Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
1201	CVE-2025-14850	0.48%	64.4th	8.1	Advantech WebAccess/SCADA is vulnerable to directory traversal that allows attackers to delete arbit
1202	CVE-2025-32158	0.48%	64.3th	7.5	This vulnerability allows attackers to include arbitrary PHP files from remote servers in the aTheme
1203	CVE-2025-21177	0.48%	64.3th	8.7	This Server-Side Request Forgery vulnerability in Microsoft Dynamics 365 Sales allows authenticated
1204	CVE-2025-11673	0.48%	64.2th	7.2	SOOP-CLM software from PiExtract contains hidden functionality that privileged remote attackers can
1205	CVE-2024-57660	0.47%	64.2th	7.5	A SQL injection vulnerability in the sqlo_expand_jts component of OpenLink Virtuoso Open Source allo
1206	CVE-2024-52006	0.47%	64.1th	7.5	This vulnerability allows attackers to inject malicious commands into Git credential helpers by expl
1207	CVE-2025-56083	0.47%	64.1th	8.8	This CVE describes an OS command injection vulnerability in Ruijie X30-PRO routers that allows attac
1208	CVE-2025-1059	0.47%	64th	7.5	A resource allocation vulnerability in Schneider Electric devices allows attackers to send malicious
1209	CVE-2025-32581	0.47%	64th	7.1	This stored cross-site scripting (XSS) vulnerability in the WordPress Spam Blocker plugin allows att
1210	CVE-2025-64424	0.47%	64th	8.8	A command injection vulnerability in Coolify allows low-privileged users (members) to execute arbitr
1211	CVE-2025-21601	0.47%	64th	7.5	An unauthenticated attacker can send specially crafted network traffic to Juniper devices to cause C
1212	CVE-2025-64764	0.47%	64th	7.1	A reflected cross-site scripting (XSS) vulnerability exists in Astro web framework when using server
1213	CVE-2025-53477	0.47%	64th	7.5	A NULL pointer dereference vulnerability in Apache NimBLE's Bluetooth stack occurs when HCI connecti
1214	CVE-2025-21397	0.47%	63.9th	7.8	This vulnerability allows remote code execution through specially crafted Microsoft Office documents
1215	CVE-2025-21394	0.47%	63.9th	7.8	This vulnerability allows remote code execution through specially crafted Excel files. Attackers cou
1216	CVE-2025-21381	0.47%	63.9th	7.8	Microsoft Excel contains a remote code execution vulnerability that allows attackers to execute arbi
1217	CVE-2024-9639	0.47%	63.9th	8.0	This vulnerability allows remote code execution if an attacker obtains session administrator credent
1218	CVE-2025-34231	0.47%	63.9th	8.6	This CVE describes an unauthenticated server-side request forgery (SSRF) vulnerability in Vasion Pri
1219	CVE-2025-36072	0.47%	63.9th	8.8	This vulnerability in IBM webMethods Integration allows authenticated users to execute arbitrary cod
1220	CVE-2024-50631	0.47%	63.9th	7.5	This SQL injection vulnerability in Synology Drive Server's system syncing daemon allows remote atta
1221	CVE-2023-42970	0.47%	63.9th	8.8	This CVE describes a use-after-free vulnerability in Apple's WebKit browser engine that could allow
1222	CVE-2025-41714	0.47%	63.9th	8.8	This vulnerability allows authenticated attackers to perform path traversal attacks via the 'Upload-
1223	CVE-2025-65897	0.47%	63.9th	8.8	This vulnerability in zdh_web allows authenticated users to upload arbitrary files to any location o
1224	CVE-2025-30160	0.47%	63.9th	7.5	Redlib versions before 0.36.0 contain a vulnerability where attackers can cause denial-of-service by
1225	CVE-2026-21893	0.47%	63.9th	7.2	A command injection vulnerability in n8n's community package installation functionality allows authe
1226	CVE-2025-24126	0.47%	63.8th	7.3	This CVE describes an input validation vulnerability in multiple Apple operating systems that could
1227	CVE-2024-12805	0.46%	63.8th	7.2	A post-authentication format string vulnerability in SonicOS management interface allows authenticat
1228	CVE-2025-29975	0.46%	63.7th	7.8	This vulnerability allows an authorized attacker to exploit improper link resolution in Microsoft PC
1229	CVE-2025-34280	0.46%	63.7th	7.2	This vulnerability allows authenticated administrators in Nagios Network Analyzer to execute arbitra
1230	CVE-2025-10051	0.46%	63.8th	7.2	The Demo Import Kit WordPress plugin allows authenticated attackers with Administrator privileges to
1231	CVE-2024-48013	0.46%	63.7th	8.8	Dell SmartFabric OS10 Software contains an execution with unnecessary privileges vulnerability that
1232	CVE-2025-32953	0.46%	63.6th	8.7	This vulnerability in z80pack's GitHub Actions workflow exposes the repository's GITHUB_TOKEN in pub
1233	CVE-2025-23121	0.46%	63.6th	8.8	This vulnerability allows authenticated domain users to execute arbitrary code on Veeam Backup Serve
1234	CVE-2022-50792	0.46%	63.6th	7.5	This vulnerability allows remote attackers to read arbitrary files on SOUND4 IMPACT/FIRST/PULSE/Eco
1235	CVE-2025-30211	0.46%	63.5th	7.5	This vulnerability in Erlang/OTP allows attackers to cause denial of service through memory exhausti
1236	CVE-2025-2558	0.46%	63.5th	8.6	CVE-2025-2558 is a Local File Inclusion vulnerability in The-wound WordPress theme that allows unaut
1237	CVE-2025-21434	0.45%	63.3th	7.5	This vulnerability allows a denial-of-service (DoS) condition in Wi-Fi systems when parsing EHT (Ext
1238	CVE-2024-55605	0.45%	63.3th	7.5	This vulnerability in Suricata allows attackers to cause a denial-of-service by sending specially cr
1239	CVE-2025-68155	0.45%	63.3th	7.5	This vulnerability in @vitejs/plugin-rsc allows unauthenticated attackers to read arbitrary files ac
1240	CVE-2025-1361	0.45%	63.2th	7.5	The IP2Location Country Blocker WordPress plugin exposes sensitive configuration settings to unauthe
1241	CVE-2025-31129	0.45%	63.2th	8.8	This vulnerability in Jooby's pac4j SessionStoreImpl module allows remote code execution through ins
1242	CVE-2026-0796	0.45%	63.2th	8.8	This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALG
1243	CVE-2024-55590	0.45%	63.1th	8.8	This vulnerability allows authenticated attackers with read-only admin permissions and CLI access to
1244	CVE-2025-3054	0.45%	63.2th	8.8	The WP User Frontend Pro plugin for WordPress has a vulnerability that allows authenticated attacker
1245	CVE-2025-12824	0.45%	63.1th	8.8	The Player Leaderboard WordPress plugin contains a Local File Inclusion vulnerability that allows au
1246	CVE-2025-1717	0.45%	63.1th	8.1	The Login Me Now WordPress plugin versions up to 1.7.2 contain an authentication bypass vulnerabilit
1247	CVE-2025-4561	0.45%	63.1th	8.8	CVE-2025-4561 is an arbitrary file upload vulnerability in KFOX from KingFor that allows authenticat
1248	CVE-2025-6337	0.45%	63.1th	8.8	A critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers allows remote attack
1249	CVE-2025-5503	0.45%	63th	8.8	This critical vulnerability in TOTOLINK X15 routers allows remote attackers to execute arbitrary cod
1250	CVE-2026-22241	0.45%	63.1th	7.2	CVE-2026-22241 is an arbitrary file upload vulnerability in Open eClass (formerly GUnet eClass) that

← Previous Page 25 of 265 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free