Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1051 | CVE-2025-32663 |
|
67.3th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1052 | CVE-2025-32654 |
|
67.3th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1053 | CVE-2025-32627 |
|
67.3th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1054 | CVE-2025-31040 |
|
67.3th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1055 | CVE-2025-32668 |
|
67.3th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1056 | CVE-2025-30870 |
|
67.3th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1057 | CVE-2025-30849 |
|
67.3th | 8.1 | This vulnerability allows attackers to include local files on the server through PHP's include/requi | |
| 1058 | CVE-2025-47901 |
|
67.3th | 8.8 | This CVE describes an OS command injection vulnerability in Microchip Time Provider 4100 devices tha | |
| 1059 | CVE-2025-66217 |
|
67.3th | 7.5 | An integer underflow vulnerability in AIS-catcher's MQTT parsing allows attackers to trigger heap bu | |
| 1060 | CVE-2025-21405 |
|
67.2th | 7.3 | This CVE describes an elevation of privilege vulnerability in Visual Studio that allows authenticate | |
| 1061 | CVE-2024-55628 |
|
67.2th | 7.5 | This vulnerability in Suricata allows attackers to send specially crafted DNS messages with compress | |
| 1062 | CVE-2024-54007 |
|
67.1th | 7.2 | Authenticated command injection vulnerabilities in HPE 501 Wireless Client Bridge web interface allo | |
| 1063 | CVE-2025-24053 |
|
67.1th | 7.2 | CVE-2025-24053 is an improper authentication vulnerability in Microsoft Dataverse that allows authen | |
| 1064 | CVE-2024-3884 |
|
67.1th | 7.5 | This vulnerability in Undertow allows remote attackers to cause denial of service by sending special | |
| 1065 | CVE-2024-10383 |
|
67.1th | 8.7 | This vulnerability allows cross-site scripting (XSS) attacks when loading .ipynb files in GitLab's w | |
| 1066 | CVE-2025-9527 |
|
67.1th | 8.8 | A remote stack-based buffer overflow vulnerability exists in the Linksys E1700 router's QoS configur | |
| 1067 | CVE-2025-3544 |
|
67th | 8.0 | This critical vulnerability in H3C Magic routers allows authenticated attackers on the local network | |
| 1068 | CVE-2025-3542 |
|
67th | 8.0 | This critical vulnerability allows remote attackers to execute arbitrary commands on affected H3C Ma | |
| 1069 | CVE-2025-3540 |
|
67th | 8.0 | This critical vulnerability in H3C Magic routers allows attackers to execute arbitrary commands via | |
| 1070 | CVE-2024-12315 |
|
67th | 7.5 | This vulnerability allows unauthenticated attackers to access sensitive exported data files stored i | |
| 1071 | CVE-2025-6691 |
|
67th | 8.1 | The SureForms WordPress plugin has an arbitrary file deletion vulnerability that allows unauthentica | |
| 1072 | CVE-2025-21387 |
|
66.9th | 7.8 | This vulnerability allows remote attackers to execute arbitrary code on affected systems by tricking | |
| 1073 | CVE-2025-21331 |
|
66.9th | 7.3 | This Windows Installer vulnerability allows attackers to elevate privileges on affected systems by e | |
| 1074 | CVE-2025-32869 |
|
66.9th | 8.8 | An SQL injection vulnerability in TeleControl Server Basic allows authenticated remote attackers to | |
| 1075 | CVE-2025-68274 |
|
66.9th | 7.5 | A nil pointer dereference vulnerability in SIPGO library's NewResponseFromRequest function allows re | |
| 1076 | CVE-2025-32380 |
|
66.8th | 7.5 | A denial-of-service vulnerability in Apollo Router Core allows attackers to craft GraphQL queries wi | |
| 1077 | CVE-2025-24129 |
|
66.7th | 7.5 | A type confusion vulnerability in Apple operating systems allows remote attackers to cause unexpecte | |
| 1078 | CVE-2025-30706 |
|
66.8th | 7.5 | This vulnerability in Oracle MySQL Connector/J allows attackers with low privileges and network acce | |
| 1079 | CVE-2025-13282 |
|
66.8th | 8.1 | TenderDocTransfer software from Chunghwa Telecom has two critical vulnerabilities: lack of CSRF prot | |
| 1080 | CVE-2024-12215 |
|
66.7th | 8.8 | This vulnerability in kedro 0.19.8 allows remote code execution when users download micro packages v | |
| 1081 | CVE-2025-26634 |
|
66.7th | 7.5 | This vulnerability is a heap-based buffer overflow in Windows Core Messaging that allows an authenti | |
| 1082 | CVE-2025-67172 |
|
66.7th | 7.2 | RiteCMS v3.1.0 contains an authenticated remote code execution vulnerability in the parse_special_ta | |
| 1083 | CVE-2025-2359 |
|
66.6th | 7.3 | This critical vulnerability in D-Link DIR-823G routers allows attackers to bypass authorization cont | |
| 1084 | CVE-2025-24045 |
|
66.6th | 8.1 | This vulnerability in Windows Remote Desktop Services allows attackers to access sensitive data stor | |
| 1085 | CVE-2025-13442 |
|
66.6th | 7.3 | This CVE describes a command injection vulnerability in UTT θΏε 750W devices up to version 3.2.2- | |
| 1086 | CVE-2024-12278 |
|
66.6th | 7.2 | The Booster for WooCommerce WordPress plugin has a stored cross-site scripting (XSS) vulnerability t | |
| 1087 | CVE-2026-22227 |
|
66.5th | 7.2 | A command injection vulnerability in TP-Link Archer BE230 routers allows authenticated attackers to | |
| 1088 | CVE-2026-22225 |
|
66.5th | 7.2 | This CVE describes a command injection vulnerability in the Archer BE230 router's VPN Connection Ser | |
| 1089 | CVE-2026-22224 |
|
66.5th | 7.2 | This CVE describes an authenticated command injection vulnerability in TP-Link Archer BE230 routers. | |
| 1090 | CVE-2026-22226 |
|
66.5th | 7.2 | This CVE describes a command injection vulnerability in TP-Link Archer BE230 routers that allows aut | |
| 1091 | CVE-2025-1240 |
|
66.5th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on affected WinZip installation | |
| 1092 | CVE-2024-11039 |
|
66.5th | 8.8 | This vulnerability allows remote attackers to execute arbitrary commands on systems running vulnerab | |
| 1093 | CVE-2025-49730 |
|
66.5th | 7.8 | A Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in Microsoft Windows QoS scheduler | |
| 1094 | CVE-2025-62199 |
|
66.5th | 7.8 | CVE-2025-62199 is a use-after-free vulnerability in Microsoft Office that allows an attacker to exec | |
| 1095 | CVE-2025-21382 |
|
66.4th | 7.8 | This vulnerability in the Windows Graphics Component allows attackers to escalate privileges on affe | |
| 1096 | CVE-2025-34469 |
|
66.5th | 7.5 | Cowrie honeypot versions before 2.9.0 contain a server-side request forgery vulnerability in the emu | |
| 1097 | CVE-2025-21172 |
|
66.4th | 7.5 | This CVE describes a heap-based buffer overflow vulnerability in .NET and Visual Studio that could a | |
| 1098 | CVE-2025-1513 |
|
66.3th | 7.2 | This stored XSS vulnerability in the Contest Gallery WordPress plugin allows unauthenticated attacke | |
| 1099 | CVE-2025-0521 |
|
66.3th | 7.2 | The Post SMTP WordPress plugin has a stored cross-site scripting vulnerability that allows unauthent | |
| 1100 | CVE-2024-13704 |
|
66.3th | 7.2 | The Super Testimonials WordPress plugin has a stored XSS vulnerability in the 'st_user_title' parame |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation β making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free