Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1151 | CVE-2025-64693 |
|
56.3th | 9.8 | A heap-based buffer overflow vulnerability in MaLion and MaLionCloud's Windows Security Point compon | |
| 1152 | CVE-2025-62691 |
|
56.3th | 9.8 | This critical vulnerability in MaLion and MaLionCloud Security Point for Windows allows remote unaut | |
| 1153 | CVE-2025-30095 |
|
56.3th | 9.0 | This vulnerability allows attackers to conduct man-in-the-middle attacks against SSH connections usi | |
| 1154 | CVE-2025-20674 |
|
56.3th | 9.8 | This vulnerability in MediaTek WLAN AP drivers allows attackers to inject arbitrary packets without | |
| 1155 | CVE-2025-9846 |
|
56.2th | 10.0 | This critical vulnerability in Inka.Net allows attackers to upload malicious files and execute arbit | |
| 1156 | CVE-2025-30223 |
|
56.2th | 9.3 | A Cross-Site Scripting (XSS) vulnerability in Beego's RenderForm() function allows attackers to inje | |
| 1157 | CVE-2025-54381 |
|
56.2th | 9.9 | This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in BentoML's file upload syste | |
| 1158 | CVE-2025-8625 |
|
56.2th | 9.8 | The Copypress Rest API WordPress plugin versions 1.1 to 1.2 contain a critical remote code execution | |
| 1159 | CVE-2025-55729 |
|
56.2th | 10.0 | CVE-2025-55729 is a critical remote code execution vulnerability in XWiki Remote Macros that allows | |
| 1160 | CVE-2024-40765 |
|
56.2th | 9.8 | An integer-based buffer overflow vulnerability in SonicOS IPSec implementation allows remote attacke | |
| 1161 | CVE-2025-27212 |
|
56.1th | 9.8 | This CVE describes an improper input validation vulnerability in UniFi Access devices that allows co | |
| 1162 | CVE-2025-8913 |
|
55.9th | 9.8 | CVE-2025-8913 is a critical Local File Inclusion vulnerability in WellChoose's Organization Portal S | |
| 1163 | CVE-2024-10264 |
|
55.8th | 9.8 | CVE-2024-10264 is an HTTP request smuggling vulnerability in netease-youdao/qanything version 1.4.1 | |
| 1164 | CVE-2025-43843 |
|
55.8th | 9.8 | CVE-2025-43843 is a critical command injection vulnerability in Retrieval-based-Voice-Conversion-Web | |
| 1165 | CVE-2025-56513 |
|
55.9th | 9.8 | NiceHash QuickMiner 6.12.0 performs software updates over unencrypted HTTP without digital signature | |
| 1166 | CVE-2025-66203 |
|
55.9th | 9.9 | StreamVault versions before 251126 contain a remote code execution vulnerability that allows attacke | |
| 1167 | CVE-2025-29631 |
|
55.7th | 9.8 | A critical remote code execution vulnerability in Gardyn 4 allows attackers to execute arbitrary cod | |
| 1168 | CVE-2025-67895 |
|
55.7th | 9.8 | This vulnerability allows authenticated DAG authors in Apache Airflow 2 to perform remote code execu | |
| 1169 | CVE-2025-59468 |
|
55.6th | 9.0 | This vulnerability allows a Backup Administrator with legitimate credentials to execute arbitrary co | |
| 1170 | CVE-2024-24421 |
|
55.5th | 9.8 | A type confusion vulnerability in Magma's NAS message decoding function allows attackers to execute | |
| 1171 | CVE-2024-38292 |
|
55.5th | 9.8 | This vulnerability in Extreme Networks XIQ-SE allows attackers to bypass access controls via path tr | |
| 1172 | CVE-2025-2345 |
|
55.5th | 9.8 | This critical vulnerability in IROAD dash cams allows remote attackers to bypass authorization contr | |
| 1173 | CVE-2025-37103 |
|
55.6th | 9.8 | CVE-2025-37103 is a critical authentication bypass vulnerability in HPE Networking Instant On Access | |
| 1174 | CVE-2025-6544 |
|
55.4th | 9.8 | A critical deserialization vulnerability in h2oai/h2o-3 allows attackers to bypass security checks u | |
| 1175 | CVE-2025-11849 |
|
55.5th | 9.3 | Mammoth document conversion library versions before 1.11.0 are vulnerable to directory traversal att | |
| 1176 | CVE-2025-2523 |
|
55.4th | 9.4 | An integer underflow vulnerability in Honeywell Experion PKS and OneWireless WDM's Control Data Acce | |
| 1177 | CVE-2025-54944 |
|
55.4th | 9.8 | This vulnerability allows remote attackers to upload malicious files to SUNNET Corporate Training Ma | |
| 1178 | CVE-2024-8953 |
|
55.2th | 9.8 | This vulnerability allows remote code execution through the mathematical_calculator endpoint in comp | |
| 1179 | CVE-2022-50593 |
|
55.3th | 9.8 | This vulnerability allows remote attackers to bypass authentication and execute SQL injection via th | |
| 1180 | CVE-2025-25182 |
|
55.1th | 9.4 | This CVE describes an authentication bypass vulnerability in Stroom data platform when configured wi | |
| 1181 | CVE-2025-28231 |
|
55.1th | 9.1 | This vulnerability allows unauthorized attackers to execute arbitrary commands with Administrator pr | |
| 1182 | CVE-2024-57575 |
|
55.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Tenda AC18 routers by exploi | |
| 1183 | CVE-2024-50704 |
|
55th | 10.0 | This is a critical unauthenticated remote code execution vulnerability in Uniguest Tripleplay softwa | |
| 1184 | CVE-2024-57034 |
|
55th | 9.8 | CVE-2024-57034 is a critical SQL injection vulnerability in WeGIA versions before 3.2.0 that allows | |
| 1185 | CVE-2024-57031 |
|
55th | 9.8 | WeGIA versions below 3.2.0 contain a SQL injection vulnerability in the /funcionario/remuneracao.php | |
| 1186 | CVE-2025-25521 |
|
55th | 9.8 | Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_type_news.php that allows | |
| 1187 | CVE-2025-25519 |
|
55th | 9.8 | SeaCMS versions up to 13.3 contain a SQL injection vulnerability in the admin_zyk.php file that allo | |
| 1188 | CVE-2025-25516 |
|
55th | 9.8 | Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_paylog.php that allows att | |
| 1189 | CVE-2025-25513 |
|
55th | 9.8 | Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_members.php that allows at | |
| 1190 | CVE-2025-6704 |
|
55th | 9.8 | This vulnerability allows unauthenticated attackers to write arbitrary files to Sophos Firewall syst | |
| 1191 | CVE-2025-35050 |
|
55th | 9.8 | CVE-2025-35050 is a critical remote code execution vulnerability in Newforma Info Exchange (NIX) tha | |
| 1192 | CVE-2025-63689 |
|
55th | 10.0 | Multiple SQL injection vulnerabilities in the ycf1998 money-pos system allow remote attackers to exe | |
| 1193 | CVE-2024-53591 |
|
54.9th | 9.8 | This vulnerability in Seclore v3.27.5.0 allows attackers to bypass authentication through brute forc | |
| 1194 | CVE-2025-9064 |
|
54.9th | 9.1 | An unauthenticated path traversal vulnerability in FactoryTalk View Machine Edition allows attackers | |
| 1195 | CVE-2025-12548 |
|
54.9th | 9.0 | This vulnerability in Eclipse Che che-machine-exec allows unauthenticated attackers to execute arbit | |
| 1196 | CVE-2025-59470 |
|
54.9th | 9.0 | This vulnerability allows authenticated Backup Operators to execute arbitrary code as the postgres u | |
| 1197 | CVE-2025-27135 |
|
54.8th | 9.8 | CVE-2025-27135 is a critical SQL injection vulnerability in RAGFlow's ExeSQL component that allows a | |
| 1198 | CVE-2025-53867 |
|
54.7th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable v | |
| 1199 | CVE-2025-68271 |
|
54.7th | 10.0 | OpenC3 COSMOS versions 5.0.0 through 6.10.1 contain a critical remote code execution vulnerability i | |
| 1200 | CVE-2025-64093 |
|
54.7th | 10.0 | This is a critical remote code execution vulnerability in Zenitel devices that allows unauthenticate |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free