Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
1101	CVE-2025-45784	0.36%	57.8th	9.8	D-Link DPH-400S/SE VoIP phones contain hardcoded provisioning credentials in their firmware, allowin
1102	CVE-2025-54576	0.36%	57.8th	9.1	This vulnerability allows attackers to bypass authentication in OAuth2-Proxy by crafting URLs with q
1103	CVE-2025-57567	0.36%	57.8th	9.1	This vulnerability allows authenticated administrator users in PluXml CMS to overwrite the minify.ph
1104	CVE-2025-5600	0.36%	57.7th	9.8	A critical stack-based buffer overflow vulnerability in TOTOLINK EX1200T routers allows remote attac
1105	CVE-2025-50900	0.36%	57.5th	9.8	This vulnerability in rebuild 4.0.4 allows unauthenticated attackers to bypass authentication by man
1106	CVE-2025-46070	0.36%	57.5th	9.8	A critical remote code execution vulnerability in Automai BotManager v25.2.0 allows attackers to exe
1107	CVE-2024-54794	0.36%	57.4th	9.1	CVE-2024-54794 is a command injection vulnerability in SpagoBI 3.5.1 that allows attackers to execut
1108	CVE-2025-26359	0.36%	57.4th	9.8	This vulnerability allows unauthenticated remote attackers to reset user PINs in Q-Free MaxTime syst
1109	CVE-2025-54418	0.36%	57.4th	9.8	This CVE describes a command injection vulnerability in CodeIgniter's ImageMagick handler that allow
1110	CVE-2025-52395	0.36%	57.5th	9.8	This vulnerability allows remote attackers to execute arbitrary code on systems running Roadcute API
1111	CVE-2025-57515	0.36%	57.4th	9.8	A critical SQL injection vulnerability in Uniclare Student Portal v2 allows remote attackers to exec
1112	CVE-2025-63888	0.36%	57.5th	9.8	A remote code execution vulnerability exists in ThinkPHP 5.0.24's template file driver. Attackers ca
1113	CVE-2021-47748	0.36%	57.4th	9.8	CVE-2021-47748 is a critical remote code execution vulnerability in Hasura GraphQL Engine that allow
1114	CVE-2025-37092	0.36%	57.4th	9.8	A command injection vulnerability in HPE StoreOnce Software allows remote attackers to execute arbit
1115	CVE-2025-37089	0.36%	57.4th	9.8	A command injection vulnerability in HPE StoreOnce Software allows remote attackers to execute arbit
1116	CVE-2025-37099	0.35%	57.1th	9.8	A critical remote code execution vulnerability exists in HPE Insight Remote Support (IRS) software d
1117	CVE-2025-67397	0.35%	57.1th	9.1	CVE-2025-67397 is a command injection vulnerability in Passy v1.6.3 that allows authenticated remote
1118	CVE-2025-33025	0.35%	57th	9.9	This vulnerability allows authenticated remote attackers to execute arbitrary code with root privile
1119	CVE-2025-32469	0.35%	57th	9.9	A command injection vulnerability in the web interface ping tool of Siemens RUGGEDCOM ROX devices al
1120	CVE-2025-12493	0.35%	57th	9.8	This vulnerability allows unauthenticated attackers to include and execute arbitrary PHP files on Wo
1121	CVE-2025-14344	0.35%	57th	9.8	This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress servers r
1122	CVE-2025-22785	0.35%	56.9th	9.3	This SQL injection vulnerability in the ComMotion Course Booking System WordPress plugin allows atta
1123	CVE-2025-10134	0.35%	56.9th	9.1	This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress servers r
1124	CVE-2024-13804	0.35%	56.8th	9.8	CVE-2024-13804 is an unauthenticated remote code execution vulnerability in HPE Insight Cluster Mana
1125	CVE-2025-3594	0.35%	56.9th	9.8	A path traversal vulnerability in Liferay Portal and DXP allows remote attackers to write arbitrary
1126	CVE-2025-23310	0.35%	56.8th	9.8	CVE-2025-23310 is a critical stack buffer overflow vulnerability in NVIDIA Triton Inference Server t
1127	CVE-2025-22137	0.35%	56.8th	9.8	CVE-2025-22137 is a critical file overwrite vulnerability in Pingvin Share that allows attackers to
1128	CVE-2024-39272	0.35%	56.8th	9.0	A cross-site scripting vulnerability in ClearML Enterprise Server's dataset upload functionality all
1129	CVE-2025-2859	0.35%	56.8th	9.8	This vulnerability allows attackers with network access to intercept traffic and steal user session
1130	CVE-2025-26010	0.35%	56.8th	9.8	CVE-2025-26010 allows unauthenticated attackers to modify administrator passwords on Telesquare TLR-
1131	CVE-2025-28238	0.35%	56.8th	9.8	This vulnerability allows attackers to hijack active user sessions in Elber REBLE310 devices running
1132	CVE-2025-32648	0.35%	56.8th	9.8	This vulnerability allows attackers to escalate privileges in Projectopia Projectopia, a WordPress p
1133	CVE-2025-31380	0.35%	56.8th	9.8	This vulnerability allows attackers to bypass authentication and reset passwords for any user accoun
1134	CVE-2025-2567	0.35%	56.8th	9.8	This critical vulnerability allows attackers to modify or disable settings in Automated Tank Gauging
1135	CVE-2025-32491	0.35%	56.8th	9.8	This vulnerability allows attackers to escalate privileges in Rankology SEO WordPress plugin, potent
1136	CVE-2025-32695	0.35%	56.8th	9.8	This vulnerability allows attackers to escalate privileges in the Checkout Mestres WP WordPress plug
1137	CVE-2026-1470	0.35%	56.8th	9.9	This critical vulnerability in n8n's workflow Expression evaluation system allows authenticated user
1138	CVE-2024-51919	0.35%	56.6th	9.0	This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites run
1139	CVE-2025-49013	0.35%	56.7th	9.9	This CVE describes a critical code injection vulnerability in WilderForge GitHub Actions workflows w
1140	CVE-2025-11456	0.35%	56.6th	9.8	The ELEX WordPress HelpDesk plugin has a critical vulnerability allowing unauthenticated attackers t
1141	CVE-2025-23391	0.34%	56.6th	9.1	A privilege escalation vulnerability in SUSE Rancher allows Restricted Administrators to change pass
1142	CVE-2025-69828	0.34%	56.5th	10.0	A critical file upload vulnerability in TMS Global Software TMS Management Console allows remote att
1143	CVE-2025-57794	0.34%	56.5th	9.1	Explorance Blue versions before 8.14.9 contain an authenticated unrestricted file upload vulnerabili
1144	CVE-2026-0963	0.34%	56.5th	9.9	An input neutralization vulnerability in Crafty Controller's File Operations API Endpoint allows aut
1145	CVE-2020-36084	0.34%	56.4th	9.8	This SQL injection vulnerability in Responsive E-Learning System 1.0 allows remote attackers to exec
1146	CVE-2023-53980	0.34%	56.5th	9.8	CVE-2023-53980 is a critical remote code execution vulnerability in ProjectSend r1605 that allows at
1147	CVE-2026-22688	0.34%	56.5th	9.9	CVE-2026-22688 is a command injection vulnerability in WeKnora that allows authenticated users to in
1148	CVE-2025-20014	0.34%	56.4th	9.8	CVE-2025-20014 is a critical OS command injection vulnerability in mySCADA myPRO software that allow
1149	CVE-2024-55210	0.34%	56.4th	9.8	This vulnerability allows attackers to bypass multi-factor authentication in TOTVS Framework (Linha
1150	CVE-2025-20156	0.34%	56.4th	9.9	This vulnerability allows authenticated users with low privileges in Cisco Meeting Management to ele

← Previous Page 23 of 70 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free