Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
901	CVE-2024-13345	1.97%	83.2th	7.3	The Avada Builder WordPress plugin allows unauthenticated attackers to execute arbitrary shortcodes
902	CVE-2024-55215	1.97%	83.2th	9.8	An unauthenticated remote attacker can exploit the /auth/register initialization interface in Trojan
903	CVE-2024-13055	1.95%	83.1th	7.1	The Dyn Business Panel WordPress plugin through version 1.0.0 contains a reflected cross-site script
904	CVE-2025-46120	1.95%	83.1th	9.8	A path traversal vulnerability in Ruckus Unleashed and ZoneDirector web interfaces allows unauthenti
905	CVE-2025-21363	1.95%	83.1th	7.8	This vulnerability allows remote code execution when a user opens a specially crafted Microsoft Word
906	CVE-2024-53944	1.94%	83.1th	9.8	This CVE describes a critical command injection vulnerability in Tuoshi/Dionlink 4G Wi-Fi devices. U
907	CVE-2025-11202	1.94%	83.1th	9.8	This vulnerability allows remote attackers to execute arbitrary code on win-cli-mcp-server installat
908	CVE-2025-21220	1.94%	83.1th	7.5	Microsoft Message Queuing (MSMQ) contains an information disclosure vulnerability that allows authen
909	CVE-2025-7160	1.93%	83th	7.3	This critical SQL injection vulnerability in PHPGurukul Zoo Management System 2.1 allows attackers t
910	CVE-2025-25789	1.92%	83th	9.8	FoxCMS v1.2.5 contains a critical remote code execution vulnerability in the index() method of the S
911	CVE-2025-26014	1.92%	83th	9.8	A critical Remote Code Execution vulnerability in Loggrove v1.0 allows attackers to execute arbitrar
912	CVE-2025-14586	1.92%	83th	6.3	This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers. Attackers can e
913	CVE-2022-50796	1.91%	83th	9.8	This vulnerability allows unauthenticated attackers to execute arbitrary code on SOUND4 IMPACT/FIRST
914	CVE-2025-14276	1.91%	83th	5.6	This CVE describes a command injection vulnerability in Ilevia EVE X1 Server's leaf_search.php file,
915	CVE-2025-9985	1.91%	83th	5.3	The Featured Image from URL WordPress plugin exposes sensitive information through publicly accessib
916	CVE-2025-29971	1.91%	82.9th	7.5	An out-of-bounds read vulnerability in Microsoft Web Threat Defense (WTD.sys) allows unauthorized at
917	CVE-2025-2169	1.89%	82.9th	7.3	The WPCS WordPress Currency Switcher Professional plugin up to version 1.2.0.4 allows unauthenticate
918	CVE-2023-53922	1.89%	82.8th	9.8	CVE-2023-53922 is a critical remote code execution vulnerability in TinyWebGallery v2.5 that allows
919	CVE-2025-4564	1.88%	82.8th	9.8	The TicketBAI Facturas para WooCommerce WordPress plugin has an arbitrary file deletion vulnerabilit
920	CVE-2024-42733	1.88%	82.8th	9.8	CVE-2024-42733 is a critical remote code execution vulnerability in Docmosis Tornado document genera
921	CVE-2024-13495	1.88%	82.8th	7.3	This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes throug
922	CVE-2025-27956	1.87%	82.7th	7.5	A directory traversal vulnerability in WebLaudos 24.2 (04) allows remote attackers to access sensiti
923	CVE-2024-54916	1.87%	82.7th	6.8	This vulnerability in Telegram Android allows a physically proximate attacker to bypass the app's pa
924	CVE-2025-2244	1.86%	82.7th	9.8	This vulnerability allows remote attackers to execute arbitrary code on Bitdefender GravityZone Cons
925	CVE-2024-44313	1.86%	82.7th	8.1	CVE-2024-44313 is an incorrect access control vulnerability in TastyIgniter 3.7.6 that allows unauth
926	CVE-2025-55747	1.85%	82.7th	9.1	XWiki Platform versions 6.1-milestone-2 through 16.10.6 expose configuration files via the webjars A
927	CVE-2025-24162	1.85%	82.6th	6.5	This vulnerability is an out-of-bounds read (CWE-125) in Apple's WebKit browser engine that could ca
928	CVE-2024-55504	1.84%	82.6th	5.5	This vulnerability allows local attackers to execute arbitrary code via a malicious dynamic library
929	CVE-2026-0507	1.84%	82.6th	8.4	This CVE describes an OS command injection vulnerability in SAP Application Server for ABAP and SAP
930	CVE-2025-21356	1.83%	82.6th	7.8	This vulnerability allows remote code execution when a user opens a specially crafted Visio file. At
931	CVE-2013-10073	1.83%	82.6th	8.8	This vulnerability allows authenticated users with access to the Auto-Discovery tool in Nagios XI to
932	CVE-2022-32221	1.82%	82.5th	9.8	This vulnerability in libcurl allows an attacker to cause memory corruption or data leakage when reu
933	CVE-2025-24797	1.82%	82.5th	9.4	CVE-2025-24797 is a critical buffer overflow vulnerability in Meshtastic firmware that allows unauth
934	CVE-2025-21294	1.82%	82.5th	8.1	This vulnerability allows remote code execution via Microsoft Digest Authentication, enabling attack
935	CVE-2024-13453	1.81%	82.5th	7.3	This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes throug
936	CVE-2024-48818	1.81%	82.5th	9.8	This critical vulnerability in IIT Bombay's Bodhitree cs101 platform allows remote attackers to exec
937	CVE-2024-12737	1.81%	82.5th	6.1	This vulnerability allows attackers to inject malicious scripts via unsanitized parameters in the WP
938	CVE-2025-2004	1.8%	82.5th	9.1	The Simple WP Events WordPress plugin allows unauthenticated attackers to delete arbitrary files on
939	CVE-2025-26355	1.8%	82.5th	6.5	This path traversal vulnerability in Q-Free MaxTime allows authenticated remote attackers to delete
940	CVE-2025-26352	1.8%	82.5th	6.5	This path traversal vulnerability in Q-Free MaxTime allows authenticated remote attackers to delete
941	CVE-2025-1497	1.8%	82.4th	9.8	CVE-2025-1497 is a critical remote code execution vulnerability in PlotAI where insufficient validat
942	CVE-2024-57214	1.79%	82.4th	6.3	This CVE describes a command injection vulnerability in TOTOLINK A6000R routers where an attacker ca
943	CVE-2025-6851	1.79%	82.4th	7.2	The Broken Link Notifier WordPress plugin contains a Server-Side Request Forgery (SSRF) vulnerabilit
944	CVE-2025-24237	1.79%	82.4th	9.8	A buffer overflow vulnerability in Apple operating systems allows malicious apps to cause system cra
945	CVE-2025-1913	1.79%	82.4th	7.2	This vulnerability allows authenticated WordPress administrators to inject PHP objects via deseriali
946	CVE-2025-54261	1.78%	82.4th	10.0	This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted
947	CVE-2025-22926	1.78%	82.4th	9.8	This vulnerability allows attackers to perform directory traversal attacks by sending a specially cr
948	CVE-2024-53868	1.77%	82.3th	7.5	Apache Traffic Server is vulnerable to HTTP request smuggling when processing malformed chunked mess
949	CVE-2025-21244	1.76%	82.3th	8.8	This is a remote code execution vulnerability in the Windows Telephony Service that allows attackers
950	CVE-2025-21243	1.76%	82.3th	8.8	This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code on

← Previous Page 19 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free