Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
1151	CVE-2024-54449	0.49%	65th	8.8	This vulnerability allows authenticated attackers with document read/write privileges to write arbit
1152	CVE-2024-47571	0.49%	64.9th	8.1	This vulnerability in Fortinet FortiManager allows attackers with valid credentials to gain improper
1153	CVE-2023-51301	0.49%	64.9th	7.5	This vulnerability allows attackers to send unlimited password reset requests for legitimate users i
1154	CVE-2025-24517	0.49%	64.9th	7.5	A client-side authentication vulnerability in CHOCO TEI WATCHER mini (IB-MCT001) allows remote attac
1155	CVE-2025-29803	0.49%	64.9th	7.3	This vulnerability allows an authorized attacker to exploit an uncontrolled search path element in V
1156	CVE-2025-46612	0.49%	64.8th	7.2	This vulnerability allows remote attackers to execute arbitrary commands on Airleader Master and Eas
1157	CVE-2025-27142	0.49%	64.8th	8.8	LocalSend versions before 1.17.0 have a path traversal vulnerability in file upload endpoints that a
1158	CVE-2025-22867	0.49%	64.8th	7.5	This vulnerability allows arbitrary code execution when building Go modules containing CGO on Darwin
1159	CVE-2024-7036	0.49%	64.8th	7.5	An unauthenticated attacker can cause denial-of-service by submitting excessively large text in the
1160	CVE-2025-3431	0.49%	64.8th	7.5	This vulnerability allows unauthenticated attackers to read arbitrary files on WordPress servers run
1161	CVE-2025-3302	0.49%	64.8th	7.2	The Xagio SEO WordPress plugin has a stored XSS vulnerability in all versions up to 7.1.0.16. Unauth
1162	CVE-2025-63406	0.49%	64.8th	8.8	This vulnerability allows remote attackers to execute arbitrary code on GroupOffice installations vi
1163	CVE-2024-11135	0.48%	64.7th	7.5	The Eventer WordPress plugin contains an SQL injection vulnerability that allows unauthenticated att
1164	CVE-2024-13474	0.48%	64.7th	7.5	This SQL injection vulnerability in the LTL Freight Quotes – Purolator Edition WordPress plugin al
1165	CVE-2024-11260	0.48%	64.7th	7.5	This SQL injection vulnerability in the WordPress Events Manager plugin allows unauthenticated attac
1166	CVE-2024-13476	0.48%	64.7th	7.5	This SQL injection vulnerability in the LTL Freight Quotes WordPress plugin allows unauthenticated a
1167	CVE-2024-13534	0.48%	64.7th	7.5	This SQL injection vulnerability in the Small Package Quotes – Worldwide Express Edition WordPress
1168	CVE-2024-13491	0.48%	64.7th	7.5	This SQL injection vulnerability in the Small Package Quotes – For Customers of FedEx WordPress pl
1169	CVE-2024-13480	0.48%	64.7th	7.5	This SQL injection vulnerability in the LTL Freight Quotes WordPress plugin allows unauthenticated a
1170	CVE-2024-13531	0.48%	64.7th	7.5	This SQL injection vulnerability in the ShipEngine Shipping Quotes WordPress plugin allows unauthent
1171	CVE-2024-13490	0.48%	64.7th	7.5	This SQL injection vulnerability in the LTL Freight Quotes – XPO Edition WordPress plugin allows u
1172	CVE-2024-13440	0.48%	64.7th	8.2	The Super Store Finder WordPress plugin contains an SQL injection vulnerability in the 'ssf_wp_user_
1173	CVE-2024-50609	0.48%	64.7th	7.5	CVE-2024-50609 is a NULL pointer dereference vulnerability in Fluent Bit's OpenTelemetry input plugi
1174	CVE-2024-50608	0.48%	64.7th	7.5	CVE-2024-50608 is a NULL pointer dereference vulnerability in Fluent Bit's Prometheus Remote Write i
1175	CVE-2025-2006	0.48%	64.7th	8.8	The Inline Image Upload for BBPress WordPress plugin allows authenticated attackers (Subscriber-leve
1176	CVE-2025-7327	0.48%	64.7th	8.8	The Widget for Google Reviews WordPress plugin contains a directory traversal vulnerability that all
1177	CVE-2025-50349	0.48%	64.6th	7.5	PHPGurukul Pre-School Enrollment System V1.0 contains a directory traversal vulnerability in update-
1178	CVE-2025-9299	0.48%	64.6th	8.8	A stack-based buffer overflow vulnerability in Tenda M3 routers allows remote attackers to execute a
1179	CVE-2024-57176	0.48%	64.6th	7.6	This vulnerability in White-Jotter v0.2.2 allows attackers to bypass access controls via directory t
1180	CVE-2025-2101	0.48%	64.6th	8.1	The Edumall WordPress theme contains a Local File Inclusion vulnerability that allows unauthenticate
1181	CVE-2026-0762	0.48%	64.5th	8.1	This vulnerability allows remote attackers to execute arbitrary code with root privileges on GPT Aca
1182	CVE-2025-3762	0.48%	64.5th	7.3	CVE-2025-3762 is a critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's MPUT command h
1183	CVE-2025-3727	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
1184	CVE-2025-3725	0.48%	64.5th	7.3	A critical buffer overflow vulnerability exists in PCMan FTP Server 2.0.7's MIC command handler, all
1185	CVE-2025-3723	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
1186	CVE-2025-3683	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
1187	CVE-2025-3681	0.48%	64.5th	7.3	CVE-2025-3681 is a critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's MODE command h
1188	CVE-2025-3679	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
1189	CVE-2025-3678	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
1190	CVE-2025-3379	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
1191	CVE-2025-3377	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
1192	CVE-2025-3375	0.48%	64.5th	7.3	CVE-2025-3375 is a critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's CDUP command h
1193	CVE-2025-3373	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
1194	CVE-2025-3372	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
1195	CVE-2025-3349	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
1196	CVE-2021-47757	0.48%	64.5th	8.8	CVE-2021-47757 is an authenticated remote code execution vulnerability in Chikitsa Patient Managemen
1197	CVE-2024-12757	0.48%	64.4th	8.6	CVE-2024-12757 is an authentication bypass vulnerability in Nedap Librix Ecoreader that allows unaut
1198	CVE-2025-43960	0.48%	64.4th	8.6	CVE-2025-43960 is a PHP Object Injection vulnerability in Adminer 4.8.1 when using Monolog for loggi
1199	CVE-2025-24150	0.48%	64.4th	8.8	This vulnerability allows command injection when copying URLs from Web Inspector in affected Apple p
1200	CVE-2025-0593	0.48%	64.4th	8.8	This vulnerability allows remote attackers with low privileges to execute arbitrary shell commands o

← Previous Page 24 of 265 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free