Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 101 | CVE-2025-10035 |
|
98.5th | 10.0 | KEV | A critical deserialization vulnerability in Fortra's GoAnywhere MFT License Servlet allows attackers |
| 102 | CVE-2025-31125 |
|
98.5th | 5.3 | KEV | Vite development servers configured to expose content to the network can leak sensitive file content |
| 103 | CVE-2025-42999 |
|
98.5th | 9.1 | KEV | CVE-2025-42999 is a deserialization vulnerability in SAP NetWeaver Visual Composer Metadata Uploader |
| 104 | CVE-2012-10020 |
|
98.4th | 9.8 | The FoxyPress WordPress plugin versions up to 0.4.2.1 allow unauthenticated attackers to upload arbi | |
| 105 | CVE-2025-23061 |
|
98.4th | 9.0 | Mongoose before version 8.9.5 contains a search injection vulnerability when using nested $where fil | |
| 106 | CVE-2012-10019 |
|
98.4th | 9.8 | The Front End Editor WordPress plugin before version 2.3 allows unauthenticated attackers to upload | |
| 107 | CVE-2025-26465 |
|
98.4th | 6.8 | This OpenSSH vulnerability allows machine-in-the-middle attacks when VerifyHostKeyDNS is enabled. At | |
| 108 | CVE-2025-48703 |
|
98.4th | 9.0 | KEV | CVE-2025-48703 allows unauthenticated attackers to execute arbitrary commands on CWP (Control Web Pa |
| 109 | CVE-2015-10138 |
|
98.4th | 9.8 | The Work The Flow File Upload WordPress plugin has an unauthenticated arbitrary file upload vulnerab | |
| 110 | CVE-2025-24865 |
|
98.4th | 10.0 | CVE-2025-24865 allows unauthenticated access to the mySCADA myPRO Manager administrative web interfa | |
| 111 | CVE-2015-10143 |
|
98.4th | 9.8 | The Platform theme for WordPress has an authentication bypass vulnerability that allows unauthentica | |
| 112 | CVE-2024-42845 |
|
98.4th | 8.0 | This CVE describes an eval injection vulnerability in InVesalius's DICOM file reader that allows att | |
| 113 | CVE-2023-4911 |
|
98.4th | 7.8 | KEV | CVE-2023-4911 is a buffer overflow vulnerability in the GNU C Library's dynamic loader (ld.so) that |
| 114 | CVE-2010-20113 |
|
98.3th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on EasyFTP Server by exploiting | |
| 115 | CVE-2025-54309 |
|
98.3th | 9.0 | KEV | This vulnerability in CrushFTP allows remote attackers to bypass AS2 validation and gain administrat |
| 116 | CVE-2013-10050 |
|
98.3th | 8.8 | This CVE describes an authenticated OS command injection vulnerability in multiple D-Link router mod | |
| 117 | CVE-2015-10135 |
|
98.3th | 9.8 | The WPshop 2 E-Commerce plugin for WordPress versions before 1.3.9.6 allows unauthenticated attacker | |
| 118 | CVE-2025-9242 |
|
98.3th | 9.8 | KEV | An out-of-bounds write vulnerability in WatchGuard Fireware OS allows remote unauthenticated attacke |
| 119 | CVE-2026-1731 |
|
98.3th | 9.8 | KEV | BeyondTrust Remote Support and older Privileged Remote Access versions contain a critical pre-authen |
| 120 | CVE-2025-62368 |
|
98.3th | 9.0 | This CVE describes a remote code execution vulnerability in Taiga project management platform due to | |
| 121 | CVE-2025-55182 |
|
98.3th | 10.0 | KEV | A critical pre-authentication remote code execution vulnerability exists in React Server Components |
| 122 | CVE-2013-10040 |
|
98.2th | 9.8 | CVE-2013-10040 is an unauthenticated arbitrary file upload vulnerability in ClipBucket versions 2.6 | |
| 123 | CVE-2013-10048 |
|
98.2th | 9.8 | This CVE describes an unauthenticated remote command execution vulnerability in legacy D-Link router | |
| 124 | CVE-2025-22224 |
|
98.2th | 9.3 | KEV | This CVE describes a TOCTOU vulnerability in VMware ESXi and Workstation that allows local administr |
| 125 | CVE-2025-34026 |
|
98.2th | 7.5 | KEV | This CVE describes an authentication bypass vulnerability in the Versa Concerto SD-WAN orchestration |
| 126 | CVE-2025-20029 |
|
98.1th | 8.8 | This command injection vulnerability in F5 BIG-IP's iControl REST API and tmsh save command allows a | |
| 127 | CVE-2025-49619 |
|
98.1th | 8.5 | Skyvern versions through 0.1.85 have a server-side template injection vulnerability in workflow bloc | |
| 128 | CVE-2025-11700 |
|
98.1th | 7.5 | N-central versions before 2025.4 are vulnerable to XML External Entity (XXE) injection attacks, allo | |
| 129 | CVE-2022-3365 |
|
98.1th | 9.8 | CVE-2022-3365 allows remote attackers to execute arbitrary operating system commands on systems runn | |
| 130 | CVE-2025-14847 |
|
98.1th | 7.5 | KEV | This vulnerability allows unauthenticated clients to read uninitialized heap memory from MongoDB ser |
| 131 | CVE-2025-24071 |
|
98.1th | 6.5 | This vulnerability in Windows File Explorer allows unauthorized attackers to access sensitive inform | |
| 132 | CVE-2025-27218 |
|
98.1th | 5.3 | CVE-2025-27218 is an insecure deserialization vulnerability in Sitecore Experience Manager (XM) and | |
| 133 | CVE-2023-53941 |
|
98.1th | 9.8 | EasyPHP Webserver 14.1 contains an unauthenticated OS command injection vulnerability that allows re | |
| 134 | CVE-2025-14611 |
|
98.1th | 9.8 | KEV | This vulnerability in Gladinet CentreStack and Triofox involves hardcoded AES encryption keys, allow |
| 135 | CVE-2025-34299 |
|
98.1th | 9.8 | CVE-2025-34299 is an unauthenticated arbitrary file upload vulnerability in Monsta FTP versions 2.11 | |
| 136 | CVE-2024-20154 |
|
98.1th | 8.8 | This vulnerability allows remote code execution on affected mobile devices when they connect to a ma | |
| 137 | CVE-2025-4428 |
|
98.1th | 7.2 | KEV | This vulnerability allows authenticated attackers to execute arbitrary code on Ivanti Endpoint Manag |
| 138 | CVE-2013-10032 |
|
98.1th | 8.8 | This CVE describes an authenticated remote code execution vulnerability in GetSimpleCMS 3.2.1 where | |
| 139 | CVE-2025-36846 |
|
98.1th | 9.8 | This vulnerability allows unauthenticated attackers to execute arbitrary operating system commands o | |
| 140 | CVE-2020-36848 |
|
98th | 7.5 | The Total Upkeep WordPress backup plugin exposes sensitive information through publicly accessible f | |
| 141 | CVE-2025-24367 |
|
98th | 8.8 | An authenticated Cacti user can abuse graph creation functionality to write arbitrary PHP files to t | |
| 142 | CVE-2025-22457 |
|
98th | 9.0 | KEV | A stack-based buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateway |
| 143 | CVE-2026-23760 |
|
98th | 9.8 | KEV | CVE-2026-23760 is an authentication bypass vulnerability in SmarterMail's password reset API that al |
| 144 | CVE-2012-10021 |
|
98th | 9.8 | This CVE describes a critical stack-based buffer overflow vulnerability in D-Link DIR-605L routers t | |
| 145 | CVE-2026-1281 |
|
97.9th | 9.8 | KEV | CVE-2026-1281 is a critical code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) th |
| 146 | CVE-2025-50201 |
|
97.9th | 9.8 | CVE-2025-50201 is an unauthenticated OS command injection vulnerability in WeGIA web management soft | |
| 147 | CVE-2005-10004 |
|
97.9th | 8.8 | This vulnerability allows authenticated users to execute arbitrary shell commands on Cacti servers t | |
| 148 | CVE-2025-1098 |
|
97.9th | 8.8 | This vulnerability in ingress-nginx allows attackers to inject arbitrary nginx configuration via the | |
| 149 | CVE-2025-2294 |
|
97.9th | 9.8 | The Kubio AI Page Builder WordPress plugin has a Local File Inclusion vulnerability that allows unau | |
| 150 | CVE-2025-1323 |
|
97.9th | 7.5 | This SQL injection vulnerability in the WP-Recall WordPress plugin allows unauthenticated attackers |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free