Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
951	CVE-2025-55749	1.76%	82.2th	7.5		This vulnerability in XWiki Jetty package (XJetty) exposes a context that allows static access to an
952	CVE-2025-12960	1.75%	82.2th	6.5		The Simple CSV Table WordPress plugin has a directory traversal vulnerability that allows authentica
953	CVE-2025-44022	1.75%	82.2th	9.8		This vulnerability in Vvveb CMS v1.0.6 allows remote attackers to execute arbitrary code through the
954	CVE-2025-15081	1.74%	82.2th	6.3		This vulnerability allows remote attackers to execute arbitrary commands on JD Cloud BE6500 routers
955	CVE-2025-45487	1.74%	82.2th	9.8		This CVE describes a command injection vulnerability in the Linksys E5600 router's runtime.InternetC
956	CVE-2025-24494	1.74%	82.2th	7.2		This path traversal vulnerability in Ixia/IxNetwork products allows device administrators to upload
957	CVE-2025-1448	1.74%	82.1th	7.3		This critical vulnerability in Synway SMG Gateway Management Software allows remote attackers to exe
958	CVE-2024-52577	1.74%	82.1th	9.0		This vulnerability allows remote code execution on Apache Ignite servers by bypassing class serializ
959	CVE-2025-46271	1.74%	82.1th	9.1		UNI-NMS-Lite contains a command injection vulnerability that allows unauthenticated attackers to exe
960	CVE-2023-53774	1.74%	82.1th	9.8		MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol, allowing atta
961	CVE-2024-51229	1.73%	82.1th	8.8		This Cross-Site Scripting (XSS) vulnerability in LinZhaoguan pb-cms v2.0 allows remote attackers to
962	CVE-2025-31200	1.73%	82.1th	9.8	KEV	This is a critical memory corruption vulnerability in Apple's media processing that allows remote co
963	CVE-2025-45489	1.73%	82.1th	9.8		This CVE describes a command injection vulnerability in Linksys E5600 routers that allows attackers
964	CVE-2024-57235	1.73%	82.1th	9.8		This vulnerability allows remote attackers to execute arbitrary commands on NETGEAR RAX5 routers by
965	CVE-2024-57233	1.73%	82.1th	9.8		This vulnerability allows remote attackers to execute arbitrary commands on NETGEAR RAX5 routers by
966	CVE-2024-57231	1.73%	82.1th	9.8		This CVE describes a command injection vulnerability in NETGEAR RAX5 routers that allows attackers t
967	CVE-2024-57229	1.73%	82.1th	9.8		This vulnerability allows remote attackers to execute arbitrary commands on NETGEAR RAX5 routers by
968	CVE-2025-22927	1.72%	82th	9.1		This vulnerability allows attackers to perform directory traversal attacks by sending a specially cr
969	CVE-2025-29909	1.72%	82th	9.8		A heap buffer overflow vulnerability in CryptoLib's Crypto_TC_ApplySecurity() function allows attack
970	CVE-2025-13700	1.72%	82th	7.2		This vulnerability allows authenticated remote attackers to execute arbitrary operating system comma
971	CVE-2025-28219	1.71%	82th	9.8		Netgear DC112A V1.0.0.64 contains an OS command injection vulnerability in the usb_adv.cgi endpoint
972	CVE-2025-7916	1.71%	82th	9.8		WinMatrix3 software from Simopro Technology has a critical insecure deserialization vulnerability th
973	CVE-2025-62204	1.71%	82th	8.0		This vulnerability allows an authenticated attacker to execute arbitrary code on Microsoft SharePoin
974	CVE-2024-12857	1.71%	82th	9.8		The AdForest WordPress theme has an authentication bypass vulnerability that allows unauthenticated
975	CVE-2025-1040	1.71%	82th	8.8		AutoGPT versions 0.3.4 and earlier contain a Server-Side Template Injection vulnerability that allow
976	CVE-2026-2152	1.7%	82th	7.2		This CVE describes a remote command injection vulnerability in D-Link DIR-615 routers through the we
977	CVE-2025-0492	1.7%	82th	7.5		A critical null pointer dereference vulnerability in D-Link DIR-823X routers allows remote attackers
978	CVE-2025-12092	1.7%	82th	6.5		The CYAN Backup WordPress plugin has an arbitrary file deletion vulnerability in versions up to 2.5.
979	CVE-2025-53835	1.7%	81.9th	9.0		This vulnerability in XWiki Rendering allows cross-site scripting (XSS) attacks through raw HTML blo
980	CVE-2025-29783	1.7%	81.9th	9.0		CVE-2025-29783 is a remote code execution vulnerability in vLLM when configured with Mooncake for di
981	CVE-2025-1971	1.7%	81.9th	7.2		This CVE describes a PHP Object Injection vulnerability in the Export and Import Users and Customers
982	CVE-2025-30144	1.69%	81.9th	6.5		The fast-jwt library prior to version 5.0.6 improperly validates JWT issuer claims, allowing attacke
983	CVE-2024-10633	1.69%	81.9th	7.3		This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes throug
984	CVE-2025-49718	1.69%	81.9th	7.5		This vulnerability in SQL Server involves improper initialization of resources, allowing unauthorize
985	CVE-2024-12058	1.69%	81.9th	6.8		This vulnerability allows remote authenticated attackers with admin privileges to read arbitrary fil
986	CVE-2024-52325	1.69%	81.9th	9.6		ECOVACS robot lawnmowers and vacuums are vulnerable to unauthenticated command injection via Bluetoo
987	CVE-2025-47733	1.69%	81.9th	9.1		This Server-Side Request Forgery (SSRF) vulnerability in Microsoft Power Apps allows attackers to ma
988	CVE-2025-52562	1.68%	81.8th	10.0		This is a critical directory traversal vulnerability in Convoy KVM server management panel that allo
989	CVE-2024-11831	1.67%	81.8th	5.4		This vulnerability in npm-serialize-javascript allows attackers to inject malicious JavaScript code
990	CVE-2024-13184	1.67%	81.8th	7.5		This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks agai
991	CVE-2024-9950	1.67%	81.8th	7.8		An unauthenticated attacker can modify compliance scripts in Forescout SecureConnector v11.3.07.0109
992	CVE-2025-56127	1.66%	81.8th	8.8		This CVE describes an OS command injection vulnerability in Ruijie RG-BCR600W routers that allows at
993	CVE-2025-56117	1.66%	81.8th	8.8		This CVE describes an OS command injection vulnerability in Ruijie X30-PRO routers that allows attac
994	CVE-2025-56111	1.66%	81.8th	8.8		This CVE describes an OS command injection vulnerability in Ruijie RG-BCR860 routers that allows att
995	CVE-2019-15690	1.66%	81.7th	8.8		CVE-2019-15690 is a heap buffer overflow vulnerability in LibVNCServer that allows remote attackers
996	CVE-2024-12035	1.66%	81.7th	8.8		The CS Framework WordPress plugin has an arbitrary file deletion vulnerability that allows authentic
997	CVE-2025-2257	1.66%	81.7th	7.2		This vulnerability allows authenticated attackers with administrator-level WordPress access to execu
998	CVE-2025-0756	1.66%	81.7th	9.1		This vulnerability in Hitachi Vantara Pentaho Data Integration & Analytics allows attackers to injec
999	CVE-2024-54780	1.66%	81.7th	8.8		This vulnerability allows authenticated attackers to execute arbitrary commands on pfSense firewalls
1000	CVE-2025-57174	1.66%	81.7th	9.8		This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on Siklu Et

← Previous Page 20 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free