Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 901 | CVE-2026-20404 |
|
50.8th | 6.5 | This vulnerability in MediaTek modems allows remote denial of service through improper input validat | |
| 902 | CVE-2026-20403 |
|
50.8th | 6.5 | This vulnerability in MediaTek modems allows remote denial of service via system crash when a device | |
| 903 | CVE-2026-20402 |
|
50.8th | 6.5 | This vulnerability in MediaTek modems allows remote denial of service through improper input validat | |
| 904 | CVE-2024-51461 |
|
50.7th | 4.3 | This vulnerability in IBM QRadar WinCollect Agent allows remote attackers to cause denial of service | |
| 905 | CVE-2025-14703 |
|
50.7th | 5.3 | This vulnerability allows remote attackers to bypass authentication in Shiguangwu sgwbox N3 NAS devi | |
| 906 | CVE-2025-21332 |
|
50.6th | 4.3 | This CVE describes a security feature bypass vulnerability in the MapUrlToZone function, which is us | |
| 907 | CVE-2025-32807 |
|
50.7th | 5.3 | A path traversal vulnerability in FusionDirectory allows remote attackers to read arbitrary files en | |
| 908 | CVE-2025-11344 |
|
50.7th | 6.3 | This vulnerability in ILIAS learning management system allows remote attackers to execute arbitrary | |
| 909 | CVE-2025-63918 |
|
50.6th | 6.2 | PDFPatcher contains a directory traversal vulnerability (CWE-22) where the executable fails to valid | |
| 910 | CVE-2025-68161 |
|
50.6th | 4.8 | This vulnerability in Apache Log4j Core allows man-in-the-middle attackers to intercept or redirect | |
| 911 | CVE-2025-24992 |
|
50.6th | 5.5 | This CVE describes a buffer over-read vulnerability in Windows NTFS that allows a local attacker to | |
| 912 | CVE-2025-12676 |
|
50.6th | 5.3 | The KiotViet Sync WordPress plugin uses a hardcoded password for authentication, allowing unauthenti | |
| 913 | CVE-2025-69612 |
|
50.5th | 6.5 | This path traversal vulnerability in TMS Management Console allows authenticated users to read arbit | |
| 914 | CVE-2024-28243 |
|
50.5th | 6.5 | KaTeX users who render untrusted mathematical expressions are vulnerable to a denial-of-service atta | |
| 915 | CVE-2025-32728 |
|
50.4th | 4.3 | OpenSSH versions before 10.0 have a bug where the DisableForwarding directive fails to properly disa | |
| 916 | CVE-2025-14728 |
|
50.4th | 6.8 | CVE-2025-14728 is a directory traversal vulnerability in Rapid7 Velociraptor on Linux servers that a | |
| 917 | CVE-2024-6483 |
|
50.3th | 5.3 | This vulnerability allows attackers to delete arbitrary files or directories on systems running aimh | |
| 918 | CVE-2024-13498 |
|
50.4th | 5.3 | The NEX-Forms WordPress plugin up to version 8.8.1 allows unauthenticated attackers to access upload | |
| 919 | CVE-2025-31945 |
|
50.3th | 5.3 | An unauthenticated attacker can access other users' charger information through an authorization byp | |
| 920 | CVE-2025-27927 |
|
50.3th | 5.3 | This vulnerability allows unauthenticated attackers to enumerate smart devices by querying an unprot | |
| 921 | CVE-2025-27575 |
|
50.3th | 5.3 | An unauthenticated attacker can retrieve EV charger version information and firmware upgrade history | |
| 922 | CVE-2025-31941 |
|
50.3th | 5.3 | This vulnerability allows unauthenticated attackers to enumerate smart devices by knowing a valid us | |
| 923 | CVE-2025-31357 |
|
50.3th | 5.3 | This vulnerability allows unauthenticated attackers to retrieve a user's plant list by simply knowin | |
| 924 | CVE-2025-30254 |
|
50.3th | 5.3 | An unauthenticated attacker can retrieve smart meter serial numbers using only the owner's username, | |
| 925 | CVE-2025-27938 |
|
50.3th | 5.3 | Unauthenticated attackers can access information about smart device collections (rooms) that should | |
| 926 | CVE-2025-24487 |
|
50.3th | 5.3 | This vulnerability allows unauthenticated attackers to determine which usernames exist in a system b | |
| 927 | CVE-2025-31675 |
|
50.3th | 5.4 | This CVE describes a cross-site scripting (XSS) vulnerability in Drupal core that allows attackers t | |
| 928 | CVE-2025-27795 |
|
50.3th | 4.3 | This vulnerability in GraphicsMagick's JXL image processing lacks proper dimension limits when readi | |
| 929 | CVE-2025-66454 |
|
50.3th | 6.5 | Arcade MCP versions before 1.5.4 use a hardcoded default worker secret ('dev') that is never validat | |
| 930 | CVE-2025-24402 |
|
50.2th | 4.3 | A CSRF vulnerability in Jenkins Azure Service Fabric Plugin allows attackers to trick authenticated | |
| 931 | CVE-2025-26643 |
|
50.1th | 5.4 | This vulnerability in Microsoft Edge allows an unauthorized attacker to perform spoofing attacks ove | |
| 932 | CVE-2023-36877 |
|
50.1th | 4.5 | CVE-2023-36877 is a cross-site scripting (XSS) vulnerability in Azure Apache Oozie that allows attac | |
| 933 | CVE-2023-35393 |
|
50.1th | 4.5 | CVE-2023-35393 is a cross-site scripting (XSS) vulnerability in Azure Apache Hive that allows attack | |
| 934 | CVE-2025-3125 |
|
50.1th | 6.7 | An arbitrary file upload vulnerability in WSO2 products allows authenticated admin users to upload m | |
| 935 | CVE-2024-55218 |
|
50th | 6.1 | IceWarp Server 10.2.1 contains a reflected cross-site scripting (XSS) vulnerability in the meta para | |
| 936 | CVE-2025-1556 |
|
50th | 4.7 | A remote deserialization vulnerability exists in westboy CicadasCMS 1.0's Template Management compon | |
| 937 | CVE-2025-60689 |
|
50.1th | 5.4 | An unauthenticated command injection vulnerability in Linksys E1200 v2 routers allows remote attacke | |
| 938 | CVE-2025-20374 |
|
50th | 4.9 | This vulnerability allows authenticated administrators in Cisco Unified CCX web UI to perform direct | |
| 939 | CVE-2025-30861 |
|
49.9th | 4.9 | This CVE describes a missing authorization vulnerability in the Five Star Restaurant Reservations Wo | |
| 940 | CVE-2025-2197 |
|
50th | 4.3 | This CVE describes a type confusion vulnerability in a browser that could allow an attacker to cause | |
| 941 | CVE-2025-30688 |
|
49.9th | 6.5 | This vulnerability in MySQL Server's optimizer component allows authenticated attackers with low pri | |
| 942 | CVE-2025-30682 |
|
49.9th | 6.5 | A vulnerability in MySQL Server's optimizer component allows authenticated attackers with low privil | |
| 943 | CVE-2025-7694 |
|
49.9th | 6.8 | The Woffice Core WordPress plugin allows authenticated attackers with Contributor-level access or hi | |
| 944 | CVE-2025-13261 |
|
49.9th | 5.3 | A path traversal vulnerability in the lsfusion platform allows attackers to manipulate the Version p | |
| 945 | CVE-2025-28093 |
|
49.8th | 6.3 | ShopXO v6.4.0 contains a Server-Side Request Forgery (SSRF) vulnerability in its email settings func | |
| 946 | CVE-2025-25504 |
|
49.8th | 6.5 | This vulnerability allows unauthenticated attackers with network access to connect to TCP port 4444 | |
| 947 | CVE-2025-15432 |
|
49.9th | 5.3 | This is a path traversal vulnerability in yeqifu carRental software that allows attackers to access | |
| 948 | CVE-2025-25247 |
|
49.8th | 6.1 | This CVE describes a cross-site scripting (XSS) vulnerability in Apache Felix Webconsole that allows | |
| 949 | CVE-2025-14094 |
|
49.7th | 4.7 | This CVE describes an OS command injection vulnerability in Edimax BR-6478AC V3 routers. Attackers c | |
| 950 | CVE-2023-51298 |
|
49.7th | 4.7 | PHPJabbers Event Booking Calendar v4.0 has a CSV injection vulnerability that allows attackers to in |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free