Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
9401	CVE-2025-7875	0.11%	30th	7.3	This critical vulnerability in Metasoft MetaCRM allows attackers to bypass authentication via the /d
9402	CVE-2025-53817	0.11%	30.1th	7.5	A null pointer dereference vulnerability in 7-Zip's Compound Document handler allows attackers to ca
9403	CVE-2025-40927	0.11%	30.1th	7.3	CVE-2025-40927 is an HTTP response splitting vulnerability in CGI::Simple for Perl that allows attac
9404	CVE-2025-54785	0.11%	30th	8.8	SuiteCRM versions 7.14.6 and 8.8.0 contain an insecure deserialization vulnerability where user inpu
9405	CVE-2025-10385	0.11%	30th	8.8	A buffer overflow vulnerability in Mercury KM08-708H GiGA WiFi Wave2 routers allows remote attackers
9406	CVE-2025-12422	0.11%	30th	9.8	This vulnerability allows attackers to write arbitrary files through a vulnerable upgrade feature in
9407	CVE-2025-62290	0.11%	30.1th	7.2	A critical vulnerability in Oracle ZFS Storage Appliance Kit's Block Storage component allows authen
9408	CVE-2025-54263	0.11%	30.1th	8.1	Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to
9409	CVE-2025-48826	0.11%	30th	8.8	A format string vulnerability in the formPingCmd functionality of Planet WGR-500 routers allows memo
9410	CVE-2025-34337	0.11%	30.1th	N/A	This vulnerability in eGovFramework's common components allows unauthenticated attackers to bypass a
9411	CVE-2025-59499	0.11%	30.1th	8.8	This SQL injection vulnerability in Microsoft SQL Server allows authenticated attackers to execute a
9412	CVE-2022-50802	0.11%	30.1th	6.1	ETAP Safety Manager 1.0.0.32 contains an unauthenticated reflected cross-site scripting vulnerabilit
9413	CVE-2025-14994	0.11%	30.1th	8.8	A stack-based buffer overflow vulnerability in Tenda FH1201 and FH1206 routers allows remote attacke
9414	CVE-2025-14692	0.11%	30th	4.3	This CVE describes an open redirect vulnerability in Mayan EDMS up to version 4.10.1. Attackers can
9415	CVE-2025-64993	0.11%	30.1th	6.8	A command injection vulnerability in TeamViewer DEX (formerly 1E DEX) allows authenticated attackers
9416	CVE-2025-64992	0.11%	30.1th	6.8	A command injection vulnerability in TeamViewer DEX (formerly 1E DEX) allows authenticated attackers
9417	CVE-2025-64991	0.11%	30.1th	6.8	A command injection vulnerability in TeamViewer DEX (formerly 1E DEX) allows authenticated attackers
9418	CVE-2025-1545	0.11%	30.1th	7.5	An XPath injection vulnerability in WatchGuard Fireware OS allows remote unauthenticated attackers t
9419	CVE-2024-58276	0.11%	30.1th	N/A	Obi08/Enrollment System 1.0 contains an unauthenticated SQL injection vulnerability in the /get_subj
9420	CVE-2025-14063	0.11%	30th	6.1	The SEO Links Interlinking WordPress plugin contains a reflected cross-site scripting (XSS) vulnerab
9421	CVE-2026-24412	0.11%	30.1th	8.8	A heap buffer overflow vulnerability in iccDEV's CIccTagXmlSegmentedCurve::ToXml() function allows a
9422	CVE-2026-24406	0.11%	30.1th	8.8	CVE-2026-24406 is a heap buffer overflow vulnerability in iccDEV's CIccTagNamedColor2::SetSize() fun
9423	CVE-2026-24405	0.11%	30.1th	8.8	A heap buffer overflow vulnerability in iccDEV's CIccMpeCalculator::Read() function allows attackers
9424	CVE-2026-0790	0.11%	30th	7.5	This vulnerability allows remote attackers to access sensitive information on ALGO 8180 IP Audio Ale
9425	CVE-2026-0789	0.11%	30th	7.5	This vulnerability in ALGO 8180 IP Audio Alerter devices allows remote attackers to obtain authentic
9426	CVE-2025-10622	0.11%	30th	8.0	This vulnerability in Red Hat Satellite's Foreman component allows authenticated users with edit_set
9427	CVE-2026-22444	0.11%	30th	7.1	This vulnerability in Apache Solr allows attackers to bypass path restrictions and read unauthorized
9428	CVE-2025-66417	0.11%	30th	7.5	CVE-2025-66417 is an unauthenticated SQL injection vulnerability in GLPI's inventory endpoint. Attac
9429	CVE-2025-0783	0.11%	29.8th	6.3	This vulnerability allows unauthorized access to API endpoints in pankajindevops scale up software d
9430	CVE-2024-55930	0.11%	29.9th	6.7	Xerox Workplace Suite has insecure default folder permissions that allow unauthorized users to acces
9431	CVE-2025-0484	0.11%	29.9th	7.3	This vulnerability in Fanli2012 native-php-cms 1.0 allows attackers to bypass authorization controls
9432	CVE-2024-53649	0.11%	29.9th	6.5	This vulnerability in Siemens SIPROTEC 5 protection devices allows authenticated remote attackers to
9433	CVE-2024-13200	0.11%	29.9th	7.3	This critical vulnerability in wander-chu SpringBoot-Blog 1.0 allows remote attackers to bypass acce
9434	CVE-2025-22868	0.11%	29.9th	7.5	This vulnerability in Go's parsing logic allows attackers to cause excessive memory consumption by s
9435	CVE-2025-27141	0.11%	29.9th	6.5	In Metabase Enterprise Edition, users with impersonation permissions can access cached query results
9436	CVE-2024-45084	0.11%	29.8th	8.0	This vulnerability in IBM Cognos Controller allows authenticated attackers to perform formula inject
9437	CVE-2024-12012	0.11%	29.8th	5.7	This vulnerability exposes password hashes and session tokens in URLs due to improper use of GET req
9438	CVE-2025-2228	0.11%	29.8th	5.7	This vulnerability in the Responsive Addons for Elementor WordPress plugin allows authenticated atta
9439	CVE-2025-24920	0.11%	30th	4.3	Mattermost fails to restrict bookmark creation and updates in archived channels, allowing authentica
9440	CVE-2025-29914	0.11%	30th	5.4	CVE-2025-29914 is a path normalization vulnerability in OWASP Coraza WAF where requests starting wit
9441	CVE-2024-8999	0.11%	30th	7.5	This vulnerability in lunary-ai/lunary allows any user to export the entire database to Google BigQu
9442	CVE-2025-1468	0.11%	29.9th	7.5	An unauthenticated remote attacker can access sensitive authentication information in CODESYS OPC UA
9443	CVE-2025-2271	0.11%	29.8th	7.7	An Insecure Direct Object Reference (IDOR) vulnerability in Issuetrak v17.2.2 and earlier allows low
9444	CVE-2025-27622	0.11%	29.9th	4.3	This vulnerability in Jenkins allows attackers with Agent/Extended Read permission to view encrypted
9445	CVE-2025-4083	0.11%	29.8th	9.1	A process isolation vulnerability in Thunderbird and Firefox allows javascript: URIs to execute in t
9446	CVE-2025-46673	0.11%	29.9th	4.9	NASA CryptoLib versions before 1.3.2 fail to verify the operational state of Security Associations (
9447	CVE-2025-30510	0.11%	29.9th	9.8	This vulnerability allows attackers to upload arbitrary files instead of legitimate plant images in
9448	CVE-2025-32776	0.11%	30th	5.5	OpenRazer versions before 3.10.2 contain an out-of-bounds read vulnerability in the custom kernel dr
9449	CVE-2025-5029	0.11%	29.8th	5.4	This critical path traversal vulnerability in Kingdee Cloud Galaxy Private Cloud BBC System allows a
9450	CVE-2025-3876	0.11%	29.8th	8.8	This vulnerability in the SMS Alert Order Notifications WooCommerce plugin allows authenticated atta

← Previous Page 189 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free