Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1551 | CVE-2024-12544 |
|
75.6th | 8.8 | The SurveyJS WordPress plugin has an arbitrary file deletion vulnerability that allows authenticated | |
| 1552 | CVE-2025-6174 |
|
75.5th | 6.1 | This vulnerability allows attackers to inject malicious scripts via the '_stylesheet' parameter in t | |
| 1553 | CVE-2025-41229 |
|
75.5th | 8.2 | VMware Cloud Foundation contains a directory traversal vulnerability (CWE-22) that allows attackers | |
| 1554 | CVE-2025-21253 |
|
75.5th | 5.3 | Microsoft Edge for iOS and Android contains a spoofing vulnerability that could allow an attacker to | |
| 1555 | CVE-2024-8060 |
|
75.5th | 8.1 | OpenWebUI 0.3.0 has a critical vulnerability in its audio transcription API that allows authenticate | |
| 1556 | CVE-2025-26260 |
|
75.5th | 8.8 | Plenti versions up to 0.7.16 are vulnerable to remote code execution via the /postLocal endpoint. At | |
| 1557 | CVE-2024-53965 |
|
75.5th | 5.4 | This DOM-based XSS vulnerability in Adobe Experience Manager allows low-privileged attackers to exec | |
| 1558 | CVE-2024-53963 |
|
75.5th | 5.4 | This DOM-based XSS vulnerability in Adobe Experience Manager allows low-privileged attackers to exec | |
| 1559 | CVE-2025-8243 |
|
75.5th | 8.8 | This critical buffer overflow vulnerability in TOTOLINK X15 routers allows remote attackers to execu | |
| 1560 | CVE-2025-31117 |
|
75.4th | 7.5 | This Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability in OpenEMR allows attackers to | |
| 1561 | CVE-2026-0795 |
|
75.4th | 8.8 | This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALG | |
| 1562 | CVE-2025-25003 |
|
75.3th | 7.3 | This vulnerability allows an authorized attacker to exploit an uncontrolled search path element in V | |
| 1563 | CVE-2025-24998 |
|
75.3th | 7.3 | This vulnerability allows an authorized attacker to exploit an uncontrolled search path element in V | |
| 1564 | CVE-2025-52392 |
|
75.3th | 5.4 | Soosyze CMS 2.0 has a brute-force vulnerability that allows attackers to make unlimited login attemp | |
| 1565 | CVE-2023-53892 |
|
75.3th | 7.2 | Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administra | |
| 1566 | CVE-2024-12132 |
|
75.3th | 4.3 | This vulnerability in the WP Job Portal WordPress plugin allows authenticated users with Subscriber- | |
| 1567 | CVE-2025-29824 |
|
75.3th | 7.8 | KEV | This is a local privilege escalation vulnerability in the Windows Common Log File System Driver. An |
| 1568 | CVE-2024-13786 |
|
75.3th | 9.8 | The Education WordPress theme has a PHP object injection vulnerability that allows unauthenticated a | |
| 1569 | CVE-2025-2009 |
|
75.2th | 7.2 | The Newsletters plugin for WordPress has a stored XSS vulnerability in its logging functionality tha | |
| 1570 | CVE-2025-7154 |
|
75.3th | 6.3 | This critical vulnerability in TOTOLINK N200RE routers allows remote attackers to execute arbitrary | |
| 1571 | CVE-2025-61913 |
|
75.3th | 9.9 | This vulnerability in Flowise allows authenticated attackers to read and write arbitrary files anywh | |
| 1572 | CVE-2025-23045 |
|
75.2th | 9.8 | This vulnerability allows authenticated attackers to execute arbitrary code within CVAT's Nuclio fun | |
| 1573 | CVE-2025-5606 |
|
75.2th | 6.3 | This critical vulnerability in Tenda AC18 routers allows remote attackers to execute arbitrary comma | |
| 1574 | CVE-2024-49649 |
|
75.2th | 9.8 | This vulnerability allows attackers to include local files on the server through improper input vali | |
| 1575 | CVE-2026-23864 |
|
75.2th | 7.5 | Multiple denial of service vulnerabilities in React Server Components allow attackers to crash serve | |
| 1576 | CVE-2025-31140 |
|
75.1th | 4.6 | This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to injec | |
| 1577 | CVE-2024-10442 |
|
75.2th | 10.0 | This critical vulnerability allows remote attackers to execute arbitrary code on affected Synology s | |
| 1578 | CVE-2025-0960 |
|
75.1th | 9.8 | AutomationDirect C-more EA9 HMI devices contain a buffer overflow vulnerability due to insufficient | |
| 1579 | CVE-2024-9920 |
|
75.1th | 8.8 | This vulnerability allows attackers to upload malicious files with dangerous extensions (.py, .sh, . | |
| 1580 | CVE-2025-34071 |
|
75.1th | 9.8 | This critical vulnerability in GFI Kerio Control allows attackers with administrative access to uplo | |
| 1581 | CVE-2024-54808 |
|
75.1th | 9.8 | This CVE describes a critical stack-based buffer overflow vulnerability in Netgear WNR854T routers t | |
| 1582 | CVE-2025-53416 |
|
75.1th | 7.8 | This vulnerability in Delta Electronics DTN Soft allows remote code execution through deserializatio | |
| 1583 | CVE-2025-53415 |
|
75.1th | 7.8 | This vulnerability allows remote code execution through deserialization of untrusted data in Delta E | |
| 1584 | CVE-2025-25243 |
|
75th | 8.6 | CVE-2025-25243 is an unauthenticated arbitrary file download vulnerability in SAP Supplier Relations | |
| 1585 | CVE-2026-0785 |
|
75th | 8.8 | CVE-2026-0785 is a command injection vulnerability in ALGO 8180 IP Audio Alerter devices that allows | |
| 1586 | CVE-2024-39604 |
|
75th | 9.0 | This vulnerability allows remote attackers to execute arbitrary commands on Wavlink AC3000 routers b | |
| 1587 | CVE-2025-21371 |
|
75th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin | |
| 1588 | CVE-2025-2232 |
|
75th | 9.8 | This vulnerability allows unauthenticated attackers to register administrator accounts on WordPress | |
| 1589 | CVE-2025-32050 |
|
75th | 5.9 | A buffer under-read vulnerability in libsoup's append_param_quoted() function could allow attackers | |
| 1590 | CVE-2025-0185 |
|
75th | 8.8 | This vulnerability in Dify Tools' Vanna module allows attackers to inject malicious queries through | |
| 1591 | CVE-2024-46479 |
|
74.9th | 9.9 | Venki Supravizio BPM through version 18.0.1 contains an arbitrary file upload vulnerability that all | |
| 1592 | CVE-2025-3484 |
|
74.9th | 9.8 | This critical vulnerability in MedDream PACS Server allows remote attackers to execute arbitrary cod | |
| 1593 | CVE-2024-13234 |
|
74.9th | 7.5 | The Product Table by WBW WordPress plugin contains an SQL injection vulnerability in the 'additional | |
| 1594 | CVE-2024-12248 |
|
74.9th | 9.8 | The Contec Health CMS8000 Patient Monitor has a critical vulnerability (CVE-2024-12248) that allows | |
| 1595 | CVE-2024-13787 |
|
74.9th | 9.8 | This vulnerability in the VEDA WordPress theme allows authenticated attackers with Subscriber-level | |
| 1596 | CVE-2025-2240 |
|
74.9th | 7.5 | CVE-2025-2240 is a memory exhaustion vulnerability in Smallrye Fault Tolerance where repeated calls | |
| 1597 | CVE-2025-29822 |
|
74.9th | 7.8 | This vulnerability allows an unauthorized attacker to bypass a security feature in Microsoft Office | |
| 1598 | CVE-2025-65879 |
|
74.8th | 8.1 | Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. Rem | |
| 1599 | CVE-2025-49744 |
|
74.8th | 7.0 | A heap-based buffer overflow vulnerability in Microsoft Graphics Component allows authenticated atta | |
| 1600 | CVE-2022-40619 |
|
74.8th | 7.7 | This vulnerability allows unauthenticated attackers on the local network to execute arbitrary comman |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free