Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1001 | CVE-2025-8245 |
|
68.5th | 8.8 | This critical buffer overflow vulnerability in TOTOLINK X15 routers allows remote attackers to execu | |
| 1002 | CVE-2025-8136 |
|
68.5th | 8.8 | This critical vulnerability in TOTOLINK A702R routers allows remote attackers to execute arbitrary c | |
| 1003 | CVE-2025-21364 |
|
68.4th | 7.8 | This vulnerability allows attackers to bypass security features in Microsoft Excel, potentially enab | |
| 1004 | CVE-2024-58284 |
|
68.4th | 7.2 | PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability where administrativ | |
| 1005 | CVE-2025-3197 |
|
68.4th | 7.3 | CVE-2025-3197 is a prototype pollution vulnerability in the expand-object npm package that allows at | |
| 1006 | CVE-2025-8138 |
|
68.4th | 8.8 | This critical vulnerability in TOTOLINK A702R routers allows remote attackers to execute arbitrary c | |
| 1007 | CVE-2024-13622 |
|
68.4th | 7.5 | The File Uploads Addon for WooCommerce WordPress plugin exposes sensitive customer data through inse | |
| 1008 | CVE-2025-53020 |
|
68.3th | 7.5 | This vulnerability in Apache HTTP Server involves improper memory management where memory is release | |
| 1009 | CVE-2025-25475 |
|
68.3th | 7.5 | A NULL pointer dereference vulnerability in DCMTK's DICOM file processing component allows attackers | |
| 1010 | CVE-2025-62215 |
|
68.3th | 7.0 | KEV | This Windows Kernel race condition vulnerability allows authenticated local attackers to escalate pr |
| 1011 | CVE-2025-21587 |
|
68.2th | 7.4 | This vulnerability in Java Secure Socket Extension (JSSE) allows attackers to manipulate or access c | |
| 1012 | CVE-2024-36842 |
|
68.2th | 7.3 | This vulnerability allows remote attackers to execute arbitrary code on affected Oncord+ Android Inf | |
| 1013 | CVE-2024-57791 |
|
68.1th | 7.5 | A vulnerability in the Linux kernel's SMC (Shared Memory Communications) subsystem could cause a den | |
| 1014 | CVE-2025-0817 |
|
68.1th | 7.2 | The FormCraft WordPress plugin allows unauthenticated attackers to upload malicious SVG files contai | |
| 1015 | CVE-2025-2704 |
|
68.1th | 7.5 | This vulnerability allows remote attackers to cause a denial of service in OpenVPN servers by corrup | |
| 1016 | CVE-2025-26683 |
|
68.1th | 8.1 | CVE-2025-26683 is an improper authorization vulnerability in Azure Playwright that allows unauthoriz | |
| 1017 | CVE-2025-57618 |
|
68th | 7.3 | A path traversal vulnerability in FastX3 allows unauthenticated attackers to read arbitrary server f | |
| 1018 | CVE-2025-9712 |
|
68th | 8.8 | This vulnerability allows remote unauthenticated attackers to execute arbitrary code on Ivanti Endpo | |
| 1019 | CVE-2025-27487 |
|
67.9th | 8.0 | A heap-based buffer overflow vulnerability in Microsoft Remote Desktop Client allows authenticated a | |
| 1020 | CVE-2024-13925 |
|
67.9th | 7.5 | The Klarna Checkout for WooCommerce WordPress plugin before version 2.13.5 exposes an unauthenticate | |
| 1021 | CVE-2025-62786 |
|
67.9th | 8.1 | A heap-based out-of-bounds write vulnerability in Wazuh's decode_win_permissions function allows wri | |
| 1022 | CVE-2023-53981 |
|
67.9th | 7.2 | PhotoShow 3.0 contains a remote code execution vulnerability where authenticated administrators can | |
| 1023 | CVE-2023-37930 |
|
67.9th | 7.5 | This CVE describes memory corruption vulnerabilities in Fortinet VPN products that could allow authe | |
| 1024 | CVE-2025-53376 |
|
67.9th | 8.8 | CVE-2025-53376 is a command injection vulnerability in Dokploy that allows authenticated low-privile | |
| 1025 | CVE-2025-30891 |
|
67.8th | 8.8 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1026 | CVE-2025-30846 |
|
67.8th | 8.8 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1027 | CVE-2025-32146 |
|
67.8th | 8.8 | This vulnerability allows attackers to include local files on the server through improper input vali | |
| 1028 | CVE-2025-32141 |
|
67.8th | 8.8 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1029 | CVE-2025-34024 |
|
67.8th | 8.8 | An authenticated OS command injection vulnerability in Edimax EW-7438RPn firmware allows attackers t | |
| 1030 | CVE-2025-64124 |
|
67.8th | 8.8 | This OS command injection vulnerability in Nuvation Energy Multi-Stack Controller allows attackers t | |
| 1031 | CVE-2024-9134 |
|
67.7th | 8.3 | Multiple SQL injection vulnerabilities in the reporting application allow authenticated users with a | |
| 1032 | CVE-2024-13624 |
|
67.7th | 7.1 | This vulnerability allows attackers to inject malicious scripts into WordPress admin pages via unsan | |
| 1033 | CVE-2025-65730 |
|
67.7th | 8.8 | This vulnerability allows attackers to bypass authentication in GoAway by forging JWT tokens using a | |
| 1034 | CVE-2025-29189 |
|
67.6th | 7.6 | Flowise versions up to 2.2.3 contain a SQL injection vulnerability in the Postgres_VectorStores comp | |
| 1035 | CVE-2025-3834 |
|
67.6th | 8.1 | This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the OU H | |
| 1036 | CVE-2025-10907 |
|
67.6th | 8.4 | An arbitrary file upload vulnerability in WSO2 products allows authenticated administrators to uploa | |
| 1037 | CVE-2025-0241 |
|
67.6th | 7.7 | A memory corruption vulnerability in text segmentation components of Mozilla products could allow at | |
| 1038 | CVE-2025-1634 |
|
67.6th | 7.5 | A memory leak vulnerability in the quarkus-resteasy extension occurs when client requests timeout, c | |
| 1039 | CVE-2025-7913 |
|
67.6th | 8.8 | This critical vulnerability in TOTOLINK T6 routers allows remote attackers to execute arbitrary code | |
| 1040 | CVE-2025-21408 |
|
67.5th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable v | |
| 1041 | CVE-2025-29800 |
|
67.5th | 7.8 | CVE-2025-29800 is a local privilege escalation vulnerability in Microsoft AutoUpdate (MAU) that allo | |
| 1042 | CVE-2025-41736 |
|
67.5th | 8.8 | A path traversal vulnerability in PHP allows low-privileged remote attackers to upload or overwrite | |
| 1043 | CVE-2024-41792 |
|
67.4th | 8.6 | The SENTRON 7KT PAC1260 Data Manager contains a path traversal vulnerability in its web interface th | |
| 1044 | CVE-2025-5462 |
|
67.5th | 7.5 | A heap-based buffer overflow vulnerability in Ivanti secure access products allows remote unauthenti | |
| 1045 | CVE-2025-1736 |
|
67.4th | 7.3 | This CVE describes an insufficient validation vulnerability in PHP's header handling that could allo | |
| 1046 | CVE-2020-36869 |
|
67.4th | 7.2 | Nagios XI versions before 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edi | |
| 1047 | CVE-2024-49734 |
|
67.4th | 7.5 | This vulnerability allows a Wi-Fi access point to determine what websites a device is visiting throu | |
| 1048 | CVE-2025-30834 |
|
67.4th | 7.5 | A path traversal vulnerability in the Bit Assist WordPress plugin allows attackers to access files o | |
| 1049 | CVE-2024-26006 |
|
67.3th | 7.5 | This vulnerability allows remote unauthenticated attackers to perform cross-site scripting (XSS) att | |
| 1050 | CVE-2025-32672 |
|
67.3th | 8.1 | This vulnerability allows attackers to include and execute arbitrary PHP files on servers running th |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free