Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
951	CVE-2025-13539	0.45%	63th	9.8	The FindAll Membership WordPress plugin has an authentication bypass vulnerability that allows unaut
952	CVE-2025-24172	0.45%	63th	9.8	A sandbox escape vulnerability in Apple Mail allows malicious email content to bypass the 'Block All
953	CVE-2025-4689	0.45%	62.9th	9.8	This vulnerability allows unauthenticated attackers to execute arbitrary code on WordPress servers r
954	CVE-2025-7451	0.44%	62.9th	9.8	CVE-2025-7451 is an unauthenticated remote OS command injection vulnerability in iSherlock software
955	CVE-2025-66259	0.44%	62.9th	9.8	This vulnerability allows authenticated attackers to execute arbitrary commands with root privileges
956	CVE-2026-21448	0.44%	62.9th	9.8	Bagisto eCommerce platform versions before 2.3.10 are vulnerable to server-side template injection t
957	CVE-2024-12649	0.44%	62.8th	9.8	A buffer overflow vulnerability in XPS data font processing allows attackers on the same network seg
958	CVE-2024-12647	0.44%	62.8th	9.8	A buffer overflow vulnerability in CPCA font download processing for Canon multifunction printers al
959	CVE-2025-30065	0.44%	62.9th	9.8	This vulnerability in Apache Parquet's parquet-avro module allows attackers to execute arbitrary cod
960	CVE-2025-29660	0.44%	62.8th	9.8	This vulnerability allows unauthenticated attackers to execute arbitrary scripts on Yi IOT XY-3820 d
961	CVE-2025-54347	0.44%	62.8th	9.9	A directory traversal vulnerability in Desktop Alert PingAlert Application Server versions 6.1.0.11
962	CVE-2025-66209	0.44%	62.7th	9.9	CVE-2025-66209 is an authenticated command injection vulnerability in Coolify's Database Backup func
963	CVE-2025-1268	0.44%	62.7th	9.4	This CVE describes an out-of-bounds write vulnerability in multiple Canon printer drivers that could
964	CVE-2025-66848	0.44%	62.7th	9.8	This vulnerability allows unauthenticated attackers to execute arbitrary commands remotely on affect
965	CVE-2025-64075	0.44%	62.6th	10.0	A path traversal vulnerability in the ZBT WE2001 router's check_token function allows remote attacke
966	CVE-2025-4607	0.44%	62.6th	9.8	The PSW Front-end Login & Registration WordPress plugin has a critical privilege escalation vulnerab
967	CVE-2025-10878	0.44%	62.6th	10.0	An unauthenticated SQL injection vulnerability in Fikir Odalari AdminPando 1.0.1 allows attackers to
968	CVE-2025-1144	0.44%	62.4th	9.8	The School Affairs System from Quanxun exposes sensitive information to unauthenticated attackers, a
969	CVE-2025-2474	0.44%	62.3th	9.8	CVE-2025-2474 is a critical out-of-bounds write vulnerability in the PCX image codec in QNX SDP that
970	CVE-2024-56511	0.43%	62.3th	9.8	This vulnerability allows attackers to bypass authentication in DataEase by exploiting a path traver
971	CVE-2025-23410	0.43%	62.3th	9.8	CVE-2025-23410 is a path traversal vulnerability in GMOD Apollo's web interface that allows attacker
972	CVE-2025-50578	0.43%	62.3th	9.8	CVE-2025-50578 allows unauthenticated attackers to manipulate HTTP headers (X-Forwarded-Host and Ref
973	CVE-2025-32118	0.43%	62.2th	9.1	This vulnerability allows attackers to upload malicious files to WordPress sites using the CMP – C
974	CVE-2025-63601	0.43%	62.2th	9.9	CVE-2025-63601 is a critical remote code execution vulnerability in Snipe-IT asset management softwa
975	CVE-2025-55108	0.43%	62.2th	10.0	Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read/write, a
976	CVE-2025-21609	0.43%	62.1th	9.1	SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability in the POST /api/history/get
977	CVE-2022-40916	0.43%	62.2th	9.8	CVE-2022-40916 is a session fixation vulnerability in Tiny File Manager v2.4.7 and below that allows
978	CVE-2026-22903	0.43%	62.1th	9.8	An unauthenticated remote attacker can crash or potentially execute arbitrary code on lighttpd web s
979	CVE-2025-65108	0.43%	62th	10.0	CVE-2025-65108 is a critical remote code execution vulnerability in md-to-pdf, a Node.js tool for co
980	CVE-2025-47154	0.43%	61.9th	9.0	This CVE describes a use-after-free vulnerability in LibJS within the Ladybird browser that allows r
981	CVE-2025-5310	0.43%	61.9th	9.8	Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented, unauthenticated target
982	CVE-2025-62515	0.43%	61.9th	9.8	This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable v
983	CVE-2025-13773	0.43%	61.7th	9.8	This vulnerability allows unauthenticated attackers to execute arbitrary code on WordPress servers r
984	CVE-2025-59385	0.43%	61.7th	9.8	This CVE describes an authentication bypass vulnerability in QNAP operating systems that allows remo
985	CVE-2026-21446	0.43%	61.7th	9.8	Bagisto eCommerce platform versions before 2.3.10 have unprotected API endpoints that remain accessi
986	CVE-2025-7673	0.43%	61.7th	9.8	A buffer overflow vulnerability in the zhttpd URL parser of Zyxel VMG8825-T50K routers allows unauth
987	CVE-2024-57707	0.42%	61.7th	9.8	This vulnerability allows remote attackers to execute arbitrary code on DataEase v1 systems by explo
988	CVE-2025-11418	0.42%	61.7th	9.8	This is a critical stack-based buffer overflow vulnerability in Tenda CH22 routers that allows remot
989	CVE-2025-25270	0.42%	61.6th	9.8	This critical vulnerability allows unauthenticated remote attackers to modify device configurations,
990	CVE-2025-14440	0.42%	61.6th	9.8	The JAY Login & Register WordPress plugin has an authentication bypass vulnerability that allows una
991	CVE-2025-13613	0.42%	61.6th	9.8	The Elated Membership WordPress plugin has an authentication bypass vulnerability that allows unauth
992	CVE-2025-58321	0.42%	61.4th	10.0	Delta Electronics DIALink has a directory traversal authentication bypass vulnerability that allows
993	CVE-2025-31681	0.42%	61.3th	9.8	This CVE describes a Missing Authorization vulnerability in Drupal's Authenticator Login module that
994	CVE-2021-38383	0.42%	61.3th	9.8	CVE-2021-38383 is a use-after-free vulnerability in OwnTone's net_bind() function that allows attack
995	CVE-2025-3621	0.42%	61.2th	9.6	This critical vulnerability in ActADUR local server allows attackers to execute arbitrary commands o
996	CVE-2025-24146	0.42%	61.2th	9.8	A macOS vulnerability in the Messages app where deleting conversations may expose user contact infor
997	CVE-2025-26008	0.41%	61.1th	9.8	An unauthenticated stack overflow vulnerability in Telesquare TLR-2005KSH routers allows remote atta
998	CVE-2025-26006	0.41%	61.1th	9.8	This vulnerability allows unauthenticated remote attackers to execute arbitrary code on Telesquare T
999	CVE-2025-26004	0.41%	61.1th	9.8	The Telesquare TLR-2005KSH router firmware version 1.1.4 contains a stack buffer overflow vulnerabil
1000	CVE-2025-26002	0.41%	61.1th	9.8	This vulnerability allows unauthenticated remote attackers to execute arbitrary code on Telesquare T

← Previous Page 20 of 70 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free