Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 1801 | CVE-2024-39327 |
|
37.2th | 9.9 | This vulnerability in Atos Eviden IDRA (Identity and Access Management solution) allows attackers to | |
| 1802 | CVE-2025-30137 |
|
37.1th | 9.8 | This vulnerability allows attackers to gain unauthorized access to G-Net GNET dashcam systems using | |
| 1803 | CVE-2025-23394 |
|
37.1th | 9.8 | A UNIX symbolic link following vulnerability in cyrus-imapd on openSUSE Tumbleweed allows local atta | |
| 1804 | CVE-2025-63224 |
|
37.2th | 10.0 | This vulnerability allows attackers to bypass authentication on Itel DAB Encoder devices by reusing | |
| 1805 | CVE-2025-63210 |
|
37.2th | 9.8 | This vulnerability allows attackers to bypass authentication on Newtec Celox UHD satellite modems by | |
| 1806 | CVE-2025-63217 |
|
37.2th | 9.8 | This vulnerability allows attackers to bypass authentication on Itel DAB MUX devices by reusing a va | |
| 1807 | CVE-2025-27670 |
|
37th | 9.8 | CVE-2025-27670 is a critical vulnerability in Vasion Print (formerly PrinterLogic) that allows attac | |
| 1808 | CVE-2025-3498 |
|
37.1th | 9.9 | An unauthenticated attacker with management network access can exploit exposed REST APIs on Radiflow | |
| 1809 | CVE-2025-64130 |
|
37.1th | 9.8 | Zenitel TCIV-3+ devices contain a reflected cross-site scripting (XSS) vulnerability that allows rem | |
| 1810 | CVE-2026-24124 |
|
37.1th | 9.8 | Dragonfly versions 2.4.1-rc.0 and below have missing authentication and authorization checks on Job | |
| 1811 | CVE-2024-53351 |
|
37th | 9.8 | Insecure permissions in PipeCD v0.49 allow attackers to access the service account's authentication | |
| 1812 | CVE-2025-40664 |
|
37th | 9.1 | CVE-2025-40664 is a missing authentication vulnerability in TCMAN GIM v11 that allows unauthenticate | |
| 1813 | CVE-2025-32798 |
|
36.9th | 9.8 | CVE-2025-32798 allows arbitrary code execution during conda package builds due to unsafe eval() usag | |
| 1814 | CVE-2026-21969 |
|
36.9th | 9.8 | An unauthenticated remote code execution vulnerability in Oracle Agile Product Lifecycle Management | |
| 1815 | CVE-2025-61506 |
|
36.9th | 9.8 | MediaCrush versions through 1.0.1 contain an unrestricted file upload vulnerability that allows unau | |
| 1816 | CVE-2024-54512 |
|
36.9th | 9.1 | A system binary vulnerability in Apple operating systems could allow an attacker to fingerprint a us | |
| 1817 | CVE-2025-49831 |
|
36.9th | 9.8 | This vulnerability allows attackers to reroute authentication requests from Secrets Manager to malic | |
| 1818 | CVE-2025-60553 |
|
36.8th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on D-Link DIR600L routers via a | |
| 1819 | CVE-2025-60548 |
|
36.8th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on D-Link DIR600L routers by ex | |
| 1820 | CVE-2026-22238 |
|
36.9th | 9.8 | This critical vulnerability in BLUVOYIX allows unauthenticated attackers to create admin users via s | |
| 1821 | CVE-2026-22236 |
|
36.9th | 9.8 | This critical authentication bypass vulnerability in BLUVOYIX allows unauthenticated attackers to se | |
| 1822 | CVE-2026-1632 |
|
36.9th | 9.1 | MOMA Seismic Station versions v2.4.2520 and earlier expose their web management interface without re | |
| 1823 | CVE-2025-43728 |
|
36.7th | 9.6 | Dell ThinOS 10 contains a protection mechanism failure vulnerability that allows unauthenticated rem | |
| 1824 | CVE-2025-22408 |
|
36.6th | 9.8 | CVE-2025-22408 is a critical use-after-free vulnerability in Android's Bluetooth stack that allows r | |
| 1825 | CVE-2025-27129 |
|
36.7th | 9.8 | An authentication bypass vulnerability in Tenda AC6 routers allows attackers to bypass HTTP authenti | |
| 1826 | CVE-2025-66032 |
|
36.7th | 9.8 | CVE-2025-66032 is a command injection vulnerability in Claude Code that allows bypassing read-only v | |
| 1827 | CVE-2025-67268 |
|
36.6th | 9.8 | This vulnerability in gpsd allows attackers to trigger heap-based out-of-bounds writes by sending sp | |
| 1828 | CVE-2024-13771 |
|
36.5th | 9.8 | This vulnerability allows unauthenticated attackers to reset passwords for any user account in the C | |
| 1829 | CVE-2023-47031 |
|
36.5th | 9.8 | This vulnerability allows remote attackers to escalate privileges in NCR Terminal Handler v1.5.1 by | |
| 1830 | CVE-2025-11250 |
|
36.5th | 9.1 | This authentication bypass vulnerability in ManageEngine ADSelfService Plus allows attackers to circ | |
| 1831 | CVE-2024-38337 |
|
36.5th | 9.1 | IBM Sterling Secure Proxy versions 6.0.0.0 through 6.2.0.0 contain incorrect permission assignments | |
| 1832 | CVE-2025-27659 |
|
36.5th | 9.8 | This SQL injection vulnerability in Vasion Print (formerly PrinterLogic) allows attackers to execute | |
| 1833 | CVE-2025-27640 |
|
36.5th | 9.8 | This SQL injection vulnerability in Vasion Print (formerly PrinterLogic) allows attackers to execute | |
| 1834 | CVE-2025-31033 |
|
36.5th | 9.8 | A Cross-Site Request Forgery (CSRF) vulnerability in the Adam Nowak Buddypress Humanity WordPress pl | |
| 1835 | CVE-2025-47549 |
|
36.5th | 9.1 | This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress si | |
| 1836 | CVE-2025-52353 |
|
36.4th | 9.8 | This vulnerability allows authenticated attackers to upload malicious files containing PHP code to B | |
| 1837 | CVE-2025-1941 |
|
36.3th | 9.1 | This vulnerability allows attackers to bypass authentication requirements for Firefox's Focus featur | |
| 1838 | CVE-2025-24522 |
|
36.3th | 10.0 | KUNBUS Revolution Pi OS Bookworm 01/2025 has no authentication configured by default for its Node-RE | |
| 1839 | CVE-2025-1041 |
|
36.3th | 9.9 | An improper input validation vulnerability in Avaya Call Management System allows remote attackers t | |
| 1840 | CVE-2025-48952 |
|
36.3th | 9.4 | This CVE describes an authentication bypass vulnerability in NetAlertX where attackers can log in wi | |
| 1841 | CVE-2025-54466 |
|
36.3th | 9.8 | This CVE describes a critical code injection vulnerability in Apache OFBiz's scrum plugin, allowing | |
| 1842 | CVE-2024-48886 |
|
36.2th | 9.0 | This vulnerability allows attackers to bypass weak authentication mechanisms in multiple Fortinet pr | |
| 1843 | CVE-2026-21531 |
|
36.2th | 9.8 | This critical vulnerability in Azure SDK allows remote code execution through deserialization of unt | |
| 1844 | CVE-2025-35451 |
|
36.1th | 9.8 | This vulnerability affects PTZOptics and other ValueHD-based pan-tilt-zoom cameras that use hard-cod | |
| 1845 | CVE-2025-0585 |
|
35.9th | 9.8 | CVE-2025-0585 is a critical SQL injection vulnerability in a+HRD software from aEnrich Technology th | |
| 1846 | CVE-2025-0896 |
|
36th | 9.8 | Orthanc server versions before 1.5.8 have remote access enabled without basic authentication by defa | |
| 1847 | CVE-2025-27515 |
|
36th | 9.8 | A validation bypass vulnerability in Laravel's wildcard file validation allows attackers to upload m | |
| 1848 | CVE-2025-32877 |
|
35.9th | 9.8 | COROS PACE 3 smartwatches through firmware version 3.0808.0 incorrectly identify themselves as devic | |
| 1849 | CVE-2025-0498 |
|
35.7th | 9.8 | A data exposure vulnerability in Rockwell Automation FactoryTalk AssetCentre allows threat actors to | |
| 1850 | CVE-2024-54142 |
|
35.8th | 9.0 | This vulnerability allows cross-site scripting (XSS) attacks in Discourse AI plugin when HTML entiti |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free