Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
1501	CVE-2025-30354	0.18%	39.7th	4.3	A sandbox bypass vulnerability in Bruno IDE allows malicious API collection files to execute arbitra
1502	CVE-2025-24373	0.18%	39.5th	6.5	This vulnerability allows unauthorized users to access any PDF invoice or packing slip from a WooCom
1503	CVE-2025-1848	0.18%	39.5th	6.3	This critical vulnerability in zj1983 zz software allows attackers to perform Server-Side Request Fo
1504	CVE-2025-1847	0.18%	39.5th	6.3	This CVE describes an improper authorization vulnerability in zj1983 zz software up to version 2024-
1505	CVE-2025-1833	0.18%	39.5th	6.3	This critical SSRF vulnerability in zj1983 zz software allows attackers to manipulate the 'url' para
1506	CVE-2025-25453	0.18%	39.6th	4.6	This vulnerability allows attackers to cause a buffer overflow in Tenda AC10 routers via the AdvSetM
1507	CVE-2023-43037	0.18%	39.6th	6.5	This vulnerability in IBM Maximo Application Suite allows authenticated users to perform unauthorize
1508	CVE-2025-58369	0.18%	39.6th	5.3	This CVE describes a denial-of-service vulnerability in fs2, a Scala streaming I/O library, where TL
1509	CVE-2025-14901	0.18%	39.5th	6.5	This vulnerability allows unauthenticated attackers to replay form workflow executions in the Bit Fo
1510	CVE-2024-10498	0.18%	39.4th	6.5	This CVE describes a buffer overflow vulnerability in Schneider Electric devices that allows unautho
1511	CVE-2024-56238	0.18%	39.4th	5.3	This CVE describes a missing authorization vulnerability in the QuantumCloud Floating Action Buttons
1512	CVE-2025-30155	0.18%	39.4th	4.3	Tuleap's REST API fails to enforce read permissions on parent trackers, allowing authenticated users
1513	CVE-2025-30225	0.18%	39.4th	5.3	This vulnerability in Directus's S3 storage driver allows attackers to cause denial of service for a
1514	CVE-2025-30348	0.18%	39.4th	5.8	This vulnerability in Qt's QDom XML processing allows an attacker to cause a denial of service throu
1515	CVE-2024-13844	0.18%	39.4th	4.9	The Post SMTP WordPress plugin contains a SQL injection vulnerability in the 'columns' parameter tha
1516	CVE-2025-3609	0.18%	39.4th	5.3	The Reales WP STPT WordPress plugin allows unauthenticated attackers to create user accounts without
1517	CVE-2025-50861	0.18%	39.4th	6.5	The Lotus Cars Android app version 1.2.8 contains an exported component (PushDeepLinkActivity) that
1518	CVE-2025-60701	0.18%	39.5th	6.5	This CVE describes a command injection vulnerability in D-Link DIR-882 router firmware that allows u
1519	CVE-2025-11986	0.18%	39.4th	5.3	The Crypto WordPress plugin has an authentication bypass vulnerability that allows unauthenticated a
1520	CVE-2026-2163	0.18%	39.3th	4.7	This CVE describes a command injection vulnerability in D-Link DIR-600 routers affecting the ssdp.cg
1521	CVE-2026-2081	0.18%	39.3th	4.7	This CVE describes an OS command injection vulnerability in D-Link DIR-823X routers via the /goform/
1522	CVE-2026-0990	0.18%	39.5th	5.9	A recursion vulnerability in libxml2's xmlCatalogXMLResolveURI function allows remote attackers to c
1523	CVE-2024-26012	0.18%	39.2th	6.7	This CVE describes an OS command injection vulnerability in Fortinet FortiAP devices that allows loc
1524	CVE-2024-9308	0.18%	39.2th	6.1	An open redirect vulnerability in haotian-liu/llava v1.2.0 allows attackers to redirect users to mal
1525	CVE-2025-3912	0.18%	39.3th	5.3	This vulnerability allows unauthenticated attackers to read sensitive configuration data from the WS
1526	CVE-2024-52962	0.18%	39.3th	5.3	An unauthenticated remote attacker can inject malicious content into FortiAnalyzer and FortiManager
1527	CVE-2025-3241	0.18%	39.3th	6.3	This XXE vulnerability in YoukeFu allows attackers to read arbitrary files from the server by exploi
1528	CVE-2025-6069	0.18%	39.3th	4.3	This CVE describes a denial-of-service vulnerability in Python's html.parser.HTMLParser class where
1529	CVE-2025-1163	0.18%	39.1th	5.3	A critical stack-based buffer overflow vulnerability exists in the Vehicle Parking Management System
1530	CVE-2025-0949	0.18%	39.2th	6.3	This critical SQL injection vulnerability in Tailoring Management System 1.0 allows remote attackers
1531	CVE-2025-0947	0.18%	39.2th	6.3	CVE-2025-0947 is a critical SQL injection vulnerability in itsourcecode Tailoring Management System
1532	CVE-2025-0945	0.18%	39.2th	6.3	CVE-2025-0945 is a critical SQL injection vulnerability in itsourcecode Tailoring Management System
1533	CVE-2026-22198	0.18%	39.1th	6.1	This CVE describes a pre-authentication stored XSS vulnerability in GestSup's API error logging func
1534	CVE-2024-12237	0.18%	39th	4.3	This SSRF vulnerability in the WordPress Photo Gallery Slideshow & Masonry Tiled Gallery plugin allo
1535	CVE-2025-1465	0.18%	39.1th	4.1	This vulnerability in lmxcms 1.41 allows remote attackers to inject malicious code through the db.in
1536	CVE-2025-2982	0.18%	39.1th	6.3	This critical vulnerability in Legrand SMS PowerView 1.x allows remote attackers to perform file inc
1537	CVE-2025-2361	0.18%	39th	4.3	This CVE describes a cross-site scripting (XSS) vulnerability in Mercurial SCM's web interface. Atta
1538	CVE-2025-2442	0.18%	39.1th	6.8	A CWE-1188 vulnerability in Schneider Electric products allows physical attackers to reset devices t
1539	CVE-2024-45699	0.18%	39th	5.4	This CVE describes a reflected Cross-Site Scripting (XSS) vulnerability in Zabbix's /zabbix.php endp
1540	CVE-2025-30210	0.18%	39.1th	6.1	Bruno API IDE versions before 1.39.1 contain a cross-site scripting vulnerability where environment
1541	CVE-2025-27955	0.18%	39th	6.5	Clinical Collaboration Platform 12.2.1.5 has a session token vulnerability where logout doesn't inva
1542	CVE-2025-9585	0.18%	39th	6.3	This vulnerability allows remote attackers to execute arbitrary commands on Comfast CF-N1 routers ru
1543	CVE-2025-9583	0.18%	39th	6.3	A command injection vulnerability in the ping_config function of Comfast CF-N1 firmware version 2.6.
1544	CVE-2025-56869	0.18%	39th	5.3	This directory traversal vulnerability in Sync In server allows authenticated attackers to read and
1545	CVE-2026-23849	0.18%	39th	5.3	This CVE describes a timing attack vulnerability in File Browser's authentication mechanism that all
1546	CVE-2024-57679	0.18%	38.9th	6.5	This vulnerability allows unauthenticated attackers to remotely configure the 2.4G and 5G repeater s
1547	CVE-2024-40854	0.18%	38.9th	5.5	A memory initialization vulnerability in Apple operating systems allows malicious applications to ca
1548	CVE-2025-21257	0.18%	38.9th	5.5	This vulnerability in Windows WLAN AutoConfig Service allows an authenticated attacker to read sensi
1549	CVE-2025-0463	0.18%	38.9th	6.3	This critical vulnerability in Shanghai Lingdang Information Technology's Lingdang CRM allows remote
1550	CVE-2024-54997	0.18%	38.9th	5.4	MonicaHQ v4.1.1 contains an authenticated client-side injection vulnerability in the journal entry t

← Previous Page 31 of 331 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free