Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
101	CVE-2026-0641	3.08%	86.5th	6.3		This CVE describes a command injection vulnerability in TOTOLINK WA300 routers that allows remote at
102	CVE-2025-57636	3.08%	86.4th	6.5		This CVE describes an OS command injection vulnerability in D-Link C1 routers where an attacker can
103	CVE-2025-41228	3.05%	86.4th	4.3		VMware ESXi and vCenter Server have a reflected cross-site scripting vulnerability in certain login
104	CVE-2024-52012	2.98%	86.2th	5.4		This CVE describes a relative path traversal vulnerability (zipslip) in Apache Solr's configset uplo
105	CVE-2024-12088	2.94%	86.1th	6.5		A path traversal vulnerability in rsync's --safe-links option allows attackers to write files outsid
106	CVE-2024-7595	2.9%	86th	6.5		This vulnerability allows attackers to spoof GRE/GRE6 protocol packets by bypassing source validatio
107	CVE-2025-21590	2.74%	85.7th	4.4	KEV	A local privilege escalation vulnerability in Juniper Junos OS kernel allows attackers with shell ac
108	CVE-2024-8021	2.68%	85.5th	6.1		An open redirect vulnerability in gradio-app/gradio allows attackers to redirect users to malicious
109	CVE-2025-27472	2.63%	85.4th	5.4		This vulnerability allows attackers to bypass Windows Mark of the Web (MOTW) security protections ov
110	CVE-2024-42922	2.63%	85.4th	6.5		AAPanel v7.0.7 contains an OS command injection vulnerability (CWE-78) that allows attackers to exec
111	CVE-2024-42642	2.6%	85.3th	6.7		A buffer overflow vulnerability in Micron Crucial MX500 SSDs allows attackers to execute arbitrary c
112	CVE-2025-2701	2.57%	85.2th	6.3		This critical vulnerability in AMTT Hotel Broadband Operation System 1.0 allows remote attackers to
113	CVE-2024-13634	2.53%	85.1th	6.1		The Post Sync WordPress plugin through version 1.1 contains a reflected cross-site scripting (XSS) v
114	CVE-2023-23408	2.43%	84.8th	4.5		This vulnerability allows attackers to inject malicious scripts into Azure Apache Ambari web interfa
115	CVE-2025-57296	2.42%	84.8th	6.5		This CVE describes a command injection vulnerability in Tenda AC6 router firmware that allows attack
116	CVE-2024-54960	2.37%	84.6th	6.5		A SQL injection vulnerability in Nagios XI 2024R1.2.2 allows remote attackers to execute arbitrary S
117	CVE-2024-33939	2.37%	84.6th	5.3		This vulnerability allows unauthenticated attackers to access course progress data in Masteriyo LMS
118	CVE-2025-59328	2.35%	84.6th	6.5		This CVE describes a denial-of-service vulnerability in Apache Fory caused by insecure deserializati
119	CVE-2026-0594	2.31%	84.5th	6.1		The List Site Contributors WordPress plugin has a reflected cross-site scripting vulnerability in ve
120	CVE-2025-10307	2.3%	84.4th	6.5		The Backuply WordPress plugin has a vulnerability allowing authenticated attackers with Administrato
121	CVE-2024-47605	2.29%	84.4th	5.4		This is a cross-site scripting (XSS) vulnerability in SilverStripe's asset-admin module. When users
122	CVE-2025-66472	2.29%	84.4th	6.1		This CVE describes a reflected cross-site scripting (XSS) vulnerability in XWiki Platform that allow
123	CVE-2026-1547	2.28%	84.4th	6.3		This CVE describes a remote command injection vulnerability in Totolink A7000R routers. Attackers ca
124	CVE-2024-13098	2.28%	84.3th	5.4		This vulnerability allows attackers to inject malicious scripts into WordPress admin pages via unsan
125	CVE-2025-6621	2.26%	84.3th	6.3		This critical vulnerability in TOTOLINK CA300-PoE routers allows remote attackers to execute arbitra
126	CVE-2025-6619	2.26%	84.3th	6.3		This critical vulnerability in TOTOLINK CA300-PoE routers allows remote attackers to execute arbitra
127	CVE-2024-9458	2.25%	84.3th	4.8		The Reservit Hotel WordPress plugin before version 3.0 contains a stored cross-site scripting (XSS)
128	CVE-2025-67643	2.25%	84.3th	4.3		The Jenkins Redpen - Pipeline Reporter for Jira Plugin vulnerability allows attackers with Item/Conf
129	CVE-2025-29868	2.24%	84.2th	6.5		This vulnerability in Apache Answer allows external image providers to obtain the IP addresses of us
130	CVE-2025-24354	2.22%	84.1th	5.3		Imgproxy fails to block the 0.0.0.0 address even when loopback source addresses are restricted, allo
131	CVE-2025-4078	2.19%	84th	4.3		This vulnerability in Wangshen SecGate 3600 2400 allows attackers to perform path traversal attacks
132	CVE-2024-13628	2.17%	84th	6.1		The WP Pricing Table WordPress plugin through version 1.1 contains a reflected cross-site scripting
133	CVE-2026-2167	2.16%	84th	6.3		This CVE describes a remote command injection vulnerability in Totolink WA300 routers. Attackers can
134	CVE-2026-1326	2.16%	84th	6.3		This CVE describes a command injection vulnerability in Totolink NR1800X routers that allows remote
135	CVE-2024-13630	2.11%	83.8th	6.1		The NewsTicker WordPress plugin through version 1.0 contains a reflected cross-site scripting (XSS)
136	CVE-2025-26672	2.07%	83.6th	6.5		A buffer over-read vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthor
137	CVE-2025-26664	2.07%	83.6th	6.5		A buffer over-read vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthor
138	CVE-2024-46089	2.04%	83.5th	6.3		CVE-2024-46089 is a remote code execution vulnerability in 74cms background interface apiadmin that
139	CVE-2025-0111	2.02%	83.4th	6.5	KEV	An authenticated file read vulnerability in Palo Alto Networks PAN-OS software allows authenticated
140	CVE-2025-60682	2%	83.3th	6.5		This CVE describes a command injection vulnerability in ToToLink A720R router firmware that allows u
141	CVE-2025-11368	1.99%	83.3th	5.3		This vulnerability in the LearnPress WordPress LMS plugin allows unauthenticated attackers to access
142	CVE-2025-0572	1.99%	83.3th	4.3		This vulnerability allows authenticated remote attackers to write arbitrary files to the Sante PACS
143	CVE-2025-12089	1.98%	83.2th	6.5		The Data Tables Generator by Supsystic WordPress plugin contains a path traversal vulnerability in i
144	CVE-2025-14586	1.92%	83th	6.3		This CVE describes an OS command injection vulnerability in TOTOLINK X5000R routers. Attackers can e
145	CVE-2025-14276	1.91%	83th	5.6		This CVE describes a command injection vulnerability in Ilevia EVE X1 Server's leaf_search.php file,
146	CVE-2025-9985	1.91%	83th	5.3		The Featured Image from URL WordPress plugin exposes sensitive information through publicly accessib
147	CVE-2024-54916	1.87%	82.7th	6.8		This vulnerability in Telegram Android allows a physically proximate attacker to bypass the app's pa
148	CVE-2025-24162	1.85%	82.6th	6.5		This vulnerability is an out-of-bounds read (CWE-125) in Apple's WebKit browser engine that could ca
149	CVE-2024-55504	1.84%	82.6th	5.5		This vulnerability allows local attackers to execute arbitrary code via a malicious dynamic library
150	CVE-2024-12737	1.81%	82.5th	6.1		This vulnerability allows attackers to inject malicious scripts via unsanitized parameters in the WP

← Previous Page 3 of 331 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free