Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
1651	CVE-2025-21309	0.82%	74th	8.1		This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Remo
1652	CVE-2025-24216	0.82%	74th	4.3		This CVE describes a memory handling vulnerability in Apple's Safari browser and related operating s
1653	CVE-2025-48200	0.82%	74th	10.0		This critical vulnerability in the sr_feuser_register TYPO3 extension allows unauthenticated attacke
1654	CVE-2025-1016	0.82%	74th	9.8		This CVE describes memory safety bugs in Mozilla Firefox and Thunderbird that could lead to memory c
1655	CVE-2025-27394	0.82%	73.9th	7.2		This vulnerability allows an authenticated, highly-privileged remote attacker to execute arbitrary c
1656	CVE-2025-27393	0.82%	73.9th	7.2		This vulnerability in Siemens SCALANCE LPE9403 industrial network devices allows authenticated high-
1657	CVE-2025-27392	0.82%	73.9th	7.2		A vulnerability in SCALANCE LPE9403 industrial network devices allows authenticated high-privileged
1658	CVE-2025-42928	0.82%	73.9th	9.1		A high-privileged user can exploit a deserialization vulnerability in SAP jConnect to execute arbitr
1659	CVE-2024-53800	0.82%	73.9th	8.1		This vulnerability allows attackers to include local files on the server through PHP's include/requi
1660	CVE-2025-34225	0.81%	73.9th	8.6		This CVE describes an unauthenticated server-side request forgery (SSRF) vulnerability in Vasion Pri
1661	CVE-2025-25361	0.81%	73.8th	9.8		This vulnerability allows attackers to upload malicious SVG or XML files to PublicCMS v4.0.202406, p
1662	CVE-2025-14107	0.81%	73.8th	8.8		This CVE describes a command injection vulnerability in ZSPACE Q2C NAS devices that allows remote at
1663	CVE-2024-13377	0.81%	73.8th	7.2		The Gravity Forms WordPress plugin has a stored XSS vulnerability in the 'alt' parameter that allows
1664	CVE-2025-22974	0.81%	73.8th	9.8		This SQL injection vulnerability in SeaCMS allows remote attackers to execute arbitrary SQL commands
1665	CVE-2025-53364	0.81%	73.8th	5.3		Parse Server's GraphQL API exposed schema metadata without authentication in versions 5.3.0 through
1666	CVE-2025-0511	0.81%	73.8th	7.2		The Welcart e-Commerce plugin for WordPress has a stored cross-site scripting (XSS) vulnerability in
1667	CVE-2025-30382	0.81%	73.8th	7.8		This vulnerability allows an unauthorized attacker to execute arbitrary code on SharePoint servers b
1668	CVE-2025-8356	0.81%	73.7th	9.8		CVE-2025-8356 is a critical path traversal vulnerability in Xerox FreeFlow Core version 8.0.4 that a
1669	CVE-2025-62703	0.81%	73.7th	8.8		This CVE describes a remote code execution vulnerability in Fugue's RPC server implementation. Attac
1670	CVE-2025-21400	0.81%	73.7th	8.0		CVE-2025-21400 is a remote code execution vulnerability in Microsoft SharePoint Server that allows a
1671	CVE-2025-21369	0.81%	73.7th	8.8		This vulnerability allows remote code execution via Microsoft Digest Authentication, enabling attack
1672	CVE-2022-50695	0.81%	73.7th	7.5		This vulnerability allows unauthenticated attackers to abuse network diagnostic scripts (ping.php, t
1673	CVE-2025-1538	0.8%	73.7th	8.8		A critical heap-based buffer overflow vulnerability in D-Link DAP-1320's set_ws_action function allo
1674	CVE-2024-13888	0.8%	73.7th	7.2		The WPMobile.App WordPress plugin contains an open redirect vulnerability that allows unauthenticate
1675	CVE-2025-23249	0.8%	73.7th	7.6		The NVIDIA NeMo Framework vulnerability allows remote attackers to execute arbitrary code by exploit
1676	CVE-2025-1976	0.8%	73.6th	6.7	KEV	This vulnerability allows local admin users on Brocade Fabric OS to escalate privileges to root leve
1677	CVE-2025-63657	0.8%	73.6th	7.5		An out-of-bounds read vulnerability in Monkey web server's mk_mimetype_find function allows attacker
1678	CVE-2025-63656	0.8%	73.6th	7.5		An out-of-bounds read vulnerability in Monkey web server's HTTP parser allows attackers to cause den
1679	CVE-2025-63653	0.8%	73.6th	7.5		An out-of-bounds read vulnerability in Monkey web server's mk_vhost_fdt_close function allows attack
1680	CVE-2025-63652	0.8%	73.6th	7.5		A use-after-free vulnerability in Monkey web server's HTTP request handling allows attackers to cras
1681	CVE-2025-1861	0.8%	73.6th	9.8		This CVE describes a buffer size limitation vulnerability in PHP's HTTP redirect parsing. When PHP p
1682	CVE-2025-2802	0.8%	73.6th	7.3		The LayoutBoxx WordPress plugin allows unauthenticated attackers to execute arbitrary shortcodes due
1683	CVE-2024-13738	0.8%	73.6th	7.3		This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes in the
1684	CVE-2025-25675	0.8%	73.5th	9.8		This CVE describes a command injection vulnerability in Tenda AC10 routers that allows remote attack
1685	CVE-2025-2174	0.8%	73.5th	5.3		An integer overflow vulnerability in libzvbi's vbi_strndup_iconv_ucs2 function allows remote attacke
1686	CVE-2025-32906	0.8%	73.5th	7.5		An out-of-bounds read vulnerability in libsoup's soup_headers_parse_request() function allows attack
1687	CVE-2022-50919	0.79%	73.5th	9.8		CVE-2022-50919 is an unauthenticated remote code execution vulnerability in Tdarr's Help terminal th
1688	CVE-2024-11169	0.79%	73.5th	7.5		An unhandled exception in the fs module of danny-avila/librechat allows unauthenticated attackers to
1689	CVE-2025-2494	0.79%	73.5th	9.8		CVE-2025-2494 allows unrestricted file upload in Softdial Contact Center via the '/softdial/phpconso
1690	CVE-2025-26631	0.79%	73.5th	7.3		This vulnerability in Visual Studio Code allows an authorized attacker to execute arbitrary code wit
1691	CVE-2025-29791	0.79%	73.5th	7.8		A type confusion vulnerability in Microsoft Office allows attackers to execute arbitrary code on vul
1692	CVE-2025-59359	0.79%	73.5th	9.8		CVE-2025-59359 is an OS command injection vulnerability in Chaos Controller Manager's cleanTcs mutat
1693	CVE-2025-32726	0.79%	73.4th	6.8		This vulnerability in Visual Studio Code allows an authenticated local attacker to bypass access con
1694	CVE-2025-25101	0.79%	73.4th	9.6		A Cross-Site Request Forgery (CSRF) vulnerability in the MetricThemes Munk Sites WordPress plugin al
1695	CVE-2025-27749	0.79%	73.4th	7.8		A use-after-free vulnerability in Microsoft Office allows attackers to execute arbitrary code on vul
1696	CVE-2025-27747	0.79%	73.4th	7.8		A use-after-free vulnerability in Microsoft Office Word allows attackers to execute arbitrary code o
1697	CVE-2025-27745	0.79%	73.4th	7.8		CVE-2025-27745 is a use-after-free vulnerability in Microsoft Office that allows local attackers to
1698	CVE-2025-27741	0.79%	73.4th	7.8		This vulnerability is an out-of-bounds read in Windows NTFS that allows a local attacker to read mem
1699	CVE-2025-27483	0.79%	73.4th	7.8		This vulnerability is an out-of-bounds read in Windows NTFS that allows a local attacker to read sen
1700	CVE-2025-5746	0.79%	73.4th	9.8		This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress servers r

← Previous Page 34 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free