerability in Comet System's web-based management int
828	CVE-2025-28407	0.72%	71.9th	8.8	This vulnerability in RUoYi v4.8.0 allows remote attackers to escalate privileges by exploiting impr
829	CVE-2024-37917	0.72%	71.9th	7.5	CVE-2024-37917 is an improper input validation vulnerability in Pexip Infinity video conferencing so
830	CVE-2025-31499	0.71%	71.9th	8.8	This vulnerability allows argument injection in Jellyfin's FFmpeg processing, which can lead to arbi
831	CVE-2025-3610	0.71%	71.9th	8.8	The Reales WP STPT WordPress plugin allows authenticated attackers with subscriber-level access to c
832	CVE-2025-21344	0.71%	71.8th	7.8	This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server
833	CVE-2024-58294	0.71%	71.8th	8.8	FreePBX 16 contains an authenticated remote code execution vulnerability in the API module. Attacker
834	CVE-2024-58287	0.71%	71.8th	8.8	CVE-2024-58287 is an authenticated command injection vulnerability in reNgine 2.2.0 that allows atta
835	CVE-2026-0766	0.71%	71.7th	8.8	This vulnerability allows authenticated remote attackers to execute arbitrary Python code on Open We
836	CVE-2026-0765	0.71%	71.7th	8.8	This vulnerability allows authenticated remote attackers to execute arbitrary system commands on Ope
837	CVE-2025-23196	0.71%	71.7th	8.8	This CVE describes a code injection vulnerability in Apache Ambari's Alert Definition feature where
838	CVE-2025-3836	0.71%	71.7th	8.3	This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the logo
839	CVE-2025-25387	0.7%	71.6th	7.2	This SQL injection vulnerability in PHPGurukul Land Record System v1.0 allows remote attackers to ex
840	CVE-2025-25357	0.7%	71.6th	7.2	A SQL injection vulnerability in PHPGurukul Land Record System v1.0 allows remote attackers to execu
841	CVE-2025-25356	0.7%	71.6th	7.2	A SQL injection vulnerability in PHPGurukul Land Record System v1.0 allows remote attackers to execu
842	CVE-2025-25355	0.7%	71.6th	7.2	A SQL injection vulnerability in PHPGurukul Land Record System v1.0 allows remote attackers to execu
843	CVE-2025-25354	0.7%	71.6th	7.2	This SQL injection vulnerability in PHPGurukul Land Record System v1.0 allows remote attackers to ex
844	CVE-2025-25352	0.7%	71.6th	7.2	This SQL injection vulnerability in PHPGurukul Land Record System v1.0 allows remote attackers to ex
845	CVE-2024-13681	0.7%	71.6th	7.5	The Uncode WordPress theme contains an arbitrary file read vulnerability that allows unauthenticated
846	CVE-2024-57030	0.7%	71.5th	8.1	Wegia versions below 3.2.0 contain a cross-site scripting vulnerability in the employee documents pa
847	CVE-2022-50789	0.7%	71.5th	7.8	This is a command injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco systems up to version 2.x
848	CVE-2025-24356	0.7%	71.5th	7.5	CVE-2025-24356 is a UDP amplification vulnerability in fastd VPN daemon that allows attackers to spo
849	CVE-2024-11582	0.7%	71.5th	7.2	The Subscribe2 WordPress plugin has a stored XSS vulnerability in all versions up to 10.43. Unauthen
850	CVE-2025-29457	0.7%	71.5th	7.6	This vulnerability in MyBB 1.8.38 allows remote attackers to obtain sensitive information through th

← Previous Page 17 of 265 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free