Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
1001	CVE-2025-8769	1.66%	81.7th	9.8	CVE-2025-8769 is a critical remote code execution vulnerability in Telenium Online Web Application.
1002	CVE-2024-54525	1.66%	81.7th	8.8	This vulnerability allows attackers to modify protected system files by restoring maliciously crafte
1003	CVE-2025-27692	1.66%	81.7th	4.7	Dell Wyse Management Suite versions before 5.1 have a vulnerability where high-privileged attackers
1004	CVE-2025-58751	1.66%	81.7th	5.3	This vulnerability in Vite allows attackers to bypass server.fs restrictions and access files outsid
1005	CVE-2025-30384	1.65%	81.7th	7.4	This vulnerability allows remote code execution on Microsoft SharePoint servers through deserializat
1006	CVE-2025-4946	1.65%	81.7th	8.1	The Vikinger WordPress theme allows authenticated attackers with Subscriber-level access or higher t
1007	CVE-2026-0768	1.65%	81.7th	9.8	CVE-2026-0768 is a critical remote code execution vulnerability in Langflow that allows unauthentica
1008	CVE-2026-0761	1.65%	81.7th	9.8	This critical vulnerability allows unauthenticated remote attackers to execute arbitrary Python code
1009	CVE-2025-29806	1.64%	81.6th	6.5	This vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute arb
1010	CVE-2025-29635	1.64%	81.6th	8.8	A command injection vulnerability in D-Link DIR-823X routers allows authenticated attackers to execu
1011	CVE-2025-27407	1.64%	81.6th	9.0	This vulnerability in graphql-ruby allows remote code execution when loading malicious schema defini
1012	CVE-2024-53303	1.64%	81.6th	8.8	This vulnerability allows authenticated attackers to execute arbitrary code on LRQA Nettitude PoshC2
1013	CVE-2018-25115	1.64%	81.6th	9.8	This CVE describes an unauthenticated remote command execution vulnerability in multiple D-Link DIR-
1014	CVE-2025-21306	1.64%	81.6th	8.8	This is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote a
1015	CVE-2025-21291	1.64%	81.6th	8.8	This vulnerability in Windows DirectShow allows remote attackers to execute arbitrary code on affect
1016	CVE-2025-21282	1.64%	81.6th	8.8	This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
1017	CVE-2025-21273	1.64%	81.6th	8.8	This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code on
1018	CVE-2025-21266	1.64%	81.6th	8.8	This is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote a
1019	CVE-2025-21252	1.64%	81.6th	8.8	This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
1020	CVE-2025-21250	1.64%	81.6th	8.8	This is a heap-based buffer overflow vulnerability in the Windows Telephony Service that allows remo
1021	CVE-2025-21241	1.64%	81.6th	8.8	This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code on
1022	CVE-2025-21240	1.64%	81.6th	8.8	This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code wi
1023	CVE-2025-60425	1.64%	81.6th	8.6	Nagios Fusion versions 2024R1.2 and 2024R2 fail to invalidate existing session tokens when enabling
1024	CVE-2023-53690	1.64%	81.6th	4.8	Nagios Fusion versions before 4.2.0 have a stored XSS vulnerability in LDAP/AD authentication config
1025	CVE-2026-20963	1.63%	81.5th	8.8	This vulnerability allows an authorized attacker to execute arbitrary code on Microsoft SharePoint s
1026	CVE-2024-57227	1.63%	81.5th	8.0	This CVE describes a command injection vulnerability in Linksys E7350 routers where an attacker can
1027	CVE-2025-30282	1.63%	81.5th	9.1	This CVE describes an improper authentication vulnerability in Adobe ColdFusion that allows high-pri
1028	CVE-2025-21197	1.62%	81.5th	6.5	This vulnerability allows an authenticated attacker to discover file paths within restricted directo
1029	CVE-2024-25699	1.62%	81.5th	8.5	An improper authentication vulnerability in Esri Portal for ArcGIS and ArcGIS Enterprise allows auth
1030	CVE-2025-60699	1.62%	81.5th	6.5	This CVE describes a buffer overflow vulnerability in TOTOLINK A950RG router firmware that allows un
1031	CVE-2025-45988	1.61%	81.4th	9.8	This CVE describes multiple command injection vulnerabilities in Blink routers where attackers can e
1032	CVE-2025-45986	1.61%	81.4th	9.8	This CVE describes a command injection vulnerability in multiple Blink router models that allows att
1033	CVE-2025-45984	1.61%	81.4th	9.8	This CVE describes a command injection vulnerability in multiple Blink router models via the routepw
1034	CVE-2025-2105	1.61%	81.4th	8.1	The Jupiter X Core WordPress plugin is vulnerable to PHP object injection via deserialization of unt
1035	CVE-2024-53924	1.61%	81.4th	9.8	Pycel versions up to 1.0b30 allow remote code execution when processing untrusted Excel spreadsheets
1036	CVE-2023-54327	1.61%	81.4th	9.8	CVE-2023-54327 is an authentication bypass vulnerability in Tinycontrol LAN Controller 1.58a that al
1037	CVE-2025-27743	1.6%	81.4th	7.8	CVE-2025-27743 is an untrusted search path vulnerability in Microsoft System Center that allows an a
1038	CVE-2025-25014	1.6%	81.4th	9.1	A prototype pollution vulnerability in Kibana allows attackers to execute arbitrary code by sending
1039	CVE-2025-24406	1.6%	81.4th	7.5	This CVE describes a path traversal vulnerability in Adobe Commerce that allows unauthenticated atta
1040	CVE-2025-5515	1.6%	81.4th	6.3	This critical vulnerability in TOTOLINK X2000R routers allows remote attackers to execute arbitrary
1041	CVE-2025-26699	1.6%	81.3th	5.0	A denial-of-service vulnerability exists in Django's text wrapping functions when processing extreme
1042	CVE-2025-0316	1.59%	81.3th	9.8	The WP Directorybox Manager plugin for WordPress has an authentication bypass vulnerability that all
1043	CVE-2025-25001	1.59%	81.3th	4.3	This cross-site scripting (XSS) vulnerability in Microsoft Edge allows attackers to inject malicious
1044	CVE-2025-47166	1.59%	81.3th	8.8	CVE-2025-47166 is a deserialization vulnerability in Microsoft Office SharePoint that allows authent
1045	CVE-2025-22398	1.59%	81.3th	9.8	This critical vulnerability allows unauthenticated remote attackers to execute arbitrary operating s
1046	CVE-2025-32103	1.59%	81.3th	5.0	CVE-2025-32103 is a directory traversal vulnerability in CrushFTP that allows attackers to bypass Se
1047	CVE-2025-7952	1.58%	81.2th	6.3	This critical vulnerability in TOTOLINK T6 routers allows remote attackers to execute arbitrary comm
1048	CVE-2024-12044	1.58%	81.2th	9.8	This critical vulnerability allows remote code execution in open-mmlab/mmdetection v3.3.0 through un
1049	CVE-2024-13744	1.58%	81.2th	8.1	The Booster for WooCommerce WordPress plugin versions 4.0.1 through 7.2.4 contain an arbitrary file
1050	CVE-2024-13725	1.57%	81.2th	9.8	The Keap Official Opt-in Forms WordPress plugin has a Local File Inclusion vulnerability that allows

← Previous Page 21 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free