Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 151 | CVE-2025-6058 |
|
95.7th | 9.8 | The WPBookit WordPress plugin allows unauthenticated attackers to upload arbitrary files due to miss | |
| 152 | CVE-2025-29085 |
|
95.7th | 9.8 | This CVE describes a critical SQL injection vulnerability in vipshop Saturn's console dashboard comp | |
| 153 | CVE-2025-32814 |
|
95.7th | 9.8 | Unauthenticated SQL injection vulnerability in Infoblox NETMRI allows attackers to execute arbitrary | |
| 154 | CVE-2025-54068 |
|
95.6th | 9.8 | This vulnerability in Livewire v3 allows unauthenticated attackers to execute arbitrary commands rem | |
| 155 | CVE-2025-6793 |
|
95.6th | 9.4 | This vulnerability in Marvell QConvergeConsole allows unauthenticated remote attackers to delete arb | |
| 156 | CVE-2025-28915 |
|
95.6th | 9.1 | This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress si | |
| 157 | CVE-2025-32969 |
|
95.5th | 9.8 | This vulnerability allows remote unauthenticated attackers to perform blind SQL injection on XWiki i | |
| 158 | CVE-2025-32463 |
|
95.5th | 9.3 | KEV | This vulnerability in Sudo allows local users to escalate privileges to root by exploiting the --chr |
| 159 | CVE-2025-56819 |
|
95.5th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Datart servers by exploiting | |
| 160 | CVE-2021-4462 |
|
95.4th | 9.8 | CVE-2021-4462 is an unrestricted file upload vulnerability in Employee Records System version 1.0 th | |
| 161 | CVE-2025-54948 |
|
95.4th | 9.4 | KEV | A critical vulnerability in Trend Micro Apex One (on-premise) management console allows unauthentica |
| 162 | CVE-2025-29814 |
|
95.2th | 9.3 | CVE-2025-29814 is an improper authorization vulnerability in Microsoft Partner Center that allows au | |
| 163 | CVE-2025-20333 |
|
95.1th | 9.9 | KEV | This critical vulnerability in Cisco ASA and FTD VPN web servers allows authenticated remote attacke |
| 164 | CVE-2024-11635 |
|
95.1th | 9.8 | This vulnerability allows unauthenticated attackers to execute arbitrary code on WordPress servers r | |
| 165 | CVE-2025-55727 |
|
95.1th | 10.0 | CVE-2025-55727 is a critical remote code execution vulnerability in XWiki Remote Macros that allows | |
| 166 | CVE-2024-51818 |
|
94.9th | 9.3 | This SQL injection vulnerability in the Fancy Product Designer WordPress plugin allows attackers to | |
| 167 | CVE-2025-25038 |
|
94.9th | 9.8 | A critical OS command injection vulnerability in MiniDVBLinux allows remote unauthenticated attacker | |
| 168 | CVE-2025-25579 |
|
94.9th | 9.8 | This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK A3002R routers | |
| 169 | CVE-2025-28146 |
|
94.9th | 9.8 | This CVE describes a critical command injection vulnerability in Edimax AC1200 routers that allows a | |
| 170 | CVE-2025-6934 |
|
94.9th | 9.8 | This vulnerability allows unauthenticated attackers to register accounts with Administrator privileg | |
| 171 | CVE-2025-45854 |
|
94.8th | 10.0 | CVE-2025-45854 is a critical remote code execution vulnerability in JEHC-BPM 2.0.1 that allows attac | |
| 172 | CVE-2025-5701 |
|
94.8th | 9.8 | The HyperComments WordPress plugin has a critical vulnerability that allows unauthenticated attacker | |
| 173 | CVE-2025-22939 |
|
94.7th | 9.8 | A command injection vulnerability in the telnet service of Adtran 411 ONT devices allows unauthentic | |
| 174 | CVE-2025-1562 |
|
94.6th | 9.8 | This vulnerability allows unauthenticated attackers to install arbitrary WordPress plugins on sites | |
| 175 | CVE-2025-2777 |
|
94.6th | 9.3 | SysAid On-Prem versions up to 23.3.40 contain an unauthenticated XML External Entity (XXE) vulnerabi | |
| 176 | CVE-2024-10811 |
|
94.5th | 9.8 | This vulnerability allows remote unauthenticated attackers to perform absolute path traversal attack | |
| 177 | CVE-2025-49844 |
|
94.4th | 9.9 | This CVE describes a critical vulnerability in Redis where authenticated users can execute specially | |
| 178 | CVE-2025-29384 |
|
94.3th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Tenda AC9 routers by exploit | |
| 179 | CVE-2026-21877 |
|
94.3th | 9.9 | This vulnerability allows authenticated attackers to execute arbitrary code on n8n workflow automati | |
| 180 | CVE-2025-8868 |
|
94.2th | 9.8 | An authenticated attacker can exploit SQL injection in Chef Automate's compliance service to gain un | |
| 181 | CVE-2024-57225 |
|
94.2th | 9.8 | This CVE describes a command injection vulnerability in Linksys E7350 routers where an attacker can | |
| 182 | CVE-2024-57223 |
|
94.2th | 9.8 | This CVE describes a command injection vulnerability in Linksys E7350 routers that allows attackers | |
| 183 | CVE-2025-25291 |
|
94.1th | 9.8 | CVE-2025-25291 is an authentication bypass vulnerability in ruby-saml that allows attackers to bypas | |
| 184 | CVE-2024-47908 |
|
94.1th | 9.1 | This vulnerability allows authenticated administrators in Ivanti Cloud Services Application (CSA) to | |
| 185 | CVE-2025-27203 |
|
94th | 9.6 | Adobe Connect versions 24.0 and earlier contain a deserialization vulnerability that allows attacker | |
| 186 | CVE-2025-34513 |
|
93.9th | 9.8 | Ilevia EVE X1 Server firmware contains an unauthenticated OS command injection vulnerability in mbus | |
| 187 | CVE-2024-55030 |
|
93.9th | 9.8 | A command injection vulnerability in NASA Fprime v3.4.3's Command Dispatcher Service allows attacker | |
| 188 | CVE-2025-26399 |
|
93.9th | 9.8 | CVE-2025-26399 is an unauthenticated remote code execution vulnerability in SolarWinds Web Help Desk | |
| 189 | CVE-2025-22941 |
|
93.9th | 9.8 | A command injection vulnerability in Adtran 411 ONT web interface allows attackers to execute arbitr | |
| 190 | CVE-2025-21307 |
|
93.7th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by | |
| 191 | CVE-2025-6805 |
|
93.7th | 9.1 | This vulnerability allows unauthenticated remote attackers to delete arbitrary files on Marvell QCon | |
| 192 | CVE-2025-6798 |
|
93.7th | 9.1 | This vulnerability allows unauthenticated remote attackers to delete arbitrary files on Marvell QCon | |
| 193 | CVE-2024-13375 |
|
93.6th | 9.8 | The Adifier System WordPress plugin has a critical privilege escalation vulnerability that allows un | |
| 194 | CVE-2025-22954 |
|
93.6th | 10.0 | This SQL injection vulnerability in Koha library management software allows attackers to execute arb | |
| 195 | CVE-2025-0665 |
|
93.6th | 9.8 | libcurl incorrectly closes the same eventfd file descriptor twice during threaded name resolution cl | |
| 196 | CVE-2022-50596 |
|
93.6th | 9.8 | CVE-2022-50596 is a critical command injection vulnerability in D-Link DIR-1260 routers that allows | |
| 197 | CVE-2025-28137 |
|
93.6th | 9.8 | This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on TOTOLINK | |
| 198 | CVE-2025-24383 |
|
93.6th | 9.1 | Dell Unity storage systems running version 5.4 or earlier contain an OS command injection vulnerabil | |
| 199 | CVE-2026-23744 |
|
93.5th | 9.8 | MCPJam inspector versions 1.4.2 and earlier contain a critical remote code execution vulnerability. | |
| 200 | CVE-2025-49825 |
|
93.5th | 9.8 | CVE-2025-49825 is a critical authentication bypass vulnerability in Teleport Community Edition that |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free