Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1401 | CVE-2025-9782 |
|
60.2th | 8.8 | This CVE describes a buffer overflow vulnerability in TOTOLINK A702R routers that allows remote atta | |
| 1402 | CVE-2025-9780 |
|
60.2th | 8.8 | This vulnerability is a remote buffer overflow in TOTOLINK A702R routers affecting the formIpQoS fun | |
| 1403 | CVE-2025-66297 |
|
60.2th | 8.8 | This vulnerability allows authenticated users with admin panel access in Grav CMS to escalate privil | |
| 1404 | CVE-2024-48615 |
|
60.1th | 7.5 | A null pointer dereference vulnerability in libarchive 3.7.6 and earlier allows attackers to cause d | |
| 1405 | CVE-2022-45968 |
|
60.2th | 8.8 | CVE-2022-45968 allows authenticated users with file upload permission to upload arbitrary files to a | |
| 1406 | CVE-2026-2188 |
|
60.1th | 7.2 | This vulnerability allows remote attackers to execute arbitrary operating system commands on UTT θΏ | |
| 1407 | CVE-2026-2182 |
|
60.1th | 7.2 | This vulnerability allows remote attackers to execute arbitrary commands on UTT θΏε 521G devices | |
| 1408 | CVE-2026-2118 |
|
60.1th | 7.2 | This vulnerability allows remote attackers to execute arbitrary commands on UTT HiPER 810 routers by | |
| 1409 | CVE-2026-2080 |
|
60.1th | 7.2 | This vulnerability allows remote attackers to execute arbitrary commands on UTT HiPER 810 routers by | |
| 1410 | CVE-2023-0881 |
|
60.1th | 7.5 | This vulnerability allows attackers to cause a kernel crash (denial of service) by launching DDoS at | |
| 1411 | CVE-2025-29487 |
|
60.1th | 7.5 | CVE-2025-29487 is an out-of-memory vulnerability in libming's parseABC_STRING_INFO function that all | |
| 1412 | CVE-2025-25372 |
|
60.1th | 7.5 | CVE-2025-25372 is a memory corruption vulnerability in NASA cFS Aquila's Memory Management Module th | |
| 1413 | CVE-2025-25454 |
|
60.1th | 7.5 | This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10 routers via a buf | |
| 1414 | CVE-2025-25457 |
|
60.1th | 7.5 | This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10 routers via a buf | |
| 1415 | CVE-2025-31496 |
|
60.1th | 7.5 | A vulnerability in Apollo Compiler versions before 1.27.0 allows attackers to craft GraphQL queries | |
| 1416 | CVE-2025-9991 |
|
60.1th | 8.1 | The Tiny Bootstrap Elements Light WordPress plugin contains a Local File Inclusion vulnerability tha | |
| 1417 | CVE-2025-30773 |
|
60.1th | 7.2 | CVE-2025-30773 is a PHP object injection vulnerability in TranslatePress WordPress plugin caused by | |
| 1418 | CVE-2025-53515 |
|
60.1th | 8.8 | This vulnerability in Advantech iView allows authenticated attackers with user-level privileges to p | |
| 1419 | CVE-2025-52577 |
|
60.1th | 8.8 | This vulnerability in Advantech iView allows authenticated attackers with user-level privileges to p | |
| 1420 | CVE-2025-20045 |
|
60th | 7.5 | This vulnerability allows an attacker to cause a denial of service by sending specially crafted SIP | |
| 1421 | CVE-2025-30735 |
|
59.9th | 8.1 | This vulnerability in Oracle PeopleSoft Enterprise CC Common Application Objects allows authenticate | |
| 1422 | CVE-2024-40584 |
|
59.9th | 7.2 | This OS command injection vulnerability in Fortinet FortiAnalyzer and FortiManager products allows a | |
| 1423 | CVE-2025-48390 |
|
59.9th | 7.2 | FreeScout versions before 1.8.178 contain a code injection vulnerability in the php_path parameter. | |
| 1424 | CVE-2023-53883 |
|
59.9th | 7.2 | CVE-2023-53883 is a remote code execution vulnerability in Webedition CMS v2.9.8.8 that allows authe | |
| 1425 | CVE-2025-24051 |
|
59.8th | 8.8 | A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allow | |
| 1426 | CVE-2024-48761 |
|
59.8th | 8.8 | This is a reflected cross-site scripting (XSS) vulnerability in Celk Sistemas Celk Saude healthcare | |
| 1427 | CVE-2024-36512 |
|
59.7th | 7.2 | This path traversal vulnerability in Fortinet FortiManager and FortiAnalyzer allows attackers to exe | |
| 1428 | CVE-2025-22132 |
|
59.8th | 8.3 | This Cross-Site Scripting (XSS) vulnerability in WeGIA's file upload functionality allows attackers | |
| 1429 | CVE-2024-57426 |
|
59.7th | 7.3 | NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing attackers to execute arbitrary code | |
| 1430 | CVE-2024-54362 |
|
59.7th | 8.1 | This path traversal vulnerability in the GetShop eCommerce WordPress plugin allows attackers to acce | |
| 1431 | CVE-2025-2284 |
|
59.7th | 7.5 | A denial-of-service vulnerability in the GetWebLoginCredentials function of Sante PACS Server.exe al | |
| 1432 | CVE-2025-10647 |
|
59.7th | 8.8 | The Embed PDF for WPForms WordPress plugin allows authenticated users with Subscriber-level access o | |
| 1433 | CVE-2025-9561 |
|
59.7th | 8.8 | The AP Background WordPress plugin versions 3.8.1 to 3.8.2 contain an arbitrary file upload vulnerab | |
| 1434 | CVE-2025-63932 |
|
59.6th | 7.3 | The D-Link DIR-868L A1 router has an unauthenticated remote code execution vulnerability in its HNAP | |
| 1435 | CVE-2021-47888 |
|
59.7th | 8.8 | CVE-2021-47888 is an authenticated remote code execution vulnerability in Textpattern CMS that allow | |
| 1436 | CVE-2023-53889 |
|
59.6th | 7.2 | CVE-2023-53889 is a remote code execution vulnerability in Perch CMS 3.2 that allows authenticated a | |
| 1437 | CVE-2025-14108 |
|
59.6th | 8.8 | This vulnerability allows remote attackers to execute arbitrary commands on ZSPACE Q2C NAS devices b | |
| 1438 | CVE-2025-54307 |
|
59.6th | 8.8 | This vulnerability allows authenticated low-privilege users to upload ZIP files containing path trav | |
| 1439 | CVE-2025-30868 |
|
59.5th | 7.5 | This CVE describes a PHP Local File Inclusion vulnerability in the DynamicWebLab Team Manager WordPr | |
| 1440 | CVE-2025-30845 |
|
59.5th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 1441 | CVE-2025-20666 |
|
59.5th | 7.5 | This vulnerability in MediaTek modems allows remote denial of service through system crashes when de | |
| 1442 | CVE-2026-1428 |
|
59.5th | 8.8 | CVE-2026-1428 is an OS command injection vulnerability in WellChoose's Single Sign-On Portal System | |
| 1443 | CVE-2025-20212 |
|
59.5th | 7.7 | An authenticated attacker with VPN credentials can cause a denial of service on Cisco Meraki MX/Z Se | |
| 1444 | CVE-2025-5106 |
|
59.5th | 7.3 | This critical vulnerability in Fujian Kelixun 1.0 allows remote attackers to execute arbitrary opera | |
| 1445 | CVE-2025-8139 |
|
59.5th | 8.8 | This critical vulnerability in TOTOLINK A702R routers allows remote attackers to execute arbitrary c | |
| 1446 | CVE-2025-12637 |
|
59.5th | 8.8 | The Elastic Theme Editor WordPress plugin allows authenticated attackers with Subscriber-level acces | |
| 1447 | CVE-2025-0682 |
|
59.4th | 8.8 | The ThemeREX Addons WordPress plugin has a Local File Inclusion vulnerability that allows authentica | |
| 1448 | CVE-2024-12811 |
|
59.4th | 8.8 | The Traveler WordPress theme has a Local File Inclusion vulnerability in the 'hotel_alone_slider' sh | |
| 1449 | CVE-2025-29962 |
|
59.4th | 8.8 | This vulnerability is a heap-based buffer overflow in Windows Media components that allows remote at | |
| 1450 | CVE-2023-25837 |
|
59.4th | 8.4 | A stored cross-site scripting vulnerability in Esri ArcGIS Enterprise Sites allows authenticated hig |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation β making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free