Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
1251	CVE-2025-13645	1.19%	78.5th	7.2	The Modula Image Gallery WordPress plugin versions 2.13.1 to 2.13.2 contain an arbitrary file deleti
1252	CVE-2024-9701	1.19%	78.5th	9.8	This CVE describes a critical Remote Code Execution vulnerability in Kedro's ShelveStore class (vers
1253	CVE-2024-13352	1.19%	78.5th	7.1	The Legull WordPress plugin through version 1.2.2 contains a reflected cross-site scripting (XSS) vu
1254	CVE-2025-21623	1.19%	78.4th	7.5	This vulnerability in ClipBucket V5 allows unauthenticated attackers to perform directory traversal
1255	CVE-2024-58275	1.18%	78.4th	N/A	Easywall 0.3.1 contains an authenticated remote command execution vulnerability in the /ports-save e
1256	CVE-2026-0786	1.18%	78.4th	8.8	CVE-2026-0786 is a command injection vulnerability in ALGO 8180 IP Audio Alerter devices that allows
1257	CVE-2024-39782	1.18%	78.4th	9.1	This CVE describes multiple OS command injection vulnerabilities in the Wavlink AC3000 router's web
1258	CVE-2024-51144	1.17%	78.4th	8.8	This CSRF vulnerability in Ampache allows attackers to trick authenticated users into performing uni
1259	CVE-2024-9636	1.17%	78.3th	9.8	The Post Grid and Gutenberg Blocks WordPress plugin allows unauthenticated attackers to register as
1260	CVE-2025-28906	1.17%	78.3th	5.9	This stored cross-site scripting (XSS) vulnerability in the Skitter Slideshow WordPress plugin allow
1261	CVE-2025-30293	1.17%	78.3th	6.8	This CVE describes an Improper Input Validation vulnerability in Adobe ColdFusion that allows high-p
1262	CVE-2025-57285	1.17%	78.3th	9.8	CVE-2025-57285 is a critical command injection vulnerability in codeceptjs 3.7.3 that allows attacke
1263	CVE-2024-11958	1.17%	78.3th	9.8	A critical SQL injection vulnerability in the duckdb_retriever component of run-llama/llama_index al
1264	CVE-2025-25759	1.16%	78.3th	7.5	This vulnerability in SUCMS v1.0 allows attackers to perform directory traversal and delete arbitrar
1265	CVE-2021-47728	1.16%	78.3th	9.8	This vulnerability allows remote attackers to execute arbitrary shell commands on Selea Targa IP OCR
1266	CVE-2025-4851	1.16%	78.3th	6.3	This critical vulnerability in TOTOLINK N300RH routers allows remote attackers to execute arbitrary
1267	CVE-2025-4849	1.16%	78.3th	6.3	This critical vulnerability in TOTOLINK N300RH routers allows remote attackers to execute arbitrary
1268	CVE-2024-24292	1.16%	78.3th	9.8	This CVE describes a Prototype Pollution vulnerability in Aliconnect /sdk version 0.0.6 that allows
1269	CVE-2024-7033	1.16%	78.3th	7.2	This vulnerability allows attackers to write arbitrary files to the server's filesystem by manipulat
1270	CVE-2025-27751	1.16%	78.3th	7.8	A use-after-free vulnerability in Microsoft Office Excel allows attackers to execute arbitrary code
1271	CVE-2024-57728	1.16%	78.2th	7.2	CVE-2024-57728 is a path traversal vulnerability in SimpleHelp remote support software that allows a
1272	CVE-2024-49375	1.16%	78.2th	9.0	CVE-2024-49375 is a critical remote code execution vulnerability in Rasa, an open-source machine lea
1273	CVE-2025-1044	1.16%	78.2th	9.8	This critical authentication bypass vulnerability allows remote attackers to completely bypass authe
1274	CVE-2021-47693	1.16%	78.2th	8.8	This SQL injection vulnerability in Nagios XI's Core Config Manager allows authenticated users to in
1275	CVE-2020-36859	1.16%	78.2th	8.8	This SQL injection vulnerability in Nagios XI's Core Config Manager allows authenticated users to in
1276	CVE-2016-15050	1.16%	78.2th	8.8	Nagios XI versions before 5.2.4 contain a SQL injection vulnerability in the notification search fea
1277	CVE-2012-10063	1.16%	78.2th	9.8	This SQL injection vulnerability in Nagios XI's legacy Core Configuration Manager allows authenticat
1278	CVE-2025-60962	1.16%	78.2th	8.2	This CVE describes an OS command injection vulnerability in EndRun Technologies Sonoma D12 Network T
1279	CVE-2025-60959	1.16%	78.2th	8.2	This CVE describes an OS command injection vulnerability in EndRun Technologies Sonoma D12 Network T
1280	CVE-2025-7441	1.16%	78.2th	9.8	The StoryChief WordPress plugin has an unauthenticated arbitrary file upload vulnerability in its RE
1281	CVE-2025-14155	1.15%	78.2th	5.3	This vulnerability allows unauthenticated attackers to view private, draft, and pending Elementor te
1282	CVE-2024-13094	1.15%	78.1th	7.1	This vulnerability allows attackers to inject malicious scripts into WordPress admin pages via unsan
1283	CVE-2024-13815	1.15%	78.1th	6.5	The Listingo WordPress theme allows unauthenticated attackers to execute arbitrary shortcodes due to
1284	CVE-2025-58429	1.15%	78.1th	7.5	An unauthenticated remote attacker can exploit a relative path traversal vulnerability in Productivi
1285	CVE-2024-8958	1.15%	78.1th	9.8	This vulnerability allows attackers to read and write arbitrary files on servers running composiohq/
1286	CVE-2025-59834	1.15%	78.1th	9.8	CVE-2025-59834 is a command injection vulnerability in ADB MCP Server versions 0.1.0 and earlier tha
1287	CVE-2025-6439	1.14%	78.1th	9.8	This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress servers r
1288	CVE-2025-7526	1.14%	78.1th	9.8	This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress servers r
1289	CVE-2025-10090	1.14%	78.1th	7.3	This CVE describes a SQL injection vulnerability in Jinher OA software up to version 1.2, specifical
1290	CVE-2025-1771	1.14%	78th	9.8	This vulnerability in the Traveler WordPress theme allows unauthenticated attackers to include and e
1291	CVE-2025-3328	1.14%	78th	8.8	A critical buffer overflow vulnerability in Tenda AC1206 routers allows remote attackers to execute
1292	CVE-2025-27737	1.14%	78th	8.6	This vulnerability allows a local attacker to bypass Windows Security Zone Mapping through improper
1293	CVE-2023-37032	1.13%	78th	7.5	A stack-based buffer overflow vulnerability in Magma's Mobile Management Entity (MME) allows remote
1294	CVE-2025-24962	1.13%	78th	8.8	CVE-2025-24962 is a command injection vulnerability in reNgine's nmap_cmd parameter that allows auth
1295	CVE-2025-29386	1.13%	78th	9.8	This vulnerability allows remote attackers to execute arbitrary code on Tenda AC9 routers by exploit
1296	CVE-2022-2421	1.13%	78th	10.0	CVE-2022-2421 is a critical vulnerability in the Socket.io JavaScript library that allows attackers
1297	CVE-2025-4350	1.13%	78th	8.8	A critical command injection vulnerability in D-Link DIR-600L routers allows remote attackers to exe
1298	CVE-2025-32434	1.13%	77.9th	9.8	A critical Remote Command Execution vulnerability exists in PyTorch when loading models with torch.l
1299	CVE-2025-0818	1.13%	77.9th	6.5	This CVE describes a directory traversal vulnerability in elFinder versions 2.1.64 and prior when us
1300	CVE-2025-7696	1.12%	77.9th	9.8	This vulnerability allows unauthenticated attackers to perform PHP object injection through the Inte

← Previous Page 26 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free