Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1301 | CVE-2024-12556 |
|
77.9th | 8.7 | This vulnerability allows attackers to exploit prototype pollution in Kibana to achieve code injecti | |
| 1302 | CVE-2025-64444 |
|
77.9th | 7.2 | This OS command injection vulnerability in NCP-HG100 network devices allows authenticated attackers | |
| 1303 | CVE-2025-50756 |
|
77.9th | 9.8 | This CVE describes a command injection vulnerability in Wavlink WN535K3 routers that allows attacker | |
| 1304 | CVE-2025-22953 |
|
77.9th | 9.8 | This is an unauthenticated SQL injection vulnerability in Epicor HCM's JsonFetcher.svc endpoint that | |
| 1305 | CVE-2025-0357 |
|
77.8th | 9.8 | The WPBookit WordPress plugin allows unauthenticated attackers to upload arbitrary files due to insu | |
| 1306 | CVE-2024-13899 |
|
77.8th | 7.2 | The Mambo Importer WordPress plugin is vulnerable to PHP object injection via deserialization of unt | |
| 1307 | CVE-2025-32052 |
|
77.8th | 6.5 | A heap buffer over-read vulnerability exists in libsoup's sniff_unknown() function, which could allo | |
| 1308 | CVE-2025-29813 |
|
77.8th | 10.0 | CVE-2025-29813 is an authentication bypass vulnerability in Azure DevOps that allows attackers to sp | |
| 1309 | CVE-2022-50790 |
|
77.8th | 7.5 | This vulnerability allows unauthenticated remote attackers to access live radio stream information f | |
| 1310 | CVE-2025-0365 |
|
77.8th | 6.5 | The Jupiter X Core WordPress plugin contains a directory traversal vulnerability in its inline SVG f | |
| 1311 | CVE-2021-35942 |
|
77.8th | 9.1 | This vulnerability in glibc's wordexp function allows attackers to cause denial of service or potent | |
| 1312 | CVE-2026-20098 |
|
77.8th | 8.8 | This vulnerability in Cisco Meeting Management allows authenticated attackers with video operator pr | |
| 1313 | CVE-2025-55583 |
|
77.7th | 9.8 | This critical vulnerability allows unauthenticated remote attackers to execute arbitrary operating s | |
| 1314 | CVE-2026-20045 |
|
77.7th | 8.2 | KEV | This critical vulnerability allows unauthenticated remote attackers to execute arbitrary commands on |
| 1315 | CVE-2025-48471 |
|
77.7th | 9.8 | FreeScout versions before 1.8.179 have an unrestricted file upload vulnerability that allows attacke | |
| 1316 | CVE-2021-47667 |
|
77.7th | 10.0 | This CVE describes an unauthenticated remote OS command injection vulnerability in ZendTo file trans | |
| 1317 | CVE-2025-0366 |
|
77.6th | 8.8 | The Jupiter X Core WordPress plugin has a Local File Inclusion vulnerability that leads to Remote Co | |
| 1318 | CVE-2024-13998 |
|
77.6th | 6.5 | Nagios XI versions before 2024R1.1.3 allow authenticated users to access sensitive user account info | |
| 1319 | CVE-2025-6810 |
|
77.6th | 9.8 | This vulnerability in Mescius ActiveReports.NET allows remote attackers to execute arbitrary code by | |
| 1320 | CVE-2025-55144 |
|
77.6th | 5.4 | This CVE describes a missing authorization vulnerability in Ivanti secure access products that allow | |
| 1321 | CVE-2025-34186 |
|
77.6th | 9.8 | This vulnerability allows remote attackers to bypass authentication on Ilevia EVE X1/X5 Server by in | |
| 1322 | CVE-2025-26866 |
|
77.6th | 8.8 | This CVE describes a remote code execution vulnerability in Apache HugeGraph's PD store where a mali | |
| 1323 | CVE-2025-57201 |
|
77.6th | 8.8 | This CVE describes an authenticated command injection vulnerability in AVTECH SECURITY Corporation's | |
| 1324 | CVE-2024-10585 |
|
77.6th | 5.3 | The InfiniteWP Client WordPress plugin contains a path traversal vulnerability that allows unauthent | |
| 1325 | CVE-2025-24993 |
|
77.6th | 7.8 | KEV | A heap-based buffer overflow vulnerability in Windows NTFS allows local attackers to execute arbitra |
| 1326 | CVE-2025-0455 |
|
77.6th | 9.8 | CVE-2025-0455 is a critical SQL injection vulnerability in NetVision Information's airPASS product t | |
| 1327 | CVE-2024-37385 |
|
77.5th | 9.8 | This vulnerability allows remote command injection in Roundcube Webmail on Windows systems through t | |
| 1328 | CVE-2025-15061 |
|
77.5th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Framelink Figma MCP Server i | |
| 1329 | CVE-2024-43649 |
|
77.5th | 8.8 | Authenticated command injection in Iocharger AC charging station firmware allows attackers with low- | |
| 1330 | CVE-2024-13720 |
|
77.5th | 8.8 | The WP Image Uploader WordPress plugin allows unauthenticated attackers to delete arbitrary files on | |
| 1331 | CVE-2025-0105 |
|
77.5th | 9.1 | CVE-2025-0105 is an arbitrary file deletion vulnerability in Palo Alto Networks Expedition that allo | |
| 1332 | CVE-2024-13696 |
|
77.5th | 7.2 | This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress si | |
| 1333 | CVE-2024-10838 |
|
77.5th | 9.1 | CVE-2024-10838 is an integer underflow vulnerability in Eclipse Cyclone DDS during deserialization t | |
| 1334 | CVE-2025-2801 |
|
77.4th | 7.3 | This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes throug | |
| 1335 | CVE-2025-24194 |
|
77.4th | 6.5 | This CVE describes a memory disclosure vulnerability in Apple's web content processing across multip | |
| 1336 | CVE-2025-12000 |
|
77.4th | 6.5 | The WPFunnels WordPress plugin contains an arbitrary file deletion vulnerability that allows authent | |
| 1337 | CVE-2025-0566 |
|
77.4th | 8.8 | A critical stack-based buffer overflow vulnerability in Tenda AC15 routers allows remote attackers t | |
| 1338 | CVE-2024-11974 |
|
77.4th | 6.1 | This vulnerability allows unauthenticated attackers to perform reflected cross-site scripting (XSS) | |
| 1339 | CVE-2025-3546 |
|
77.4th | 8.0 | This critical vulnerability in H3C Magic routers allows authenticated attackers on the local network | |
| 1340 | CVE-2025-3577 |
|
77.4th | 4.9 | This path traversal vulnerability in Zyxel AMG1302-T10B firmware allows authenticated administrators | |
| 1341 | CVE-2025-27038 |
|
77.4th | 7.5 | KEV | This vulnerability allows memory corruption in Chrome's graphics rendering through Adreno GPU driver |
| 1342 | CVE-2024-13492 |
|
77.3th | 6.1 | The Guten Free Options WordPress plugin through version 0.9.5 contains a reflected cross-site script | |
| 1343 | CVE-2024-13557 |
|
77.3th | 6.5 | The Shortcodes by United Themes WordPress plugin allows unauthenticated attackers to execute arbitra | |
| 1344 | CVE-2023-0676 |
|
77.3th | 6.1 | This CVE describes a reflected cross-site scripting (XSS) vulnerability in phpIPAM versions prior to | |
| 1345 | CVE-2025-32363 |
|
77.3th | 9.8 | CVE-2025-32363 is a critical remote code execution vulnerability in mediDOK software versions before | |
| 1346 | CVE-2024-10047 |
|
77.3th | 5.3 | This vulnerability allows attackers to list arbitrary directories on Windows systems running vulnera | |
| 1347 | CVE-2025-48492 |
|
77.3th | 8.8 | This vulnerability allows authenticated users with Edit component access in GetSimple CMS to inject | |
| 1348 | CVE-2026-0772 |
|
77.3th | 7.5 | This vulnerability allows authenticated remote attackers to execute arbitrary code on Langflow insta | |
| 1349 | CVE-2025-3363 |
|
77.3th | 9.8 | CVE-2025-3363 is a critical OS command injection vulnerability in HGiga's iSherlock web service that | |
| 1350 | CVE-2025-3361 |
|
77.3th | 9.8 | CVE-2025-3361 is an unauthenticated OS command injection vulnerability in HGiga iSherlock web servic |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free