Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1601 | CVE-2025-53853 |
|
41.4th | 9.8 | A heap-based buffer overflow vulnerability in libbiosig's ISHNE parsing allows arbitrary code execut | |
| 1602 | CVE-2025-48005 |
|
41.4th | 9.8 | A heap-based buffer overflow vulnerability in libbiosig's RHS2000 file parser allows arbitrary code | |
| 1603 | CVE-2025-56074 |
|
41.4th | 9.8 | A SQL injection vulnerability in PHPGurukul Park Ticketing Management System v2.0 allows remote atta | |
| 1604 | CVE-2025-66255 |
|
41.3th | 9.8 | This vulnerability allows unauthenticated attackers to upload malicious firmware files to Mozart FM | |
| 1605 | CVE-2024-27708 |
|
41.4th | 9.6 | This CVE describes an iframe injection vulnerability in MyNET v.26.06 and earlier that allows remote | |
| 1606 | CVE-2025-53104 |
|
41.2th | 9.1 | A command injection vulnerability in gluestack-ui's GitHub Actions workflow allowed attackers to exe | |
| 1607 | CVE-2021-47785 |
|
41.3th | 9.8 | Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field th | |
| 1608 | CVE-2025-67187 |
|
41.3th | 9.8 | A stack-based buffer overflow vulnerability in TOTOLINK A950RG routers allows remote attackers to ex | |
| 1609 | CVE-2025-48782 |
|
41.3th | 9.8 | This vulnerability allows remote attackers to upload malicious files to the Soar Cloud HRD Human Res | |
| 1610 | CVE-2024-36047 |
|
41.1th | 9.8 | Infoblox NIOS has an improper input validation vulnerability that could allow attackers to execute a | |
| 1611 | CVE-2025-69222 |
|
41.2th | 9.1 | LibreChat version 0.8.1-rc2 has a server-side request forgery (SSRF) vulnerability in its Actions fe | |
| 1612 | CVE-2025-11391 |
|
41.1th | 9.8 | The PPOM – Product Addons & Custom Fields for WooCommerce WordPress plugin has an arbitrary file u | |
| 1613 | CVE-2025-12352 |
|
41.1th | 9.8 | The Gravity Forms WordPress plugin allows unauthenticated attackers to upload arbitrary files due to | |
| 1614 | CVE-2025-14156 |
|
41.1th | 9.8 | This vulnerability allows unauthenticated attackers to create new user accounts with administrator p | |
| 1615 | CVE-2025-25668 |
|
41th | 9.8 | This CVE describes a stack overflow vulnerability in Tenda AC8V4 routers that allows remote code exe | |
| 1616 | CVE-2025-25664 |
|
41th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Tenda AC8V4 routers by explo | |
| 1617 | CVE-2025-29137 |
|
41th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Tenda AC7 routers by exploit | |
| 1618 | CVE-2025-29031 |
|
41th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Tenda AC6 routers via a buff | |
| 1619 | CVE-2025-29029 |
|
41th | 9.8 | A buffer overflow vulnerability in Tenda AC6 routers allows attackers to execute arbitrary code by s | |
| 1620 | CVE-2025-25565 |
|
41th | 9.8 | SoftEther VPN 5.02.5187 contains a buffer overflow vulnerability in PtMakeCert and PtMakeCert2048 fu | |
| 1621 | CVE-2025-28232 |
|
40.9th | 9.1 | This vulnerability allows unauthenticated attackers to bypass authentication and access the admin pa | |
| 1622 | CVE-2025-55294 |
|
40.9th | 9.8 | CVE-2025-55294 is a command injection vulnerability in screenshot-desktop npm package that allows at | |
| 1623 | CVE-2025-2538 |
|
40.8th | 9.8 | A hardcoded credential vulnerability in Esri Portal for ArcGIS versions 11.4 and below allows remote | |
| 1624 | CVE-2025-20672 |
|
40.8th | 9.8 | This CVE describes a critical Bluetooth driver vulnerability in MediaTek chipsets where an incorrect | |
| 1625 | CVE-2023-53871 |
|
40.8th | 9.8 | Soosyze 2.0.0 contains an unrestricted file upload vulnerability that allows attackers to upload HTM | |
| 1626 | CVE-2023-38693 |
|
40.7th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Lucee Server by exploiting a | |
| 1627 | CVE-2025-67506 |
|
40.7th | 9.8 | CVE-2025-67506 is a path traversal vulnerability in PipesHub that allows unauthenticated attackers t | |
| 1628 | CVE-2024-48849 |
|
40.4th | 9.4 | This vulnerability allows attackers to bypass WebSocket origin validation in FLXEON systems, enablin | |
| 1629 | CVE-2025-5893 |
|
40.5th | 9.8 | Smart Parking Management System from Honding Technology exposes plaintext administrator credentials | |
| 1630 | CVE-2025-57266 |
|
40.4th | 9.8 | This vulnerability allows unauthenticated attackers to access sensitive information like API keys th | |
| 1631 | CVE-2025-9054 |
|
40.4th | 9.8 | This vulnerability allows unauthenticated attackers to modify WordPress site options via the MultiLo | |
| 1632 | CVE-2025-5948 |
|
40.4th | 9.8 | The Service Finder Bookings WordPress plugin has an authentication bypass vulnerability that allows | |
| 1633 | CVE-2025-12275 |
|
40.5th | 9.8 | This vulnerability allows attackers to manipulate mail configuration files and execute arbitrary com | |
| 1634 | CVE-2025-9967 |
|
40.4th | 9.8 | The Orion SMS OTP Verification WordPress plugin allows unauthenticated attackers to reset any user's | |
| 1635 | CVE-2025-11533 |
|
40.4th | 9.8 | The WP Freeio WordPress plugin allows unauthenticated attackers to register accounts with administra | |
| 1636 | CVE-2026-24042 |
|
40.4th | 9.4 | This vulnerability allows unauthenticated attackers to execute unpublished edit-mode actions in publ | |
| 1637 | CVE-2025-2767 |
|
40.4th | 9.6 | This critical vulnerability in Arista NG Firewall allows remote attackers to execute arbitrary code | |
| 1638 | CVE-2025-0668 |
|
40.3th | 9.8 | This CVE describes a stored cross-site scripting (XSS) vulnerability in BOINC Server that allows att | |
| 1639 | CVE-2026-1729 |
|
40.3th | 9.8 | This critical vulnerability in the AdForest WordPress theme allows unauthenticated attackers to bypa | |
| 1640 | CVE-2025-8760 |
|
40.3th | 9.8 | A buffer overflow vulnerability in INSTAR IP camera firmware allows remote attackers to execute arbi | |
| 1641 | CVE-2026-25894 |
|
40.1th | 9.8 | An insecure default configuration in FUXA web-based SCADA/HMI software allows unauthenticated remote | |
| 1642 | CVE-2025-65792 |
|
40.1th | 9.1 | DataGear v5.5.0 contains a path traversal vulnerability (CWE-22) that allows attackers to delete arb | |
| 1643 | CVE-2026-25858 |
|
40.1th | 9.8 | This vulnerability allows unauthenticated attackers to reset passwords for any user account by explo | |
| 1644 | CVE-2025-65882 |
|
40.1th | 9.8 | This vulnerability in openmptcprouter allows attackers to write arbitrary files or execute arbitrary | |
| 1645 | CVE-2024-56828 |
|
40th | 9.8 | This CVE describes a file upload vulnerability in ChestnutCMS that allows attackers to upload arbitr | |
| 1646 | CVE-2025-6994 |
|
40th | 9.8 | The Reveal Listing WordPress plugin allows unauthenticated attackers to register accounts with admin | |
| 1647 | CVE-2025-5954 |
|
40th | 9.8 | The Service Finder SMS System WordPress plugin allows unauthenticated attackers to register administ | |
| 1648 | CVE-2025-58745 |
|
40.1th | 9.9 | This vulnerability allows attackers to bypass MIME type validation and upload malicious PHP files di | |
| 1649 | CVE-2025-49553 |
|
40.1th | 9.3 | Adobe Connect versions 12.9 and earlier contain a DOM-based Cross-Site Scripting vulnerability that | |
| 1650 | CVE-2024-53931 |
|
39.9th | 9.1 | This vulnerability allows any Android application without permissions to place phone calls without u |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free