Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1651 | CVE-2024-46622 |
|
39.9th | 9.8 | This CVE describes an escalation of privilege vulnerability in SecureAge Security Suite that allows | |
| 1652 | CVE-2025-57772 |
|
39.9th | 9.8 | This vulnerability allows remote code execution in DataEase BI tools through a JDBC URL bypass. Atta | |
| 1653 | CVE-2025-13374 |
|
39.9th | 9.8 | The Kalrav AI Agent WordPress plugin allows unauthenticated attackers to upload arbitrary files due | |
| 1654 | CVE-2024-56000 |
|
39.8th | 9.8 | CVE-2024-56000 is an incorrect privilege assignment vulnerability in SeventhQueen's K Elements WordP | |
| 1655 | CVE-2025-68620 |
|
39.8th | 9.1 | Signal K Server versions before 2.19.0 allow unauthenticated attackers to steal JWT authentication t | |
| 1656 | CVE-2025-20354 |
|
39.6th | 9.8 | This critical vulnerability in Cisco Unified CCX allows unauthenticated remote attackers to upload a | |
| 1657 | CVE-2025-32926 |
|
39.5th | 9.8 | This path traversal vulnerability in the Grand Restaurant WordPress theme allows attackers to access | |
| 1658 | CVE-2025-46828 |
|
39.5th | 9.8 | An unauthenticated SQL injection vulnerability in WeGIA versions up to 3.3.0 allows attackers to exe | |
| 1659 | CVE-2025-22403 |
|
39.5th | 9.8 | This critical vulnerability in Android's Bluetooth stack allows remote attackers to execute arbitrar | |
| 1660 | CVE-2020-37082 |
|
39.5th | 9.8 | CVE-2020-37082 is an unauthenticated file access vulnerability in webERP 4.15.1 that allows remote a | |
| 1661 | CVE-2026-0933 |
|
39.5th | 9.9 | A command injection vulnerability in Wrangler's `pages deploy` command allows attackers who control | |
| 1662 | CVE-2024-56404 |
|
39.4th | 9.9 | An insecure direct object reference (IDOR) vulnerability in One Identity Identity Manager 9.x before | |
| 1663 | CVE-2019-25321 |
|
39.4th | 9.8 | CVE-2019-25321 is a critical stack overflow vulnerability in FTP Navigator 8.03 that allows attacker | |
| 1664 | CVE-2025-56749 |
|
39.4th | 9.4 | This vulnerability allows attackers to forge valid JWT authentication tokens using a predictable har | |
| 1665 | CVE-2025-36937 |
|
39.4th | 9.8 | This critical vulnerability in Android's audio decoder allows remote attackers to execute arbitrary | |
| 1666 | CVE-2024-57548 |
|
39.2th | 9.1 | CMSimple 5.16 contains a broken access control vulnerability that allows authenticated users to edit | |
| 1667 | CVE-2025-29100 |
|
39.3th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Tenda AC8 routers via a buff | |
| 1668 | CVE-2025-25595 |
|
39.3th | 9.8 | CVE-2025-25595 is an authentication bypass vulnerability in Safe App version a3.0.9 that allows atta | |
| 1669 | CVE-2024-53695 |
|
39.3th | 9.1 | A buffer overflow vulnerability in QNAP HBS 3 Hybrid Backup Sync allows remote attackers to modify m | |
| 1670 | CVE-2025-27661 |
|
39.2th | 9.1 | This CVE describes a session fixation vulnerability in Vasion Print (formerly PrinterLogic) that all | |
| 1671 | CVE-2025-35003 |
|
39.2th | 9.8 | This CVE describes memory buffer and stack-based buffer overflow vulnerabilities in Apache NuttX RTO | |
| 1672 | CVE-2025-4559 |
|
39.3th | 9.8 | CVE-2025-4559 is a critical SQL injection vulnerability in Netvision ISOinsight software that allows | |
| 1673 | CVE-2025-3708 |
|
39.3th | 9.8 | CVE-2025-3708 is a critical SQL injection vulnerability in Le-show medical practice management syste | |
| 1674 | CVE-2025-63221 |
|
39.3th | 9.1 | This vulnerability allows unauthenticated remote attackers to bypass authentication on Axel Technolo | |
| 1675 | CVE-2025-11366 |
|
39.3th | 9.8 | N-central versions before 2025.4 contain a path traversal vulnerability that allows attackers to byp | |
| 1676 | CVE-2025-63362 |
|
39.3th | 9.8 | This vulnerability allows attackers to set blank administrator credentials on Waveshare serial-to-Et | |
| 1677 | CVE-2024-57766 |
|
39.1th | 9.1 | This vulnerability allows remote code execution through fastjson deserialization in MSFM's table edi | |
| 1678 | CVE-2024-57763 |
|
39.1th | 9.1 | This CVE describes a fastjson deserialization vulnerability in MSFM that allows remote code executio | |
| 1679 | CVE-2025-27154 |
|
39.2th | 9.8 | Spotipy versions before 2.25.1 create cache files with overly permissive 644 permissions, exposing S | |
| 1680 | CVE-2025-25678 |
|
39.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Tenda i12 routers by sending | |
| 1681 | CVE-2025-25662 |
|
39.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Tenda O4 V3.0 routers via a | |
| 1682 | CVE-2025-30122 |
|
39.1th | 9.8 | ROADCAM X3 devices have hardcoded default credentials that cannot be changed by users, allowing atta | |
| 1683 | CVE-2025-30115 |
|
39.1th | 9.8 | The Forvia Hella HELLA Driving Recorder DR 820 uses hardcoded default WiFi credentials (SSID and pas | |
| 1684 | CVE-2025-30113 |
|
39.1th | 9.8 | The Forvia Hella HELLA Driving Recorder DR 820 dashcam's Android application contains hardcoded cred | |
| 1685 | CVE-2025-1960 |
|
39.1th | 9.8 | This vulnerability allows attackers to execute unauthorized commands on Schneider Electric systems w | |
| 1686 | CVE-2024-56336 |
|
39.1th | 9.8 | This vulnerability affects SINAMICS S200 industrial drives with specific serial numbers, allowing at | |
| 1687 | CVE-2025-27682 |
|
39.2th | 9.8 | CVE-2025-27682 is an insecure log permissions vulnerability in Vasion Print (formerly PrinterLogic) | |
| 1688 | CVE-2025-9286 |
|
39.1th | 9.8 | This vulnerability allows unauthenticated attackers to reset passwords of any WordPress user, includ | |
| 1689 | CVE-2025-27020 |
|
39.1th | 9.8 | An improper SSH configuration in Infinera MTC-9 allows unauthenticated attackers to execute arbitrar | |
| 1690 | CVE-2024-50706 |
|
39th | 9.8 | This is an unauthenticated SQL injection vulnerability in Uniguest Tripleplay version 23.1+ that all | |
| 1691 | CVE-2025-49591 |
|
39th | 9.1 | CryptPad versions before 2025.3.0 have a critical 2FA bypass vulnerability. Attackers who obtain use | |
| 1692 | CVE-2025-53518 |
|
39th | 9.8 | An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe | |
| 1693 | CVE-2025-52581 |
|
39th | 9.8 | An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh | |
| 1694 | CVE-2025-54387 |
|
39th | 9.8 | CVE-2025-54387 is a path traversal vulnerability in IPX image optimization software that allows atta | |
| 1695 | CVE-2025-63206 |
|
39th | 9.8 | An authentication bypass vulnerability in Dasan Switch DS2924 web interface allows attackers to gain | |
| 1696 | CVE-2019-25327 |
|
38.9th | 9.8 | CVE-2019-25327 is a critical buffer overflow vulnerability in Prime95 version 29.8 build 6 that allo | |
| 1697 | CVE-2019-25319 |
|
38.9th | 9.8 | CVE-2019-25319 is a critical stack overflow vulnerability in Domain Quester Pro 6.02 that allows rem | |
| 1698 | CVE-2024-32832 |
|
38.9th | 9.8 | This CVE describes a Missing Authorization vulnerability in the WordPress Login with Phone Number pl | |
| 1699 | CVE-2025-63531 |
|
38.9th | 10.0 | This SQL injection vulnerability in Blood Bank Management System 1.0 allows attackers to bypass auth | |
| 1700 | CVE-2025-46199 |
|
38.7th | 9.8 | A cross-site scripting (XSS) vulnerability in Grav CMS versions 1.7.48 and earlier allows attackers |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free