Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
1501	CVE-2025-32827	0.94%	75.9th	8.8	This SQL injection vulnerability in TeleControl Server Basic allows authenticated attackers to bypas
1502	CVE-2025-32825	0.94%	75.9th	8.8	An SQL injection vulnerability in TeleControl Server Basic allows authenticated attackers to bypass
1503	CVE-2025-32823	0.94%	75.9th	8.8	This SQL injection vulnerability in TeleControl Server Basic allows authenticated attackers to bypas
1504	CVE-2025-32475	0.94%	75.9th	8.8	This SQL injection vulnerability in TeleControl Server Basic allows authenticated attackers to bypas
1505	CVE-2025-31352	0.94%	75.9th	8.8	This SQL injection vulnerability in TeleControl Server Basic allows authenticated attackers to bypas
1506	CVE-2025-31350	0.94%	75.9th	8.8	This SQL injection vulnerability in TeleControl Server Basic allows authenticated remote attackers t
1507	CVE-2025-31343	0.94%	75.9th	8.8	This SQL injection vulnerability in TeleControl Server Basic allows authenticated remote attackers t
1508	CVE-2025-30031	0.94%	75.9th	8.8	This SQL injection vulnerability in TeleControl Server Basic allows authenticated remote attackers t
1509	CVE-2025-30003	0.94%	75.9th	8.8	This SQL injection vulnerability in TeleControl Server Basic allows authenticated remote attackers t
1510	CVE-2026-25643	0.94%	75.8th	9.1	CVE-2026-25643 is a critical Remote Command Execution vulnerability in Frigate NVR software that all
1511	CVE-2024-5706	0.94%	75.8th	8.8	This vulnerability in Hitachi Vantara Pentaho Data Integration & Analytics allows attackers to injec
1512	CVE-2025-4336	0.94%	75.8th	8.1	The eMagicOne Store Manager for WooCommerce WordPress plugin allows unauthenticated attackers to upl
1513	CVE-2024-12613	0.94%	75.8th	7.5	This SQL injection vulnerability in the WordPress Passwords Manager plugin allows unauthenticated at
1514	CVE-2024-13475	0.94%	75.8th	7.5	This SQL injection vulnerability in the Small Package Quotes – UPS Edition WordPress plugin allows
1515	CVE-2025-29815	0.94%	75.8th	7.6	A use-after-free vulnerability in Microsoft Edge (Chromium-based) allows an authenticated attacker t
1516	CVE-2025-29519	0.94%	75.8th	5.3	A command injection vulnerability in D-Link DSL-7740C routers allows attackers to execute arbitrary
1517	CVE-2025-5445	0.94%	75.8th	6.3	This critical vulnerability in Linksys RE series range extenders allows remote attackers to execute
1518	CVE-2025-5443	0.94%	75.8th	6.3	This critical vulnerability in Linksys wireless range extenders allows remote attackers to execute a
1519	CVE-2025-15137	0.94%	75.8th	8.8	This vulnerability allows remote attackers to execute arbitrary commands on TRENDnet TEW-800MB route
1520	CVE-2025-15136	0.94%	75.8th	8.8	This vulnerability allows remote attackers to execute arbitrary commands on TRENDnet TEW-800MB route
1521	CVE-2025-27718	0.94%	75.7th	8.8	A path traversal vulnerability in the USB storage file-sharing function of HGW-BL1500HM devices allo
1522	CVE-2025-29830	0.94%	75.8th	6.5	CVE-2025-29830 is an information disclosure vulnerability in Windows Routing and Remote Access Servi
1523	CVE-2025-11367	0.94%	75.8th	9.8	CVE-2025-11367 allows remote attackers to execute arbitrary code on systems running vulnerable versi
1524	CVE-2024-51138	0.93%	75.7th	9.8	A critical stack-based buffer overflow vulnerability in DrayTek router TR069 STUN server URL parsing
1525	CVE-2025-4302	0.93%	75.7th	5.3	The Stop User Enumeration WordPress plugin before version 1.7.3 has an authentication bypass vulnera
1526	CVE-2024-10901	0.93%	75.7th	9.8	This vulnerability in eosphoros-ai/db-gpt allows attackers to execute arbitrary SQL queries via an u
1527	CVE-2025-27130	0.93%	75.7th	8.8	Welcart e-Commerce versions 2.11.6 and earlier contain an untrusted data deserialization vulnerabili
1528	CVE-2025-57199	0.93%	75.7th	8.8	This vulnerability allows authenticated attackers to execute arbitrary commands on AVTECH SECURITY C
1529	CVE-2025-57198	0.93%	75.7th	8.8	This vulnerability allows authenticated attackers to execute arbitrary commands on AVTECH SECURITY D
1530	CVE-2026-22755	0.93%	75.7th	N/A	This CVE describes a command injection vulnerability in multiple Vivotek device models that allows a
1531	CVE-2025-7384	0.93%	75.6th	9.8	This vulnerability allows unauthenticated attackers to perform PHP object injection through deserial
1532	CVE-2025-10176	0.93%	75.7th	7.2	This vulnerability allows authenticated WordPress administrators to delete arbitrary files on the se
1533	CVE-2025-1023	0.93%	75.6th	9.8	A critical SQL injection vulnerability in ChurchCRM versions 5.13.0 and earlier allows attackers to
1534	CVE-2024-57430	0.93%	75.6th	9.8	An SQL injection vulnerability in PHPJabbers Cinema Booking System v2.0 allows attackers to manipula
1535	CVE-2025-58384	0.93%	75.6th	10.0	This vulnerability allows remote attackers to execute arbitrary code on DOXENSE WATCHDOC systems by
1536	CVE-2025-34320	0.92%	75.6th	N/A	This vulnerability allows unauthenticated attackers to perform directory traversal attacks on BASIS
1537	CVE-2024-57658	0.92%	75.6th	7.5	This vulnerability in OpenLink Virtuoso OpenSource allows attackers to cause denial of service by se
1538	CVE-2024-57657	0.92%	75.6th	7.5	This vulnerability in OpenLink Virtuoso OpenSource allows attackers to cause Denial of Service (DoS)
1539	CVE-2024-57656	0.92%	75.6th	7.5	This vulnerability in OpenLink Virtuoso Open-Source Edition allows attackers to cause Denial of Serv
1540	CVE-2024-57653	0.92%	75.6th	7.5	This vulnerability in OpenLink Virtuoso Open-Source Edition allows attackers to cause Denial of Serv
1541	CVE-2024-57652	0.92%	75.6th	7.5	This SQL injection vulnerability in OpenLink Virtuoso's numeric_to_dv component allows attackers to
1542	CVE-2024-57651	0.92%	75.6th	7.5	This SQL injection vulnerability in the jp_add component of OpenLink Virtuoso allows attackers to ex
1543	CVE-2024-57650	0.92%	75.6th	7.5	This vulnerability in OpenLink Virtuoso Open-Source Edition allows attackers to cause Denial of Serv
1544	CVE-2024-57648	0.92%	75.6th	7.5	A SQL injection vulnerability in the itc_set_param_row component of OpenLink Virtuoso OpenSource all
1545	CVE-2024-57643	0.92%	75.6th	7.5	A SQL injection vulnerability in the box_deserialize_string component of OpenLink Virtuoso Open Sour
1546	CVE-2024-57642	0.92%	75.6th	7.5	This vulnerability in OpenLink Virtuoso OpenSource allows attackers to execute crafted SQL statement
1547	CVE-2024-57638	0.92%	75.6th	7.5	A SQL injection vulnerability in the dfe_body_copy component of OpenLink Virtuoso Open-Source allows
1548	CVE-2024-57637	0.92%	75.6th	7.5	This SQL injection vulnerability in OpenLink Virtuoso's dfe_unit_gb_dependant component allows attac
1549	CVE-2024-57636	0.92%	75.6th	7.5	This vulnerability in OpenLink Virtuoso Open-Source allows attackers to execute crafted SQL statemen
1550	CVE-2024-57635	0.92%	75.6th	7.5	This SQL injection vulnerability in OpenLink Virtuoso's chash_array component allows attackers to ex

← Previous Page 31 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free