Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
51	CVE-2025-3249	6.4%	90.8th	6.3		This critical vulnerability in TOTOLINK A6000R routers allows remote attackers to execute arbitrary
52	CVE-2025-50757	6.39%	90.8th	6.5		This CVE describes a command injection vulnerability in Wavlink WN535K3 routers that allows attacker
53	CVE-2025-50755	6.39%	90.8th	6.5		This vulnerability allows attackers to execute arbitrary commands on Wavlink WN535K3 routers by send
54	CVE-2026-1601	6.37%	90.8th	6.3		This vulnerability allows remote attackers to execute arbitrary commands on Totolink A7000R routers
55	CVE-2025-2094	6.14%	90.6th	6.3		This critical vulnerability in TOTOLINK EX1800T routers allows remote attackers to execute arbitrary
56	CVE-2025-24104	5.98%	90.5th	5.5		This vulnerability allows an attacker to modify protected system files on iOS/iPadOS devices by rest
57	CVE-2025-46819	5.94%	90.4th	6.3		This vulnerability in Redis allows authenticated users to execute specially crafted LUA scripts that
58	CVE-2025-44862	5.77%	90.3th	6.3		This CVE describes a command injection vulnerability in TOTOLINK CA300-POE routers that allows attac
59	CVE-2025-44846	5.77%	90.3th	6.3		This CVE describes a command injection vulnerability in TOTOLINK CA600-PoE routers that allows attac
60	CVE-2025-44838	5.77%	90.3th	6.3		This CVE describes a command injection vulnerability in TOTOLINK CP900 routers that allows attackers
61	CVE-2025-44836	5.77%	90.3th	6.3		This command injection vulnerability in TOTOLINK CP900 routers allows attackers to execute arbitrary
62	CVE-2025-44854	5.77%	90.3th	6.3		This CVE describes a command injection vulnerability in TOTOLINK CP900 routers that allows attackers
63	CVE-2025-44866	5.67%	90.2th	6.3		This CVE describes a command injection vulnerability in Tenda W20E routers that allows attackers to
64	CVE-2025-44864	5.67%	90.2th	6.3		This CVE describes a command injection vulnerability in Tenda W20E routers that allows attackers to
65	CVE-2024-55417	5.66%	90.2th	4.3		CVE-2024-55417 allows authenticated users in DevDojo Voyager to bypass file type verification when u
66	CVE-2024-57972	5.59%	90.1th	6.5		This vulnerability allows remote attackers to cause Denial of Service on Microsoft HoloLens devices
67	CVE-2025-25605	5.59%	90.1th	6.5		This vulnerability allows remote attackers to execute arbitrary commands on Totolink X5000R routers
68	CVE-2025-25296	5.55%	90.1th	6.1		This vulnerability allows attackers to inject malicious HTML/JavaScript through Label Studio's uploa
69	CVE-2025-21377	5.41%	89.9th	6.5		This vulnerability allows attackers to spoof NTLM hash disclosure, potentially enabling credential t
70	CVE-2025-48927	5.39%	89.9th	5.3	KEV	The TeleMessage service exposes a Spring Boot Actuator heap dump endpoint at /heapdump, allowing att
71	CVE-2025-57200	5.3%	89.8th	6.5		This CVE describes an authenticated command injection vulnerability in AVTECH SECURITY Corporation's
72	CVE-2025-24984	4.97%	89.4th	4.6	KEV	This vulnerability allows sensitive information to be written to Windows NTFS log files, which could
73	CVE-2026-1207	4.96%	89.4th	5.4		This SQL injection vulnerability in Django's RasterField implementation for PostGIS allows remote at
74	CVE-2025-1743	4.93%	89.4th	5.3		This critical vulnerability in Pichome 2.1.0 allows remote attackers to perform path traversal attac
75	CVE-2024-48589	4.81%	89.2th	6.3		This is a Cross-Site Scripting (XSS) vulnerability in Gilnei Moraes phpABook v0.9 that allows remote
76	CVE-2025-57789	4.69%	89.1th	5.4		This vulnerability allows remote attackers to gain administrative control of affected systems by exp
77	CVE-2025-44860	4.54%	88.9th	6.5		This CVE describes a command injection vulnerability in TOTOLINK CA300-POE routers that allows attac
78	CVE-2025-44848	4.54%	88.9th	6.5		This CVE describes a command injection vulnerability in TOTOLINK CA600-PoE routers that allows attac
79	CVE-2025-44844	4.54%	88.9th	6.5		This CVE describes a command injection vulnerability in TOTOLINK CA600-PoE routers that allows attac
80	CVE-2025-44842	4.54%	88.9th	6.5		This CVE describes a command injection vulnerability in TOTOLINK CA600-PoE routers that allows attac
81	CVE-2025-44840	4.54%	88.9th	6.5		This CVE describes a command injection vulnerability in TOTOLINK CA600-PoE routers that allows attac
82	CVE-2024-48197	4.46%	88.8th	4.7		This cross-site scripting (XSS) vulnerability in Audiocodes MP-202b version 4.4.3 allows attackers t
83	CVE-2025-31486	4.31%	88.6th	5.3		This vulnerability in Vite allows attackers to bypass file access restrictions and read arbitrary fi
84	CVE-2025-55590	4.29%	88.6th	6.5		This CVE describes a command injection vulnerability in TOTOLINK A3002R routers via the bupload.html
85	CVE-2025-1946	4.28%	88.6th	6.3		This critical vulnerability in hzmanyun Education and Training System 2.1 allows remote attackers to
86	CVE-2025-26667	4.28%	88.6th	6.5		This vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthorized network a
87	CVE-2025-6485	4.17%	88.4th	6.3		This critical vulnerability allows remote attackers to execute arbitrary operating system commands o
88	CVE-2025-11580	3.96%	88.1th	5.3		PowerJob versions up to 5.1.2 have a missing authorization vulnerability in the /user/list endpoint
89	CVE-2023-33300	3.93%	88.1th	5.3		This command injection vulnerability in Fortinet FortiNAC allows attackers to execute arbitrary comm
90	CVE-2025-3816	3.88%	88th	4.7		This critical vulnerability in westboy CicadasCMS 2.0 allows remote attackers to execute arbitrary o
91	CVE-2025-2251	3.84%	87.9th	6.2		This vulnerability allows remote code execution on WildFly and JBoss EAP servers through untrusted d
92	CVE-2024-54958	3.8%	87.8th	6.1		Nagios XI 2024R1.2.2 contains a stored XSS vulnerability in the Tools page that allows authenticated
93	CVE-2025-5502	3.74%	87.7th	6.3		This critical vulnerability in TOTOLINK X15 routers allows remote attackers to execute arbitrary com
94	CVE-2025-2096	3.72%	87.7th	6.3		This critical vulnerability in TOTOLINK EX1800T routers allows remote attackers to execute arbitrary
95	CVE-2025-10211	3.64%	87.6th	6.3		This is a Server-Side Request Forgery (SSRF) vulnerability in ChanCMS 3.3.0 that allows attackers to
96	CVE-2024-54763	3.45%	87.2th	6.5		An unauthenticated access control vulnerability in ipTIME A2004 routers allows attackers to retrieve
97	CVE-2025-32464	3.34%	87th	6.8		HAProxy versions 2.2 through 3.1.6 have a heap-based buffer overflow vulnerability in the sample_con
98	CVE-2025-47188	3.31%	87th	6.5		This CVE describes a command injection vulnerability in Mitel SIP phones that allows unauthenticated
99	CVE-2025-13956	3.27%	86.9th	5.3		This vulnerability allows unauthenticated attackers to access sensitive order statistics in the Lear
100	CVE-2024-56137	3.1%	86.5th	6.8		CVE-2024-56137 is a remote command execution vulnerability in MaxKB's function library module that a

← Previous Page 2 of 331 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free