Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1101 | CVE-2024-39790 |
|
80.3th | 9.1 | This vulnerability allows authenticated attackers to bypass permissions and inject configuration par | |
| 1102 | CVE-2024-39788 |
|
80.3th | 9.1 | This vulnerability allows authenticated attackers to bypass permissions and inject malicious configu | |
| 1103 | CVE-2024-34544 |
|
80.3th | 9.1 | This CVE describes a command injection vulnerability in the Wavlink AC3000 router's wireless.cgi Add | |
| 1104 | CVE-2025-1119 |
|
80.2th | 7.3 | This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes throug | |
| 1105 | CVE-2024-10932 |
|
80.2th | 8.8 | The Backup Migration plugin for WordPress is vulnerable to PHP object injection via insecure deseria | |
| 1106 | CVE-2025-56498 |
|
80.2th | 5.3 | An authenticated OS command injection vulnerability in PLDT WiFi Router's Prolink PGN6401V allows at | |
| 1107 | CVE-2024-57392 |
|
80.2th | 7.5 | A buffer overflow vulnerability in ProFTPD allows remote attackers to execute arbitrary code or caus | |
| 1108 | CVE-2026-23746 |
|
80.2th | N/A | This vulnerability allows remote unauthenticated attackers to exploit insecure .NET Remoting in Entr | |
| 1109 | CVE-2024-57025 |
|
80.2th | 6.8 | This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers via the 'desc' p | |
| 1110 | CVE-2024-57023 |
|
80.2th | 6.8 | This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers where an attacke | |
| 1111 | CVE-2026-2131 |
|
80.2th | 6.3 | This vulnerability allows remote attackers to execute arbitrary operating system commands on systems | |
| 1112 | CVE-2026-1066 |
|
80.2th | 6.3 | This vulnerability allows remote attackers to execute arbitrary commands on systems running vulnerab | |
| 1113 | CVE-2024-10190 |
|
80.2th | 9.8 | Horovod versions up to v0.28.1 are vulnerable to unauthenticated remote code execution via malicious | |
| 1114 | CVE-2025-9223 |
|
80.2th | 8.8 | This vulnerability allows authenticated attackers to execute arbitrary commands on ManageEngine Appl | |
| 1115 | CVE-2025-29809 |
|
80.1th | 7.1 | This vulnerability allows an authorized attacker with local access to bypass a security feature in W | |
| 1116 | CVE-2025-51991 |
|
80.1th | 8.8 | This vulnerability allows authenticated administrators in XWiki to inject malicious Apache Velocity | |
| 1117 | CVE-2025-23052 |
|
80.1th | 7.2 | This CVE describes an authenticated command injection vulnerability in a network management service' | |
| 1118 | CVE-2024-47516 |
|
80.1th | 9.8 | This vulnerability in Pagure allows remote code execution through argument injection in Git operatio | |
| 1119 | CVE-2025-56129 |
|
80.1th | 8.8 | This CVE describes an OS command injection vulnerability in Ruijie RG-BCR860 routers that allows att | |
| 1120 | CVE-2025-1676 |
|
80.1th | 6.3 | This critical vulnerability in hzmanyun Education and Training System allows remote attackers to exe | |
| 1121 | CVE-2025-0291 |
|
80.1th | 8.8 | This is a type confusion vulnerability in Chrome's V8 JavaScript engine that allows remote attackers | |
| 1122 | CVE-2025-54574 |
|
80.1th | 9.3 | Squid caching proxy versions 6.3 and below contain a heap buffer overflow vulnerability in URN proce | |
| 1123 | CVE-2025-0394 |
|
80.1th | 8.8 | The Groundhogg WordPress plugin up to version 3.7.3.5 allows authenticated attackers with Author-lev | |
| 1124 | CVE-2025-20654 |
|
80th | 9.8 | This critical vulnerability in MediaTek wlan service allows remote attackers to execute arbitrary co | |
| 1125 | CVE-2025-21178 |
|
80th | 8.8 | This is a heap-based buffer overflow vulnerability in Visual Studio that allows remote code executio | |
| 1126 | CVE-2025-27590 |
|
80th | 9.0 | This vulnerability in oxidized-web allows unauthenticated attackers to execute arbitrary commands as | |
| 1127 | CVE-2025-21342 |
|
80th | 8.8 | This vulnerability in Microsoft Edge (Chromium-based) allows remote attackers to execute arbitrary c | |
| 1128 | CVE-2025-24158 |
|
80th | 6.5 | This CVE describes a memory handling vulnerability in Apple's web content processing that could lead | |
| 1129 | CVE-2024-50660 |
|
79.9th | 9.8 | CVE-2024-50660 is a critical file upload bypass vulnerability in AdPortal 3.0.39 that allows remote | |
| 1130 | CVE-2025-26055 |
|
79.9th | 6.5 | This CVE describes an OS command injection vulnerability in the Infinxt iEdge 100 router's Troublesh | |
| 1131 | CVE-2025-43920 |
|
79.9th | 5.4 | This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands o | |
| 1132 | CVE-2025-20617 |
|
79.9th | 7.2 | This vulnerability allows authenticated attackers with administrative access to execute arbitrary op | |
| 1133 | CVE-2024-10942 |
|
79.9th | 7.5 | The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP object injection vi | |
| 1134 | CVE-2025-26637 |
|
79.9th | 6.8 | This CVE describes a protection mechanism failure in Windows BitLocker that allows unauthorized atta | |
| 1135 | CVE-2025-45931 |
|
79.9th | 9.8 | This critical vulnerability in D-Link DIR-816-A2 routers allows remote attackers to execute arbitrar | |
| 1136 | CVE-2026-0794 |
|
79.9th | 9.8 | CVE-2026-0794 is a use-after-free vulnerability in ALGO 8180 IP Audio Alerter devices that allows re | |
| 1137 | CVE-2026-0770 |
|
79.9th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code as root on Langflow installatio | |
| 1138 | CVE-2025-0215 |
|
79.9th | 6.1 | This vulnerability allows unauthenticated attackers to perform reflected cross-site scripting attack | |
| 1139 | CVE-2024-39757 |
|
79.9th | 9.1 | This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 ro | |
| 1140 | CVE-2024-57520 |
|
79.8th | 9.8 | CVE-2024-57520 is an insecure permissions vulnerability in Asterisk v22 that allows directory traver | |
| 1141 | CVE-2025-2780 |
|
79.8th | 8.8 | The Woffice Core plugin for WordPress has a vulnerability that allows authenticated users with Subsc | |
| 1142 | CVE-2025-2891 |
|
79.8th | 8.8 | The Real Estate 7 WordPress theme allows authenticated attackers with Seller-level access or higher | |
| 1143 | CVE-2025-54074 |
|
79.8th | 9.8 | Cherry Studio desktop client versions 1.2.5 to 1.5.1 are vulnerable to OS command injection when con | |
| 1144 | CVE-2025-69542 |
|
79.8th | 9.8 | A command injection vulnerability in D-Link DIR895LA1 routers allows attackers to execute arbitrary | |
| 1145 | CVE-2025-2805 |
|
79.8th | 7.3 | The ORDER POST WordPress plugin allows unauthenticated attackers to execute arbitrary shortcodes due | |
| 1146 | CVE-2024-9415 |
|
79.8th | 8.8 | A path traversal vulnerability in transformeroptimus/superagi version 0.0.14 allows attackers to upl | |
| 1147 | CVE-2024-6825 |
|
79.8th | 8.8 | This vulnerability in BerriAI/litellm allows remote code execution by exploiting improper input vali | |
| 1148 | CVE-2024-13921 |
|
79.7th | 7.2 | This vulnerability allows authenticated WordPress administrators to inject PHP objects via deseriali | |
| 1149 | CVE-2025-47227 |
|
79.7th | 7.5 | This vulnerability allows unauthenticated attackers to bypass authentication and take over administr | |
| 1150 | CVE-2025-21224 |
|
79.7th | 8.1 | This vulnerability allows remote attackers to execute arbitrary code on Windows systems running the |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free