Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
1351	CVE-2025-28059	1.06%	77.3th	7.5		This vulnerability allows deleted users in Nagios Network Analyzer to maintain access to restricted
1352	CVE-2025-14501	1.06%	77.2th	7.5		This vulnerability allows remote attackers to crash Sante PACS Server by sending specially crafted H
1353	CVE-2025-22946	1.06%	77.2th	9.8		This CVE describes a stack overflow vulnerability in Tenda AC9 v1.0 routers that allows remote attac
1354	CVE-2025-56123	1.06%	77.2th	8.8		This CVE describes an OS command injection vulnerability in Ruijie RG-EW1200G PRO wireless access po
1355	CVE-2025-56122	1.06%	77.2th	8.8		This CVE describes an OS command injection vulnerability in Ruijie RG-EW1800GX PRO wireless access p
1356	CVE-2025-56120	1.06%	77.2th	8.8		This CVE describes an OS command injection vulnerability in Ruijie X60 PRO routers that allows attac
1357	CVE-2025-56118	1.06%	77.2th	8.8		This CVE describes an OS command injection vulnerability in Ruijie X60 PRO routers that allows attac
1358	CVE-2025-56114	1.06%	77.2th	8.8		This CVE describes an OS command injection vulnerability in Ruijie M18 routers that allows attackers
1359	CVE-2024-40673	1.06%	77.2th	6.5		This vulnerability in Android's ZipFile.java allows attackers to execute arbitrary code by manipulat
1360	CVE-2024-58298	1.06%	77.2th	N/A		Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that a
1361	CVE-2015-2079	1.05%	77.2th	9.9		This vulnerability allows remote attackers to execute arbitrary code on Usermin servers by exploitin
1362	CVE-2022-33186	1.05%	77.2th	9.8		This critical vulnerability in Brocade Fabric OS allows remote unauthenticated attackers to execute
1363	CVE-2025-0956	1.05%	77.2th	8.1		This CVE describes a PHP object injection vulnerability in the WooCommerce Recover Abandoned Cart Wo
1364	CVE-2024-55063	1.05%	77.2th	8.8		Multiple code injection vulnerabilities in EasyVirt DC NetScope allow remote authenticated attackers
1365	CVE-2025-66474	1.05%	77.2th	8.8		CVE-2025-66474 is an HTML injection vulnerability in XWiki Rendering that allows authenticated users
1366	CVE-2024-11617	1.05%	77.2th	9.8		The Envolve Plugin for WordPress allows unauthenticated attackers to upload arbitrary files due to m
1367	CVE-2025-40553	1.05%	77.2th	9.8		SolarWinds Web Help Desk has an unauthenticated remote code execution vulnerability via untrusted da
1368	CVE-2025-2916	1.05%	77.2th	6.3		This critical vulnerability in Aishida Call Center System allows remote attackers to execute arbitra
1369	CVE-2025-9935	1.05%	77.2th	7.3		This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK N600R routers v
1370	CVE-2025-56130	1.05%	77.2th	8.8		This CVE describes an OS command injection vulnerability in Ruijie RG-S1930 switches that allows att
1371	CVE-2025-24996	1.05%	77.1th	6.5		This vulnerability in Windows NTLM allows attackers to manipulate file paths or names during network
1372	CVE-2018-25120	1.05%	77.1th	9.8		This CVE describes a critical command injection vulnerability in D-Link DNS-343 ShareCenter network
1373	CVE-2025-57644	1.05%	77.1th	9.1		Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in its Test Script feat
1374	CVE-2025-3835	1.04%	77.1th	9.6		This vulnerability allows remote attackers to execute arbitrary code on ManageEngine Exchange Report
1375	CVE-2025-1104	1.04%	77.1th	7.3		This critical vulnerability in D-Link DHP-W310AV powerline adapters allows remote attackers to bypas
1376	CVE-2025-31674	1.04%	77.1th	7.5		This CVE describes an object injection vulnerability in Drupal core that allows attackers to modify
1377	CVE-2025-4524	1.04%	77.1th	9.8		This vulnerability allows unauthenticated attackers to include and execute arbitrary files on WordPr
1378	CVE-2025-31121	1.04%	77.1th	5.4		OpenEMR versions before 7.0.3.1 contain a cross-site scripting vulnerability in the Patient Image fe
1379	CVE-2025-25286	1.04%	77th	9.8		CVE-2025-25286 is a critical remote code execution vulnerability in Crayfish's Homarus microservice
1380	CVE-2025-47827	1.04%	77th	4.6	KEV	This vulnerability allows attackers to bypass Secure Boot protection in IGEL OS by exploiting improp
1381	CVE-2024-54146	1.04%	77th	7.6		Cacti versions before 1.2.29 contain a SQL injection vulnerability in the host_templates.php templat
1382	CVE-2025-47423	1.03%	77th	5.8		This vulnerability allows unauthenticated remote attackers to read arbitrary files on servers runnin
1383	CVE-2022-50950	1.03%	77th	6.5		Webile 1.0.1 contains an unauthenticated directory traversal vulnerability that allows attackers to
1384	CVE-2025-21365	1.03%	77th	7.8		CVE-2025-21365 is a remote code execution vulnerability in Microsoft Office that allows attackers to
1385	CVE-2024-57428	1.03%	77th	9.3		A stored cross-site scripting vulnerability in PHPJabbers Cinema Booking System v2.0 allows attacker
1386	CVE-2025-2525	1.03%	77th	8.8		The Streamit WordPress theme allows authenticated users with subscriber-level permissions or higher
1387	CVE-2025-6220	1.03%	76.9th	7.2		The Ultra Addons for Contact Form 7 WordPress plugin has a vulnerability that allows authenticated a
1388	CVE-2025-11523	1.03%	76.9th	6.3		This vulnerability in Tenda AC7 routers allows remote attackers to execute arbitrary commands throug
1389	CVE-2024-56408	1.03%	76.9th	5.4		This CVE describes a cross-site scripting (XSS) vulnerability in PhpSpreadsheet's sample engineering
1390	CVE-2025-26623	1.03%	76.9th	9.8		A heap buffer overflow vulnerability in Exiv2 versions 0.28.0 through 0.28.4 allows attackers to pot
1391	CVE-2025-7614	1.03%	76.9th	6.3		This critical vulnerability in TOTOLINK T6 routers allows remote attackers to execute arbitrary comm
1392	CVE-2025-60671	1.03%	76.9th	5.4		A command injection vulnerability in D-Link DIR-823G router firmware allows attackers with write acc
1393	CVE-2024-41790	1.02%	76.9th	9.1		This vulnerability allows authenticated remote attackers to execute arbitrary code with root privile
1394	CVE-2024-41788	1.02%	76.9th	9.1		This vulnerability allows authenticated remote attackers to execute arbitrary code with root privile
1395	CVE-2025-6464	1.02%	76.9th	7.5		The Forminator WordPress plugin is vulnerable to PHP Object Injection via deserialization of untrust
1396	CVE-2025-60963	1.02%	76.9th	8.2		This CVE describes an OS command injection vulnerability in EndRun Technologies Sonoma D12 Network T
1397	CVE-2024-10957	1.02%	76.8th	8.8		The UpdraftPlus WordPress backup plugin contains a PHP object injection vulnerability in versions 1.
1398	CVE-2025-56005	1.02%	76.8th	9.8		CVE-2025-56005 is a critical vulnerability in the PLY (Python Lex-Yacc) library that allows remote c
1399	CVE-2025-66645	1.02%	76.8th	7.5		This directory traversal vulnerability in NiceGUI allows remote attackers to read arbitrary files on
1400	CVE-2025-63690	1.02%	76.8th	9.1		This vulnerability allows remote attackers to execute arbitrary code on pig-mesh Pig servers by expl

← Previous Page 28 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free