Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
1701	CVE-2024-12403	0.79%	73.4th	6.1	This vulnerability allows unauthenticated attackers to perform reflected cross-site scripting attack
1702	CVE-2024-11327	0.79%	73.4th	6.1	This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages
1703	CVE-2025-37094	0.79%	73.3th	5.5	This vulnerability allows attackers to delete arbitrary files on HPE StoreOnce backup appliances thr
1704	CVE-2024-8053	0.78%	73.3th	8.2	This vulnerability in open-webui v0.3.10 allows unauthenticated attackers to access the PDF generati
1705	CVE-2025-34392	0.78%	73.3th	9.8	This vulnerability in Barracuda Service Center allows attackers to upload malicious WSDL files that
1706	CVE-2022-31631	0.78%	73.3th	9.1	This vulnerability in PHP's PDO::quote() function for SQLite allows SQL injection when processing ov
1707	CVE-2025-30426	0.78%	73.3th	9.8	This vulnerability allows an app to enumerate a user's installed applications without proper authori
1708	CVE-2024-11343	0.78%	73.2th	8.3	This vulnerability in Progress Telerik Document Processing Libraries allows attackers to perform pat
1709	CVE-2025-25535	0.78%	73.2th	9.8	CVE-2025-25535 is an HTTP response manipulation vulnerability in SCRIPT CASE v1.0.002 Build7 that al
1710	CVE-2025-67186	0.78%	73.2th	9.8	This critical buffer overflow vulnerability in TOTOLINK A950RG routers allows remote attackers to ex
1711	CVE-2025-21379	0.78%	73.2th	7.1	This vulnerability allows remote attackers to execute arbitrary code on affected systems by sending
1712	CVE-2025-44635	0.78%	73.2th	9.8	This critical vulnerability allows unauthenticated attackers to execute arbitrary commands with root
1713	CVE-2024-13793	0.78%	73.2th	7.3	This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes in the
1714	CVE-2025-6514	0.78%	73.2th	9.6	CVE-2025-6514 is a critical OS command injection vulnerability in mcp-remote that allows remote code
1715	CVE-2024-12537	0.77%	73.2th	7.5	This vulnerability in open-webui version 0.3.32 allows unauthenticated attackers to send large POST
1716	CVE-2024-57536	0.77%	73.1th	8.0	This CVE describes a command injection vulnerability in the Linksys E8450 router's wizard_status com
1717	CVE-2025-24230	0.77%	73.1th	9.8	This CVE describes an out-of-bounds read vulnerability in Apple's audio file processing that could a
1718	CVE-2025-24211	0.77%	73.1th	9.8	A memory corruption vulnerability in Apple's video processing components allows attackers to cause u
1719	CVE-2025-24190	0.77%	73.1th	9.8	This is a critical memory corruption vulnerability in Apple's video processing components across mul
1720	CVE-2024-11286	0.77%	73.1th	9.8	The WP JobHunt plugin for WordPress has an authentication bypass vulnerability that allows unauthent
1721	CVE-2025-0349	0.77%	73.1th	8.8	A critical stack-based buffer overflow vulnerability in Tenda AC6 routers allows remote attackers to
1722	CVE-2024-58310	0.77%	73.1th	N/A	APC Network Management Card 4 contains an unauthenticated path traversal vulnerability that allows a
1723	CVE-2025-8890	0.77%	73.1th	N/A	CVE-2025-8890 is a shell command injection vulnerability in the network diagnostics tool of SDMC NE6
1724	CVE-2025-14208	0.77%	73.1th	6.3	This CVE describes a command injection vulnerability in D-Link DIR-823X routers where attackers can
1725	CVE-2025-2581	0.77%	73.1th	4.3	An integer underflow vulnerability in xmedcon's DICOM file handler allows remote attackers to potent
1726	CVE-2026-0625	0.77%	73.1th	N/A	This CVE describes an authentication bypass vulnerability in D-Link DSL/DIR/DNS devices that allows
1727	CVE-2025-3785	0.77%	73.1th	8.8	This critical vulnerability in D-Link DWR-M961 routers allows remote attackers to execute arbitrary
1728	CVE-2025-49741	0.77%	73.1th	7.4	This vulnerability in Microsoft Edge (Chromium-based) allows unauthorized attackers to access sensit
1729	CVE-2022-50936	0.77%	73.1th	8.8	This vulnerability allows authenticated attackers to execute arbitrary PHP code on WBCE CMS servers
1730	CVE-2025-69288	0.77%	73th	9.1	This vulnerability allows any authenticated admin user in Titra time tracking software to execute ar
1731	CVE-2025-21346	0.77%	73th	7.1	This CVE describes a security feature bypass vulnerability in Microsoft Office that could allow atta
1732	CVE-2024-10763	0.77%	73th	9.8	The Campress WordPress theme contains a Local File Inclusion vulnerability that allows unauthenticat
1733	CVE-2025-56431	0.77%	73th	7.5	This directory traversal vulnerability in FearlessCMS allows remote attackers to use the plugin-hand
1734	CVE-2025-56430	0.77%	73th	7.5	This CVE describes a directory traversal vulnerability in FearlessCMS that allows remote attackers t
1735	CVE-2025-30479	0.77%	73th	8.4	Dell CloudLink versions before 8.2 contain an OS command injection vulnerability (CWE-78) where auth
1736	CVE-2025-1609	0.76%	73th	6.3	This CVE describes a critical OS command injection vulnerability in LB-LINK AC1900 routers. Attacker
1737	CVE-2025-27716	0.76%	72.9th	6.5	A path traversal vulnerability in the HGW-BL1500HM gateway's USB file-sharing function allows attack
1738	CVE-2025-29411	0.76%	72.9th	9.8	An arbitrary file upload vulnerability in Mart Developers iBanking v2.0.0 allows authenticated attac
1739	CVE-2025-47204	0.76%	72.9th	6.1	This vulnerability in bootstrap-multiselect 1.1.2 allows attackers to execute arbitrary JavaScript c
1740	CVE-2025-21361	0.76%	72.9th	7.8	Microsoft Outlook contains a remote code execution vulnerability that allows attackers to execute ar
1741	CVE-2024-43097	0.76%	72.9th	7.8	This vulnerability is an integer overflow in Skia's SkRegion.cpp that leads to out-of-bounds write.
1742	CVE-2025-64120	0.76%	72.9th	8.8	This OS command injection vulnerability in Nuvation Energy Multi-Stack Controller allows attackers t
1743	CVE-2024-53305	0.76%	72.9th	7.3	This vulnerability allows remote attackers to execute arbitrary code on Whoogle Search instances by
1744	CVE-2024-25183	0.76%	72.9th	7.5	CVE-2024-25183 is a directory traversal vulnerability in givanz VvvebJs 1.7.2 that allows attackers
1745	CVE-2025-0247	0.76%	72.9th	9.8	CVE-2025-0247 is a critical memory safety vulnerability in Firefox and Thunderbird that could allow
1746	CVE-2024-49749	0.76%	72.8th	8.8	This vulnerability allows remote attackers to execute arbitrary code on affected systems without use
1747	CVE-2025-0864	0.76%	72.8th	6.1	This vulnerability allows unauthenticated attackers to perform reflected cross-site scripting (XSS)
1748	CVE-2023-39339	0.76%	72.8th	4.9	This vulnerability allows authenticated administrators on Ivanti Policy Secure to read arbitrary fil
1749	CVE-2025-21362	0.76%	72.8th	8.4	This vulnerability allows attackers to execute arbitrary code on a victim's system by tricking them
1750	CVE-2024-13421	0.75%	72.8th	9.8	This vulnerability in the Real Estate 7 WordPress theme allows unauthenticated attackers to register

← Previous Page 35 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free