Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1701 | CVE-2025-20684 |
|
38.7th | 9.8 | This CVE describes a critical out-of-bounds write vulnerability in MediaTek's WLAN AP driver. An att | |
| 1702 | CVE-2025-20682 |
|
38.7th | 9.8 | This vulnerability in MediaTek wlan AP driver allows local attackers to write beyond allocated memor | |
| 1703 | CVE-2025-20680 |
|
38.7th | 9.8 | This CVE describes a critical Bluetooth driver vulnerability allowing local privilege escalation wit | |
| 1704 | CVE-2025-20309 |
|
38.8th | 10.0 | This critical vulnerability allows unauthenticated remote attackers to log into Cisco Unified Commun | |
| 1705 | CVE-2025-8898 |
|
38.8th | 9.8 | This vulnerability allows unauthenticated attackers to change any user's email address in the Taxi B | |
| 1706 | CVE-2025-0637 |
|
38.6th | 9.8 | CVE-2025-0637 is an improper authentication vulnerability in Beta10 software that allows unauthentic | |
| 1707 | CVE-2024-13279 |
|
38.6th | 9.8 | A session fixation vulnerability in Drupal's Two-factor Authentication (TFA) module allows attackers | |
| 1708 | CVE-2025-69874 |
|
38.6th | 9.8 | CVE-2025-69874 is a critical path traversal vulnerability in nanotar that allows attackers to write | |
| 1709 | CVE-2025-40547 |
|
38.7th | 9.1 | A logic error vulnerability in SolarWinds Serv-U allows administrators to execute arbitrary code. Th | |
| 1710 | CVE-2025-24204 |
|
38.6th | 9.8 | This vulnerability in macOS allows malicious applications to bypass security restrictions and access | |
| 1711 | CVE-2024-22036 |
|
38.6th | 9.1 | This vulnerability in Rancher allows attackers to escape the chroot jail and gain root access to the | |
| 1712 | CVE-2025-30184 |
|
38.6th | 9.8 | CVE-2025-30184 allows unauthenticated attackers to bypass authentication and access the CyberData 01 | |
| 1713 | CVE-2025-11023 |
|
38.5th | 9.8 | This CVE describes a PHP Local File Inclusion vulnerability in ArkSigner's AcBakImzala software that | |
| 1714 | CVE-2025-59246 |
|
38.6th | 9.8 | This critical vulnerability in Azure Entra ID (formerly Azure Active Directory) allows attackers to | |
| 1715 | CVE-2025-53252 |
|
38.5th | 9.8 | This vulnerability allows attackers to include local PHP files through improper filename control in | |
| 1716 | CVE-2025-48290 |
|
38.5th | 9.8 | This CVE describes a PHP Local File Inclusion vulnerability in the Kinsley WordPress theme. Attacker | |
| 1717 | CVE-2025-60262 |
|
38.5th | 9.8 | A vsftpd misconfiguration vulnerability in H3C wireless devices allows anonymous FTP uploads to be o | |
| 1718 | CVE-2024-35532 |
|
38.4th | 9.1 | An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea allows attackers to read | |
| 1719 | CVE-2023-31585 |
|
38.4th | 9.8 | Grocery-CMS-PHP-Restful-API v1.3 has an unrestricted file upload vulnerability in the /admin/add-cat | |
| 1720 | CVE-2025-6561 |
|
38.4th | 9.8 | Hunt Electronic HBF-09KD and HBF-16NK hybrid DVR models expose a system configuration file containin | |
| 1721 | CVE-2025-27224 |
|
38.4th | 9.8 | This vulnerability allows unauthenticated attackers to upload malicious files to arbitrary locations | |
| 1722 | CVE-2025-63216 |
|
38.4th | 10.0 | This vulnerability allows attackers to bypass authentication on Itel DAB Gateway devices by reusing | |
| 1723 | CVE-2025-63389 |
|
38.4th | 9.8 | A critical authentication bypass vulnerability in Ollama platform allows remote attackers to perform | |
| 1724 | CVE-2025-25567 |
|
38.3th | 9.8 | SoftEther VPN 5.02.5187 contains a buffer overflow vulnerability in the UniToStrForSingleChars funct | |
| 1725 | CVE-2025-6424 |
|
38.3th | 9.8 | A use-after-free vulnerability in Firefox's FontFaceSet implementation allows memory corruption that | |
| 1726 | CVE-2021-47753 |
|
38.3th | 9.8 | CVE-2021-47753 is an unauthenticated file upload vulnerability in phpKF CMS that allows remote attac | |
| 1727 | CVE-2024-7957 |
|
38.2th | 9.1 | This vulnerability allows attackers to overwrite or create arbitrary files on systems running danswe | |
| 1728 | CVE-2025-22871 |
|
38.2th | 9.1 | This vulnerability in Go's net/http package allows HTTP request smuggling when servers incorrectly a | |
| 1729 | CVE-2025-41651 |
|
38.1th | 9.8 | This critical vulnerability allows unauthenticated remote attackers to execute arbitrary commands on | |
| 1730 | CVE-2025-45863 |
|
38.1th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on TOTOLINK A3002R routers via | |
| 1731 | CVE-2025-45861 |
|
38.1th | 9.8 | This CVE describes a critical buffer overflow vulnerability in TOTOLINK A3002R routers that allows r | |
| 1732 | CVE-2025-53888 |
|
38.2th | 9.8 | RIOT-OS versions up to 2025.04 have a buffer overflow vulnerability in the l2filter_add() function w | |
| 1733 | CVE-2026-2096 |
|
38.1th | 9.8 | Agentflow software by Flowring has a Missing Authentication vulnerability (CWE-288) that allows unau | |
| 1734 | CVE-2026-21643 |
|
38.1th | 9.8 | An unauthenticated SQL injection vulnerability in Fortinet FortiClientEMS allows attackers to execut | |
| 1735 | CVE-2024-7053 |
|
38th | 9.0 | This vulnerability allows an attacker with a user-level account to perform a session fixation attack | |
| 1736 | CVE-2025-43567 |
|
37.9th | 9.3 | Adobe Connect versions 12.8 and earlier contain a reflected Cross-Site Scripting (XSS) vulnerability | |
| 1737 | CVE-2024-58338 |
|
38th | 10.0 | Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke | |
| 1738 | CVE-2026-24307 |
|
38th | 9.3 | This vulnerability in M365 Copilot allows unauthorized attackers to access sensitive information ove | |
| 1739 | CVE-2026-24058 |
|
38th | 9.8 | Soft Serve versions 0.11.2 and below have a critical authentication bypass vulnerability that allows | |
| 1740 | CVE-2025-47283 |
|
38th | 9.9 | A privilege escalation vulnerability in Gardener allows project administrators to gain control over | |
| 1741 | CVE-2025-12543 |
|
38th | 9.6 | CVE-2025-12543 is a critical vulnerability in Undertow HTTP server core where improper Host header v | |
| 1742 | CVE-2025-22992 |
|
37.8th | 9.8 | A critical SQL injection vulnerability in Emoncms allows attackers to execute arbitrary SQL commands | |
| 1743 | CVE-2024-57098 |
|
37.8th | 9.8 | Moss v0.1.3 contains an SQL injection vulnerability in the order parameter that allows attackers to | |
| 1744 | CVE-2025-45789 |
|
37.8th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on TOTOLINK A3100R routers via | |
| 1745 | CVE-2025-45787 |
|
37.8th | 9.8 | CVE-2025-45787 is a critical buffer overflow vulnerability in TOTOLINK A3100R routers that allows re | |
| 1746 | CVE-2026-2248 |
|
37.8th | 9.8 | METIS WIC devices with firmware versions up to oscore 2.1.234-r18 expose an unauthenticated web-base | |
| 1747 | CVE-2024-53573 |
|
37.8th | 9.8 | Unifiedtransform v2.X has an improper access control vulnerability where unauthorized users can acce | |
| 1748 | CVE-2025-32206 |
|
37.7th | 9.1 | This vulnerability allows attackers to upload arbitrary files, including web shells, to servers runn | |
| 1749 | CVE-2024-6914 |
|
37.7th | 9.8 | This vulnerability allows attackers to reset any user's password via a flawed SOAP admin service in | |
| 1750 | CVE-2025-36535 |
|
37.7th | 10.0 | This critical vulnerability in an embedded web server allows unauthenticated remote attackers to acc |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free