Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1201 | CVE-2025-32652 |
|
54.6th | 9.9 | This vulnerability allows attackers to upload malicious files to WordPress sites using the Solace Ex | |
| 1202 | CVE-2025-27282 |
|
54.6th | 9.9 | This vulnerability allows attackers to upload malicious files to WordPress sites using the Theme Fil | |
| 1203 | CVE-2025-53693 |
|
54.6th | 9.8 | This vulnerability allows attackers to poison the cache in Sitecore Experience Manager/Platform by e | |
| 1204 | CVE-2025-21547 |
|
54.5th | 9.1 | This vulnerability in Oracle Hospitality OPERA 5 allows unauthenticated attackers with network acces | |
| 1205 | CVE-2025-67073 |
|
54.5th | 9.8 | A buffer overflow vulnerability in Tenda AC10V4.0 routers allows remote attackers to cause denial of | |
| 1206 | CVE-2025-24093 |
|
54.4th | 9.8 | This CVE describes a macOS permissions vulnerability where applications can access removable storage | |
| 1207 | CVE-2025-45146 |
|
54.4th | 9.8 | CVE-2025-45146 is a critical deserialization vulnerability in ModelCache for LLM that allows remote | |
| 1208 | CVE-2025-8853 |
|
54.3th | 9.8 | Official Document Management System by 2100 Technology has an authentication bypass vulnerability th | |
| 1209 | CVE-2025-69983 |
|
54.3th | 9.8 | CVE-2025-69983 is a critical remote code execution vulnerability in FUXA v1.2.7 that allows attacker | |
| 1210 | CVE-2024-57726 |
|
54.3th | 9.9 | SimpleHelp remote support software versions 5.5.7 and earlier contain an authorization vulnerability | |
| 1211 | CVE-2025-68670 |
|
54.2th | 9.1 | CVE-2025-68670 is an unauthenticated stack-based buffer overflow vulnerability in xrdp (open source | |
| 1212 | CVE-2026-25510 |
|
54.2th | 9.9 | This vulnerability allows authenticated users with file editor permissions in CI4MS to achieve remot | |
| 1213 | CVE-2025-43995 |
|
54.1th | 9.8 | CVE-2025-43995 is an authentication bypass vulnerability in Dell Storage Manager that allows unauthe | |
| 1214 | CVE-2025-14879 |
|
54.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Tenda WH450 routers by explo | |
| 1215 | CVE-2025-14709 |
|
54.1th | 9.8 | A buffer overflow vulnerability in the Shiguangwu sgwbox N3 NAS device allows remote attackers to ex | |
| 1216 | CVE-2025-14708 |
|
54.1th | 9.8 | A remote buffer overflow vulnerability exists in Shiguangwu sgwbox N3 devices version 2.0.25 through | |
| 1217 | CVE-2025-8120 |
|
54th | 9.8 | CVE-2025-8120 is an unauthenticated remote code execution vulnerability in PAD CMS's photo upload fu | |
| 1218 | CVE-2025-7063 |
|
54th | 9.8 | CVE-2025-7063 is an unauthenticated remote code execution vulnerability in PAD CMS's file upload fun | |
| 1219 | CVE-2025-26361 |
|
53.9th | 9.1 | CVE-2025-26361 allows unauthenticated remote attackers to factory reset Q-Free MaxTime devices via c | |
| 1220 | CVE-2025-1945 |
|
53.9th | 9.8 | CVE-2025-1945 is a vulnerability in picklescan versions before 0.0.23 that allows attackers to bypas | |
| 1221 | CVE-2025-52913 |
|
54th | 9.8 | An unauthenticated path traversal vulnerability in Mitel MiCollab's NuPoint Unified Messaging compon | |
| 1222 | CVE-2025-36386 |
|
54th | 9.8 | CVE-2025-36386 is an authentication bypass vulnerability in IBM Maximo Application Suite that allows | |
| 1223 | CVE-2025-46581 |
|
53.9th | 9.8 | ZTE's ZXCDN product has a critical Apache Struts vulnerability allowing unauthenticated remote code | |
| 1224 | CVE-2025-59367 |
|
54th | 9.8 | This authentication bypass vulnerability in certain ASUS DSL series routers allows remote attackers | |
| 1225 | CVE-2025-1744 |
|
53.9th | 9.8 | CVE-2025-1744 is an out-of-bounds write vulnerability in radare2 that allows heap-based buffer over- | |
| 1226 | CVE-2024-57061 |
|
53.8th | 9.8 | This vulnerability allows a physically proximate attacker to execute arbitrary code on Termius insta | |
| 1227 | CVE-2025-10226 |
|
53.8th | 9.8 | This vulnerability in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier allows remote attackers to expl | |
| 1228 | CVE-2025-60772 |
|
53.7th | 9.8 | CVE-2025-60772 is an authentication bypass vulnerability in NETLINK HG322G GPON ONT devices that all | |
| 1229 | CVE-2025-34468 |
|
53.7th | 9.8 | A stack-based buffer overflow vulnerability in libcoap allows remote attackers to crash applications | |
| 1230 | CVE-2025-11423 |
|
53.6th | 9.8 | This vulnerability in Tenda CH22 routers allows remote attackers to execute arbitrary code or cause | |
| 1231 | CVE-2025-65669 |
|
53.7th | 9.1 | CVE-2025-65669 is an authorization bypass vulnerability in classroomio 0.1.13 that allows student ac | |
| 1232 | CVE-2025-27507 |
|
53.6th | 9.0 | Zitadel's Admin API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow auth | |
| 1233 | CVE-2025-20265 |
|
53.5th | 10.0 | This critical vulnerability in Cisco Secure Firewall Management Center allows unauthenticated remote | |
| 1234 | CVE-2026-22844 |
|
53.5th | 9.9 | A command injection vulnerability in Zoom Node Multimedia Routers allows meeting participants to exe | |
| 1235 | CVE-2025-26347 |
|
53.4th | 9.8 | This vulnerability allows unauthenticated remote attackers to edit user permissions in Q-Free MaxTim | |
| 1236 | CVE-2025-1393 |
|
53.3th | 9.8 | This vulnerability allows unauthenticated remote attackers to gain full administrative control over | |
| 1237 | CVE-2025-5304 |
|
53.3th | 9.8 | The PT Project Notebooks WordPress plugin versions 1.0.0 through 1.1.3 contain a privilege escalatio | |
| 1238 | CVE-2025-10643 |
|
53.3th | 9.1 | This vulnerability allows remote attackers to bypass authentication in Wondershare Repairit without | |
| 1239 | CVE-2025-47884 |
|
53.2th | 9.1 | This vulnerability in Jenkins OpenID Connect Provider Plugin allows attackers who can configure jobs | |
| 1240 | CVE-2024-8262 |
|
53.2th | 9.8 | This path traversal vulnerability in Proliz Software OBS allows attackers to access files outside th | |
| 1241 | CVE-2025-57105 |
|
53.1th | 9.8 | The DI-7400G+ router contains a command injection vulnerability in its web interface that allows att | |
| 1242 | CVE-2025-27105 |
|
53th | 9.1 | This vulnerability in Vyper smart contract language allows out-of-bounds array access when using aug | |
| 1243 | CVE-2024-41794 |
|
52.9th | 10.0 | SENTRON 7KT PAC1260 Data Manager devices contain hardcoded root credentials that allow unauthenticat | |
| 1244 | CVE-2025-34520 |
|
52.9th | 9.8 | An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthentica | |
| 1245 | CVE-2023-54335 |
|
52.9th | 9.8 | eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login with | |
| 1246 | CVE-2025-47966 |
|
52.6th | 9.8 | This vulnerability in Microsoft Power Automate allows unauthorized attackers to access sensitive inf | |
| 1247 | CVE-2025-40746 |
|
52.6th | 9.1 | This vulnerability in SIMATIC RTLS Locating Manager allows authenticated remote attackers with high | |
| 1248 | CVE-2025-48983 |
|
52.6th | 9.9 | This critical vulnerability in Veeam Backup & Replication's Mount service allows authenticated domai | |
| 1249 | CVE-2025-26344 |
|
52.5th | 9.8 | This vulnerability allows unauthenticated remote attackers to enable passwordless guest mode in Q-Fr | |
| 1250 | CVE-2025-26341 |
|
52.5th | 9.8 | This vulnerability allows unauthenticated remote attackers to reset arbitrary user passwords in Q-Fr |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free