Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1251 | CVE-2025-29420 |
|
63th | 7.5 | PerfreeBlog v4.0.11 contains a directory traversal vulnerability in the getThemeFilesByName function | |
| 1252 | CVE-2025-6445 |
|
63th | 8.1 | ServiceStack's FindType method contains a directory traversal vulnerability that allows remote attac | |
| 1253 | CVE-2024-13408 |
|
62.8th | 7.5 | This vulnerability allows authenticated WordPress users with Contributor-level access or higher to i | |
| 1254 | CVE-2025-9363 |
|
62.8th | 8.8 | A stack-based buffer overflow vulnerability in Linksys RE series range extenders allows remote attac | |
| 1255 | CVE-2025-4142 |
|
62.8th | 8.8 | A critical buffer overflow vulnerability in Netgear EX6200 wireless extenders allows remote attacker | |
| 1256 | CVE-2025-4140 |
|
62.8th | 8.8 | A critical buffer overflow vulnerability in Netgear EX6120 WiFi extender firmware allows remote atta | |
| 1257 | CVE-2025-41699 |
|
62.8th | 8.8 | This vulnerability allows a low-privileged remote attacker with web management access to inject and | |
| 1258 | CVE-2025-12491 |
|
62.8th | 7.5 | This vulnerability allows unauthenticated remote attackers to retrieve sensitive information from Se | |
| 1259 | CVE-2024-49352 |
|
62.7th | 7.1 | IBM Cognos Analytics is vulnerable to XML External Entity Injection (XXE), allowing attackers to rea | |
| 1260 | CVE-2025-2106 |
|
62.7th | 7.5 | This SQL injection vulnerability in the ArielBrailovsky-ViralAd WordPress plugin allows unauthentica | |
| 1261 | CVE-2025-15472 |
|
62.6th | 7.2 | This vulnerability allows remote attackers to execute arbitrary operating system commands on TRENDne | |
| 1262 | CVE-2025-0447 |
|
62.6th | 8.8 | This vulnerability in Google Chrome's navigation implementation allows attackers to escalate privile | |
| 1263 | CVE-2025-0443 |
|
62.6th | 8.8 | This vulnerability in Google Chrome extensions allows attackers to escalate privileges by tricking u | |
| 1264 | CVE-2025-23239 |
|
62.6th | 8.7 | An authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpo | |
| 1265 | CVE-2024-13593 |
|
62.6th | 7.5 | The BMLT Meeting Map WordPress plugin has a Local File Inclusion vulnerability that allows authentic | |
| 1266 | CVE-2025-4299 |
|
62.5th | 8.8 | A critical buffer overflow vulnerability in Tenda AC1206 routers allows remote attackers to execute | |
| 1267 | CVE-2025-35027 |
|
62.6th | 7.3 | This CVE describes a command injection vulnerability in Unitree robotic products that allows attacke | |
| 1268 | CVE-2024-13409 |
|
62.5th | 7.5 | This vulnerability allows authenticated WordPress users with Contributor-level access or higher to p | |
| 1269 | CVE-2025-20146 |
|
62.5th | 8.6 | An unauthenticated remote attacker can cause denial of service on affected Cisco routers by sending | |
| 1270 | CVE-2025-24320 |
|
62.4th | 8.0 | A stored XSS vulnerability in BIG-IP Configuration utility allows attackers to execute JavaScript in | |
| 1271 | CVE-2025-29484 |
|
62.4th | 7.5 | CVE-2025-29484 is an out-of-memory vulnerability in libming's parseABC_NS_SET_INFO function that all | |
| 1272 | CVE-2025-4120 |
|
62.4th | 8.8 | A critical buffer overflow vulnerability in Netgear JWNR2000v2 routers allows remote attackers to ex | |
| 1273 | CVE-2025-29516 |
|
62.4th | 7.2 | This CVE describes a command injection vulnerability in D-Link DSL-7740C routers that allows attacke | |
| 1274 | CVE-2024-10628 |
|
62.3th | 7.5 | This SQL injection vulnerability in Quiz Maker WordPress plugins allows unauthenticated attackers to | |
| 1275 | CVE-2025-24019 |
|
62.3th | 7.1 | This vulnerability in YesWiki allows any authenticated user to delete arbitrary files owned by the P | |
| 1276 | CVE-2025-4317 |
|
62.3th | 8.8 | The TheGem WordPress theme has an arbitrary file upload vulnerability in all versions up to 5.10.3. | |
| 1277 | CVE-2025-31103 |
|
62.2th | 7.5 | CVE-2025-31103 is an untrusted data deserialization vulnerability in a-blog cms that allows attacker | |
| 1278 | CVE-2025-68454 |
|
62.1th | 8.8 | This vulnerability allows authenticated remote code execution in Craft CMS via Twig Server-Side Temp | |
| 1279 | CVE-2025-0975 |
|
62.1th | 8.8 | CVE-2025-0975 is an improper input validation vulnerability in IBM MQ console that allows authentica | |
| 1280 | CVE-2025-30716 |
|
62.1th | 7.5 | This vulnerability in Oracle E-Business Suite's CRM User Management Framework allows unauthenticated | |
| 1281 | CVE-2025-30708 |
|
62.1th | 7.5 | This vulnerability in Oracle E-Business Suite's User Management component allows unauthenticated att | |
| 1282 | CVE-2025-6463 |
|
62.1th | 8.8 | The Forminator WordPress plugin has a critical vulnerability that allows unauthenticated attackers t | |
| 1283 | CVE-2025-66213 |
|
62th | 8.8 | CVE-2025-66213 is an authenticated command injection vulnerability in Coolify's File Storage Directo | |
| 1284 | CVE-2025-66212 |
|
62th | 8.8 | Coolify versions before 4.0.0-beta.451 contain an authenticated command injection vulnerability in D | |
| 1285 | CVE-2025-55298 |
|
62th | 7.5 | A format string vulnerability in ImageMagick's InterpretImageFilename function allows attackers to o | |
| 1286 | CVE-2025-10747 |
|
62th | 7.2 | The WP-DownloadManager WordPress plugin allows authenticated administrators to upload arbitrary file | |
| 1287 | CVE-2025-27111 |
|
62th | 7.5 | CVE-2025-27111 is a log injection vulnerability in Rack's Sendfile middleware that allows attackers | |
| 1288 | CVE-2025-4830 |
|
62th | 8.8 | This critical vulnerability in TOTOLINK routers allows remote attackers to execute arbitrary code vi | |
| 1289 | CVE-2025-4827 |
|
62th | 8.8 | This critical buffer overflow vulnerability in TOTOLINK routers allows remote attackers to execute a | |
| 1290 | CVE-2025-4825 |
|
62th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK routers allows remote attackers to execute arbi | |
| 1291 | CVE-2025-4823 |
|
62th | 8.8 | This critical buffer overflow vulnerability in TOTOLINK routers allows remote attackers to execute a | |
| 1292 | CVE-2025-4733 |
|
62th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers allows remote attack | |
| 1293 | CVE-2025-4730 |
|
62th | 8.8 | This critical buffer overflow vulnerability in TOTOLINK A3002R/A3002RU routers allows remote attacke | |
| 1294 | CVE-2025-5905 |
|
62th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK T10 routers allows remote attackers to execute | |
| 1295 | CVE-2025-5903 |
|
62th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK T10 routers allows remote attackers to execute | |
| 1296 | CVE-2025-5902 |
|
62th | 8.8 | This critical vulnerability in TOTOLINK T10 routers allows remote attackers to execute arbitrary cod | |
| 1297 | CVE-2025-5792 |
|
62th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK EX1200T routers allows remote attackers to exec | |
| 1298 | CVE-2025-6744 |
|
62th | 7.3 | The Woodmart WordPress theme allows unauthenticated attackers to execute arbitrary shortcodes due to | |
| 1299 | CVE-2024-58282 |
|
62th | 7.2 | Serendipity 2.5.0 contains a remote code execution vulnerability where authenticated administrators | |
| 1300 | CVE-2021-47778 |
|
61.9th | 7.2 | CVE-2021-47778 is a PHP code injection vulnerability in GetSimple CMS My SMTP Contact Plugin 1.1.2 t |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free