Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1301 | CVE-2022-40924 |
|
61.8th | 7.2 | CVE-2022-40924 is an arbitrary file upload vulnerability in Zoo Management System v1.0 that allows a | |
| 1302 | CVE-2024-12803 |
|
61.6th | 7.2 | A post-authentication stack-based buffer overflow vulnerability in SonicOS management interface allo | |
| 1303 | CVE-2024-12039 |
|
61.6th | 8.1 | This vulnerability allows unauthenticated attackers to reset passwords for any user, including admin | |
| 1304 | CVE-2025-59156 |
|
61.7th | 8.8 | This vulnerability allows low-privileged users in Coolify to inject malicious Docker Compose directi | |
| 1305 | CVE-2024-12269 |
|
61.6th | 7.5 | This vulnerability allows unauthenticated attackers to download the entire WordPress database throug | |
| 1306 | CVE-2025-31016 |
|
61.6th | 7.5 | This CVE describes a PHP Local File Inclusion vulnerability in the JetWooBuilder WordPress plugin. A | |
| 1307 | CVE-2025-31432 |
|
61.6th | 7.5 | This CVE describes a PHP Local File Inclusion vulnerability in the Pop-Up Chop Chop WordPress plugin | |
| 1308 | CVE-2025-26890 |
|
61.6th | 7.5 | This CVE describes a PHP Local File Inclusion vulnerability in the HUSKY plugin for WordPress. Attac | |
| 1309 | CVE-2025-30890 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1310 | CVE-2025-30871 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper input vali | |
| 1311 | CVE-2025-30831 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1312 | CVE-2025-30829 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper input vali | |
| 1313 | CVE-2025-30820 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper input vali | |
| 1314 | CVE-2025-30814 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1315 | CVE-2025-30785 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through PHP's include/requi | |
| 1316 | CVE-2025-39452 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1317 | CVE-2025-39592 |
|
61.6th | 7.5 | This vulnerability allows attackers to include arbitrary local files on the server through PHP's inc | |
| 1318 | CVE-2025-39584 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper input vali | |
| 1319 | CVE-2025-31014 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through PHP's include/requi | |
| 1320 | CVE-2025-22279 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1321 | CVE-2025-32692 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 1322 | CVE-2025-32159 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1323 | CVE-2025-32156 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper input vali | |
| 1324 | CVE-2025-32154 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1325 | CVE-2025-32152 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1326 | CVE-2025-32150 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1327 | CVE-2025-30782 |
|
61.6th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1328 | CVE-2024-56322 |
|
61.5th | 7.2 | GoCD versions 16.7.0 through 24.4.0 contain an XML External Entity (XXE) injection vulnerability in | |
| 1329 | CVE-2025-22389 |
|
61.5th | 8.0 | This vulnerability in Optimizely EPiServer CMS Core allows attackers to upload malicious files like | |
| 1330 | CVE-2025-23388 |
|
61.4th | 8.2 | A stack-based buffer overflow vulnerability in SUSE Rancher allows attackers to cause denial of serv | |
| 1331 | CVE-2025-54926 |
|
61.4th | 7.2 | This path traversal vulnerability allows authenticated administrators to upload malicious files that | |
| 1332 | CVE-2025-27025 |
|
61.4th | 8.8 | This vulnerability allows unauthenticated attackers to read and write arbitrary files on affected de | |
| 1333 | CVE-2023-53868 |
|
61.4th | 8.8 | CVE-2023-53868 is a remote code execution vulnerability in Coppermine Gallery that allows authentica | |
| 1334 | CVE-2025-24221 |
|
61.4th | 7.5 | This vulnerability allows unauthorized access to sensitive keychain data from iOS backups. Attackers | |
| 1335 | CVE-2024-55553 |
|
61.3th | 7.5 | This vulnerability in FRRouting (FRR) allows attackers to trigger continuous route re-validation by | |
| 1336 | CVE-2025-13562 |
|
61.3th | 7.3 | This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-852 routers b | |
| 1337 | CVE-2024-8176 |
|
61.2th | 7.5 | A stack overflow vulnerability in libexpat allows attackers to cause denial of service or potentiall | |
| 1338 | CVE-2025-0569 |
|
61.2th | 7.5 | This vulnerability allows remote attackers to cause denial-of-service on Sante PACS Server by sendin | |
| 1339 | CVE-2025-5395 |
|
61.2th | 8.8 | The WordPress Automatic Plugin has a vulnerability allowing authenticated attackers with Author-leve | |
| 1340 | CVE-2025-61880 |
|
61.1th | 8.8 | This vulnerability in Infoblox NIOS allows attackers to execute arbitrary code remotely through inse | |
| 1341 | CVE-2025-27610 |
|
61.1th | 7.5 | This vulnerability in Rack's static file serving component allows attackers to bypass directory rest | |
| 1342 | CVE-2025-4462 |
|
61th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK N150RT routers allows remote attackers to execu | |
| 1343 | CVE-2025-58757 |
|
61th | 8.8 | This vulnerability in MONAI's pickle_operations function allows arbitrary code execution through uns | |
| 1344 | CVE-2024-11725 |
|
60.9th | 8.8 | This vulnerability in the SMS Alert Order Notifications WooCommerce plugin allows authenticated atta | |
| 1345 | CVE-2024-50567 |
|
60.9th | 7.2 | This CVE describes an OS command injection vulnerability in Fortinet FortiWeb web application firewa | |
| 1346 | CVE-2025-29784 |
|
60.9th | 7.5 | NamelessMC versions 2.1.4 and earlier have a vulnerability in forum search functionality where the ' | |
| 1347 | CVE-2025-32030 |
|
60.9th | 7.5 | A denial-of-service vulnerability in Apollo Gateway allows attackers to craft GraphQL queries with d | |
| 1348 | CVE-2025-26614 |
|
60.8th | 8.8 | CVE-2025-26614 is a SQL injection vulnerability in WeGIA's deletar_documento.php endpoint that allow | |
| 1349 | CVE-2025-26605 |
|
60.8th | 8.8 | A SQL injection vulnerability in WeGIA's deletar_cargo.php endpoint allows authenticated attackers t | |
| 1350 | CVE-2025-24901 |
|
60.8th | 8.8 | A SQL injection vulnerability in WeGIA's deletar_permissao.php endpoint allows authenticated attacke |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free