Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
1201	CVE-2025-10659	1.25%	79th	9.8	CVE-2025-10659 allows unauthenticated attackers to execute arbitrary operating system commands on Te
1202	CVE-2026-0769	1.24%	79th	9.8	This vulnerability allows remote attackers to execute arbitrary Python code on Langflow installation
1203	CVE-2024-12384	1.24%	78.9th	6.1	The Binary MLM Woocommerce WordPress plugin contains a reflected cross-site scripting (XSS) vulnerab
1204	CVE-2025-10327	1.24%	78.9th	6.3	This CVE describes a remote command injection vulnerability in MiczFlor RPi-Jukebox-RFID versions up
1205	CVE-2025-0890	1.24%	78.9th	9.8	This vulnerability involves insecure default credentials for the Telnet function in Zyxel VMG4325-B1
1206	CVE-2025-14707	1.23%	78.9th	9.8	This is a critical command injection vulnerability in Shiguangwu sgwbox N3 version 2.0.25 that allow
1207	CVE-2025-14706	1.23%	78.9th	9.8	This vulnerability allows remote attackers to execute arbitrary commands on Shiguangwu sgwbox N3 dev
1208	CVE-2025-14705	1.23%	78.9th	9.8	This vulnerability allows remote attackers to execute arbitrary commands on Shiguangwu sgwbox N3 NAS
1209	CVE-2025-27797	1.23%	78.9th	9.8	This CVE describes an OS command injection vulnerability in Wi-Fi AP UNIT 'AC-WPS-11ac series' devic
1210	CVE-2026-2184	1.23%	78.9th	7.3	This CVE describes an OS command injection vulnerability in the Great Developers Certificate Generat
1211	CVE-2026-2178	1.23%	78.8th	6.3	This CVE describes a command injection vulnerability in r-huijts xcode-mcp-server that allows remote
1212	CVE-2024-11600	1.23%	78.8th	7.2	This vulnerability allows authenticated WordPress administrators to execute arbitrary code on server
1213	CVE-2024-39602	1.23%	78.8th	9.1	This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 ro
1214	CVE-2025-2749	1.23%	78.8th	7.2	This vulnerability allows authenticated users of Kentico Xperience's Staging Sync Server to upload a
1215	CVE-2025-6393	1.22%	78.8th	8.8	This critical buffer overflow vulnerability in TOTOLINK routers allows remote attackers to execute a
1216	CVE-2025-8266	1.22%	78.8th	6.3	This critical vulnerability in ChanCMS allows remote attackers to execute arbitrary code through des
1217	CVE-2025-21313	1.22%	78.7th	6.5	This vulnerability in Windows Security Account Manager (SAM) allows attackers to cause a denial of s
1218	CVE-2024-50658	1.22%	78.7th	9.8	This CVE describes a Server-Side Template Injection vulnerability in AdPortal 3.0.39 that allows rem
1219	CVE-2024-12366	1.22%	78.7th	9.8	CVE-2024-12366 is a critical prompt injection vulnerability in PandasAI that allows attackers to exe
1220	CVE-2024-48856	1.22%	78.7th	9.8	This critical vulnerability allows unauthenticated attackers to exploit an out-of-bounds write in QN
1221	CVE-2024-57542	1.21%	78.7th	8.8	The Linksys E8450 router firmware contains a command injection vulnerability in the email check func
1222	CVE-2025-11045	1.21%	78.7th	7.3	This vulnerability allows remote attackers to execute arbitrary commands on WAYOS LQ series devices
1223	CVE-2025-21305	1.21%	78.7th	8.8	This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
1224	CVE-2025-21303	1.21%	78.7th	8.8	This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code on
1225	CVE-2025-21302	1.21%	78.7th	8.8	This is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote a
1226	CVE-2025-21248	1.21%	78.7th	8.8	This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
1227	CVE-2025-21246	1.21%	78.7th	8.8	This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
1228	CVE-2025-21245	1.21%	78.7th	8.8	This is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote a
1229	CVE-2025-21239	1.21%	78.7th	8.8	This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
1230	CVE-2025-21238	1.21%	78.7th	8.8	This is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote a
1231	CVE-2025-21237	1.21%	78.7th	8.8	This is a heap-based buffer overflow vulnerability in the Windows Telephony Service that allows remo
1232	CVE-2025-21236	1.21%	78.7th	8.8	This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
1233	CVE-2025-21233	1.21%	78.7th	8.8	This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
1234	CVE-2025-21223	1.21%	78.7th	8.8	This vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code on
1235	CVE-2025-1845	1.21%	78.7th	6.3	This critical vulnerability in ESAFENET DSM 3.1.2 allows remote attackers to execute arbitrary comma
1236	CVE-2026-23515	1.21%	78.7th	9.9	Signal K Server versions before 1.5.0 contain a command injection vulnerability in the set-system-ti
1237	CVE-2025-22630	1.21%	78.7th	9.9	This CVE describes a command injection vulnerability in the WordPress Widget Options plugin that all
1238	CVE-2024-48019	1.21%	78.6th	5.4	This path traversal vulnerability in Apache Doris allows authenticated application administrators to
1239	CVE-2022-45969	1.21%	78.6th	9.8	CVE-2022-45969 is a directory traversal vulnerability in Alist v3.4.0 that allows attackers to acces
1240	CVE-2025-55911	1.21%	78.6th	6.5	This vulnerability in ClipBucket v5.5.2 Build#90 allows remote attackers to execute arbitrary code v
1241	CVE-2024-57522	1.21%	78.6th	6.4	This vulnerability allows attackers to inject malicious scripts into username or name fields during
1242	CVE-2025-21176	1.2%	78.6th	8.8	This vulnerability allows remote code execution in .NET, .NET Framework, and Visual Studio applicati
1243	CVE-2024-42533	1.2%	78.6th	9.8	This SQL injection vulnerability in Convivance StandVoice's authentication module allows remote atta
1244	CVE-2025-10792	1.2%	78.6th	8.8	This CVE describes a remote buffer overflow vulnerability in D-Link DIR-513 A1FW110 routers via the
1245	CVE-2024-28777	1.2%	78.6th	8.8	IBM Cognos Controller and IBM Controller contain an unrestricted deserialization vulnerability that
1246	CVE-2025-4389	1.2%	78.6th	9.8	The Crawlomatic WordPress plugin allows unauthenticated attackers to upload arbitrary files due to m
1247	CVE-2025-21535	1.19%	78.5th	9.8	CVE-2025-21535 is a critical vulnerability in Oracle WebLogic Server that allows unauthenticated att
1248	CVE-2025-21208	1.19%	78.5th	8.8	This vulnerability allows remote attackers to execute arbitrary code on Windows systems running the
1249	CVE-2025-6807	1.19%	78.5th	7.5	This vulnerability allows remote attackers to read sensitive files on Marvell QConvergeConsole insta
1250	CVE-2025-6795	1.19%	78.5th	7.5	This vulnerability allows unauthenticated remote attackers to perform directory traversal attacks on

← Previous Page 25 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free