Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
1901	CVE-2025-45841	0.15%	35th	9.8	This vulnerability allows authenticated attackers to execute arbitrary code on TOTOLINK NR1800X rout
1902	CVE-2025-46726	0.15%	35th	9.1	Langroid applications using the XMLToolMessage class with untrusted XML input are vulnerable to XML
1903	CVE-2025-46117	0.15%	34.9th	9.1	This vulnerability allows authenticated attackers to execute arbitrary commands as root on Ruckus wi
1904	CVE-2024-13241	0.14%	34.7th	9.1	This CVE describes an Improper Authorization vulnerability in Drupal Open Social that allows attacke
1905	CVE-2025-27528	0.14%	34.8th	9.1	This vulnerability allows attackers to exploit insecure deserialization in Apache InLong's JDBC comp
1906	CVE-2025-32975	0.14%	34.7th	10.0	This CVE describes an authentication bypass vulnerability in Quest KACE Systems Management Appliance
1907	CVE-2025-43347	0.14%	34.7th	9.8	An input validation vulnerability in Apple operating systems allows attackers to execute arbitrary c
1908	CVE-2025-11837	0.14%	34.7th	9.8	This critical vulnerability in Malware Remover allows remote attackers to bypass security protection
1909	CVE-2025-29922	0.14%	34.7th	9.6	This vulnerability in kcp allows attackers to create or delete objects in any arbitrary target works
1910	CVE-2025-43563	0.14%	34.5th	9.1	This CVE describes an Improper Access Control vulnerability in Adobe ColdFusion that allows high-pri
1911	CVE-2025-5120	0.14%	34.7th	10.0	This CVE describes a critical sandbox escape vulnerability in huggingface/smolagents version 1.14.0
1912	CVE-2025-52239	0.14%	34.4th	9.8	CVE-2025-52239 is an arbitrary file upload vulnerability in ZKEACMS v4.1 that allows attackers to up
1913	CVE-2025-43220	0.14%	34.4th	9.8	This vulnerability allows malicious applications to bypass symlink validation and access protected u
1914	CVE-2025-11148	0.14%	34.3th	9.8	CVE-2025-11148 is a critical command injection vulnerability in the check-branches npm package that
1915	CVE-2024-9643	0.14%	34.1th	9.8	The Four-Faith F3x36 router firmware v2.0.0 contains hard-coded administrative credentials, allowing
1916	CVE-2025-9060	0.14%	34.2th	9.1	This vulnerability in MSoft MFlash allows authenticated administrators to execute arbitrary code on
1917	CVE-2025-35452	0.14%	34.1th	9.8	This vulnerability allows attackers to access PTZOptics and other ValueHD-based pan-tilt-zoom camera
1918	CVE-2025-13619	0.14%	34.2th	9.8	The Flex Store Users WordPress plugin allows unauthenticated attackers to register accounts with adm
1919	CVE-2025-12963	0.14%	34.2th	9.8	The LazyTasks WordPress plugin has an unauthenticated privilege escalation vulnerability that allows
1920	CVE-2025-13764	0.14%	34.2th	9.8	The WP CarDealer WordPress plugin has a critical privilege escalation vulnerability that allows unau
1921	CVE-2026-25632	0.14%	34.1th	10.0	CVE-2026-25632 is a critical remote code execution vulnerability in EPyT-Flow's REST API. Attackers
1922	CVE-2025-15018	0.14%	34.2th	9.8	The Optional Email WordPress plugin contains a privilege escalation vulnerability that allows unauth
1923	CVE-2023-27112	0.14%	34th	9.8	This SQL injection vulnerability in pearProjectApi allows attackers to execute arbitrary SQL command
1924	CVE-2024-40762	0.14%	34th	9.8	This vulnerability in SonicOS SSLVPN uses a weak random number generator for authentication tokens,
1925	CVE-2025-25349	0.14%	34th	9.8	CVE-2025-25349 is a critical SQL injection vulnerability in PHPGurukul Daily Expense Tracker System
1926	CVE-2026-1306	0.14%	34th	9.8	The midi-Synth WordPress plugin allows unauthenticated attackers to upload arbitrary files due to mi
1927	CVE-2025-26163	0.14%	34th	9.8	CVE-2025-26163 is a critical SQL injection vulnerability in CM Soluces Informatica Ltda Auto Atendim
1928	CVE-2025-41702	0.14%	34th	9.8	This vulnerability allows unauthenticated remote attackers to generate valid JWT tokens using a hard
1929	CVE-2025-57052	0.14%	34.1th	9.8	cJSON versions 1.5.0 through 1.7.18 contain an out-of-bounds access vulnerability in the decode_arra
1930	CVE-2025-34516	0.14%	34th	9.8	Ilevia EVE X1 Server firmware versions up to 4.7.18.0.eden contain hardcoded default credentials tha
1931	CVE-2025-66262	0.14%	34.1th	9.8	This vulnerability allows attackers to overwrite arbitrary system files via path traversal in tar ar
1932	CVE-2025-12158	0.14%	34th	9.8	The Simple User Capabilities WordPress plugin has a critical privilege escalation vulnerability that
1933	CVE-2026-23978	0.14%	34th	9.8	This vulnerability allows attackers to include local files on the server through improper filename c
1934	CVE-2024-13281	0.14%	33.9th	9.1	This CVE describes an incorrect authorization vulnerability in Drupal's Monster Menus module that al
1935	CVE-2024-13277	0.14%	33.9th	9.1	This vulnerability allows attackers to bypass authorization controls in Drupal Smart IP Ban module,
1936	CVE-2024-36556	0.14%	33.9th	9.1	This CVE describes a hardcoded password vulnerability in Forever KidsWatch smartwatches. Attackers c
1937	CVE-2025-39436	0.14%	33.9th	9.1	This vulnerability allows attackers to upload malicious files to WordPress sites using the I Draw pl
1938	CVE-2025-39356	0.14%	33.8th	9.8	This vulnerability allows attackers to inject malicious objects through deserialization of untrusted
1939	CVE-2025-39354	0.14%	33.8th	9.8	This vulnerability allows attackers to inject malicious objects through deserialization of untrusted
1940	CVE-2025-39349	0.14%	33.8th	9.8	CVE-2025-39349 is a PHP object injection vulnerability in the CiyaShop WordPress theme that allows a
1941	CVE-2025-32928	0.14%	33.8th	9.8	This vulnerability in the ThemeGoods Altair WordPress theme allows attackers to inject malicious obj
1942	CVE-2025-47581	0.14%	33.8th	9.8	This vulnerability allows attackers to execute arbitrary code on WordPress sites by exploiting insec
1943	CVE-2025-39410	0.14%	33.8th	9.8	This vulnerability allows remote attackers to execute arbitrary PHP code through deserialization of
1944	CVE-2025-30515	0.14%	33.8th	9.8	CVE-2025-30515 is a path traversal vulnerability in CyberData 011209 Intercom systems that allows au
1945	CVE-2025-7918	0.14%	33.9th	9.8	CVE-2025-7918 is a critical SQL injection vulnerability in WinMatrix3 Web package that allows unauth
1946	CVE-2025-52688	0.14%	33.8th	9.8	This vulnerability allows remote attackers to execute arbitrary commands with root privileges on aff
1947	CVE-2025-15047	0.14%	33.9th	9.8	This vulnerability allows remote attackers to execute arbitrary code on Tenda WH450 routers by sendi
1948	CVE-2025-15046	0.14%	33.9th	9.8	This is a critical stack-based buffer overflow vulnerability in Tenda WH450 routers that allows remo
1949	CVE-2025-15045	0.14%	33.9th	9.8	A stack-based buffer overflow vulnerability in Tenda WH450 routers allows remote attackers to execut
1950	CVE-2025-15044	0.14%	33.9th	9.8	This vulnerability allows remote attackers to execute arbitrary code on Tenda WH450 routers by explo

← Previous Page 39 of 70 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free