Login Sign Up

Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
All Critical High Medium Low
Rank CVE ID EPSS Score Percentile CVSS Flags Summary
1951 CVE-2025-54386
0.66%
70.7th 9.8 A path traversal vulnerability in Traefik's WASM plugin installation mechanism allows attackers to o
1952 CVE-2025-34271
0.66%
70.7th 9.8 Nagios Log Server versions before 2024R2.0.2 transmit cluster credentials over unencrypted channels
1953 CVE-2025-21410
0.66%
70.6th 8.8 This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Rout
1954 CVE-2025-21407
0.66%
70.6th 8.8 CVE-2025-21407 is a heap-based buffer overflow vulnerability in Windows Telephony Service that allow
1955 CVE-2025-21406
0.66%
70.6th 8.8 This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
1956 CVE-2025-21201
0.66%
70.6th 8.8 This vulnerability in Windows Telephony Server allows remote attackers to execute arbitrary code on
1957 CVE-2025-21190
0.66%
70.6th 8.8 This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
1958 CVE-2025-24249
0.66%
70.6th 9.8 This CVE describes a macOS sandbox bypass vulnerability that allows malicious applications to check
1959 CVE-2025-24207
0.66%
70.6th 9.8 This CVE describes a macOS permissions vulnerability where malicious applications can enable iCloud
1960 CVE-2025-24181
0.66%
70.6th 9.8 A permissions vulnerability in macOS allows applications to bypass security restrictions and access
1961 CVE-2025-21338
0.66%
70.6th 7.8 This CVE describes a GDI+ remote code execution vulnerability that allows attackers to execute arbit
1962 CVE-2025-3098
0.66%
70.6th 6.1 The Video Url WordPress plugin up to version 1.0.0.3 contains a reflected cross-site scripting vulne
1963 CVE-2025-5439
0.66%
70.5th 6.3 A critical OS command injection vulnerability in Linksys RE series WiFi extenders allows remote atta
1964 CVE-2025-0928
0.66%
70.6th 8.8 This vulnerability allows any authenticated Juju controller user to upload malicious agent binaries
1965 CVE-2024-11437
0.66%
70.5th 4.9 The Timeline Designer WordPress plugin contains an SQL injection vulnerability that allows unauthent
1966 CVE-2025-23011
0.66%
70.5th 8.8 Fedora Repository 3.8.1 contains a path traversal vulnerability (Zip Slip) that allows authenticated
1967 CVE-2025-24983
0.66%
70.5th 7.0 KEV This is a use-after-free vulnerability in the Windows Win32 Kernel Subsystem that allows an authenti
1968 CVE-2025-14884
0.66%
70.5th 7.2 This CVE describes a command injection vulnerability in the firmware update service of D-Link DIR-60
1969 CVE-2025-2270
0.65%
70.4th 8.1 This vulnerability allows unauthenticated attackers to perform Local File Inclusion (LFI) in the Cou
1970 CVE-2025-29070
0.65%
70.4th 7.5 A heap buffer overflow vulnerability exists in the smooth2() function of lcms2-2.16's cmsgamma.c fil
1971 CVE-2025-3029
0.65%
70.4th 7.3 This vulnerability allows attackers to craft URLs with specific Unicode characters that hide the tru
1972 CVE-2025-6441
0.65%
70.4th 9.8 This vulnerability allows unauthenticated attackers to generate login tokens for arbitrary WordPress
1973 CVE-2024-10908
0.65%
70.4th 6.1 An open redirect vulnerability in lm-sys/fastchat v0.2.36 allows attackers to redirect users to mali
1974 CVE-2024-13911
0.65%
70.4th 7.2 The Database Backup and check Tables Automated With Scheduler 2024 WordPress plugin exposes sensitiv
1975 CVE-2025-6187
0.65%
70.4th 9.8 The bSecure WordPress plugin versions 1.3.7 through 1.7.9 have an authentication bypass vulnerabilit
1976 CVE-2025-24178
0.65%
70.4th 9.8 This vulnerability allows a malicious app to escape its sandbox restrictions on affected Apple opera
1977 CVE-2025-2708
0.65%
70.4th 5.4 This critical vulnerability in zhijiantianya ruoyi-vue-pro 2.4.1 allows remote attackers to perform
1978 CVE-2025-24064
0.65%
70.4th 8.1 This is a use-after-free vulnerability in DNS Server that allows unauthorized attackers to execute a
1979 CVE-2025-14174
0.65%
70.4th 8.8 KEV This vulnerability allows remote attackers to perform out-of-bounds memory access in ANGLE (Almost N
1980 CVE-2024-55629
0.65%
70.4th 7.5 This vulnerability in Suricata allows attackers to evade detection by using TCP urgent data (out-of-
1981 CVE-2025-29230
0.65%
70.3th 8.6 This CVE describes a command injection vulnerability in Linksys E5600 routers that allows attackers
1982 CVE-2025-59370
0.65%
70.3th N/A A command injection vulnerability in bwdpi allows authenticated remote attackers to execute arbitrar
1983 CVE-2018-9373
0.65%
70.3th 8.8 CVE-2018-9373 is a critical vulnerability in MediaTek's WLAN driver that allows remote attackers to
1984 CVE-2024-56883
0.65%
70.3th 8.1 Sage DPW versions before 2024_12_001 have an improper access control vulnerability where server-side
1985 CVE-2025-24195
0.65%
70.2th 9.8 An integer overflow vulnerability in macOS allows local users to elevate privileges by exploiting im
1986 CVE-2025-29331
0.65%
70.2th 9.8 A critical vulnerability in MHSanaei 3x-ui management panel allows remote attackers to execute arbit
1987 CVE-2024-50566
0.64%
70.2th 7.2 This CVE describes an OS command injection vulnerability in Fortinet FortiManager and FortiManager C
1988 CVE-2025-30165
0.64%
70.2th 8.0 This vulnerability allows remote code execution in multi-node vLLM deployments using the V0 engine.
1989 CVE-2025-27739
0.64%
70.1th 7.8 This Windows kernel vulnerability allows an authenticated attacker to exploit untrusted pointer dere
1990 CVE-2025-27728
0.64%
70.1th 7.8 CVE-2025-27728 is an out-of-bounds read vulnerability in Windows Kernel-Mode Drivers that allows aut
1991 CVE-2025-27490
0.64%
70.1th 7.8 A heap-based buffer overflow vulnerability in Windows Bluetooth Service allows authenticated attacke
1992 CVE-2024-13690
0.64%
70.1th 7.2 The WP Church Donation plugin for WordPress has a stored cross-site scripting vulnerability that all
1993 CVE-2025-6197
0.64%
70.1th 4.2 This CVE describes an open redirect vulnerability in Grafana OSS organization switching functionalit
1994 CVE-2026-1548
0.64%
70.1th 6.3 This vulnerability allows remote attackers to execute arbitrary commands on Totolink A7000R routers
1995 CVE-2025-24167
0.64%
70.1th 9.8 This vulnerability in Apple's Safari browser and related operating systems allows attackers to misre
1996 CVE-2025-45238
0.64%
70.1th 9.1 FoxCMS v1.2.5 contains an arbitrary file deletion vulnerability in the delRestoreSerie method that a
1997 CVE-2025-45800
0.64%
70.1th 9.8 This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK A950RG routers
1998 CVE-2025-10585
0.64%
70.1th 9.8 KEV A type confusion vulnerability in Chrome's V8 JavaScript engine allows attackers to trigger heap cor
1999 CVE-2025-26678
0.64%
70.1th 8.4 CVE-2025-26678 is an improper access control vulnerability in Windows Defender Application Control (
2000 CVE-2025-50989
0.64%
70.1th 9.1 CVE-2025-50989 is an authenticated command injection vulnerability in OPNsense firewall software tha

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free