Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
2051	CVE-2025-8723	0.63%	69.7th	9.8	This vulnerability allows unauthenticated attackers to execute arbitrary PHP code on WordPress sites
2052	CVE-2025-6685	0.63%	69.7th	8.8	This vulnerability allows authenticated remote attackers to escalate privileges on ATEN eco DC insta
2053	CVE-2025-13915	0.63%	69.7th	9.8	This authentication bypass vulnerability in IBM API Connect allows remote attackers to gain unauthor
2054	CVE-2026-21854	0.63%	69.7th	9.8	An authentication bypass vulnerability in Tarkov Data Manager allows unauthenticated attackers to ga
2055	CVE-2025-57141	0.62%	69.7th	9.8	CVE-2025-57141 is a critical SQL injection vulnerability in rsbi-os 4.7's sqlite-jdbc component that
2056	CVE-2025-27554	0.62%	69.6th	9.9	This vulnerability allows remote attackers to execute arbitrary commands on ToDesktop build servers
2057	CVE-2026-24770	0.62%	69.6th	9.8	CVE-2026-24770 is a critical Zip Slip vulnerability in RAGFlow's MinerU parser that allows attackers
2058	CVE-2025-3802	0.62%	69.6th	8.8	A critical stack-based buffer overflow vulnerability in Tenda W12 and i24 routers allows remote atta
2059	CVE-2025-41393	0.62%	69.6th	6.1	A reflected cross-site scripting (XSS) vulnerability in Ricoh Web Image Monitor allows attackers to
2060	CVE-2025-47226	0.62%	69.6th	5.0	CVE-2025-47226 is an authorization bypass vulnerability in Snipe-IT that allows unauthorized access
2061	CVE-2025-0255	0.62%	69.5th	7.2	CVE-2025-0255 is an OS command injection vulnerability in HCL DevOps Deploy/Launch that allows authe
2062	CVE-2025-29795	0.62%	69.5th	7.8	This vulnerability in Microsoft Edge allows an authorized attacker to exploit improper link resoluti
2063	CVE-2025-49141	0.62%	69.5th	8.5	CVE-2025-49141 is an OS command injection vulnerability in HAX CMS PHP's gitImportSite functionality
2064	CVE-2025-2568	0.62%	69.5th	5.3	The Vayu Blocks WordPress plugin has missing capability checks in two callback functions, allowing u
2065	CVE-2025-21524	0.62%	69.4th	9.8	This critical vulnerability in Oracle JD Edwards EnterpriseOne Tools allows unauthenticated attacker
2066	CVE-2025-0187	0.62%	69.4th	7.5	A Denial of Service vulnerability in gradio-app/gradio version 0.39.1 allows attackers to crash serv
2067	CVE-2025-24306	0.62%	69.4th	7.2	This CVE describes an OS command injection vulnerability in +F FS010M devices that allows authentica
2068	CVE-2025-21326	0.62%	69.4th	7.8	This CVE describes a remote code execution vulnerability in Internet Explorer that allows attackers
2069	CVE-2025-0724	0.62%	69.4th	8.8	The ProfileGrid WordPress plugin is vulnerable to PHP object injection via deserialization of untrus
2070	CVE-2025-59245	0.62%	69.4th	9.8	This critical vulnerability in Microsoft SharePoint Online allows authenticated attackers to elevate
2071	CVE-2025-60691	0.62%	69.4th	8.8	A stack-based buffer overflow vulnerability in Linksys E1200 v2 routers allows remote attackers to e
2072	CVE-2025-60690	0.62%	69.4th	8.8	A stack-based buffer overflow vulnerability in Linksys E1200 v2 routers allows remote attackers to e
2073	CVE-2025-30433	0.61%	69.4th	9.8	This vulnerability allows malicious shortcuts in Apple's Shortcuts app to bypass file access restric
2074	CVE-2025-31693	0.61%	69.4th	6.6	This OS command injection vulnerability in Drupal AI allows attackers to execute arbitrary operating
2075	CVE-2024-9131	0.61%	69.3th	7.2	This CVE allows administrators to execute arbitrary commands through command injection in Arista pro
2076	CVE-2025-32911	0.61%	69.3th	9.0	A use-after-free vulnerability in libsoup's soup_message_headers_get_content_disposition() function
2077	CVE-2025-49003	0.61%	69.3th	9.8	This vulnerability allows remote code execution in DataEase by exploiting Java's character conversio
2078	CVE-2024-57357	0.61%	69.3th	8.0	This vulnerability allows remote attackers to execute arbitrary code on TP-Link TL-WPA8630 powerline
2079	CVE-2024-13723	0.61%	69.3th	7.2	CVE-2024-13723 is a remote code execution vulnerability in the NagVis component of Checkmk. Authenti
2080	CVE-2024-58283	0.61%	69.3th	8.8	This vulnerability allows authenticated attackers to upload malicious PHP files through the Elfinder
2081	CVE-2025-21187	0.61%	69.3th	7.8	This vulnerability allows remote code execution in Microsoft Power Automate through improper control
2082	CVE-2024-24780	0.61%	69.3th	9.8	This vulnerability allows attackers with UDF creation privileges in Apache IoTDB to execute arbitrar
2083	CVE-2025-10961	0.61%	69.2th	5.5	This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers
2084	CVE-2025-66022	0.61%	69.2th	9.6	CVE-2025-66022 is a critical vulnerability in FACTION PenTesting Report Generation Framework that al
2085	CVE-2024-13422	0.61%	69.2th	6.1	This vulnerability allows unauthenticated attackers to inject malicious scripts via the 'url' parame
2086	CVE-2024-13319	0.61%	69.2th	6.1	The Themify Builder WordPress plugin contains a reflected cross-site scripting (XSS) vulnerability t
2087	CVE-2024-13516	0.61%	69.2th	6.1	The Kubio AI Page Builder WordPress plugin has a reflected cross-site scripting vulnerability that a
2088	CVE-2024-13334	0.61%	69.2th	6.1	The Car Demon WordPress plugin has a reflected cross-site scripting (XSS) vulnerability that allows
2089	CVE-2024-12407	0.61%	69.2th	6.1	This vulnerability allows unauthenticated attackers to inject malicious scripts via the 'pushnotific
2090	CVE-2024-12261	0.61%	69.2th	6.1	This vulnerability allows unauthenticated attackers to execute reflected cross-site scripting attack
2091	CVE-2024-12324	0.61%	69.2th	6.1	The Unilevel MLM Plan WordPress plugin has a reflected cross-site scripting vulnerability that allow
2092	CVE-2024-12290	0.61%	69.2th	6.1	The Infility Global WordPress plugin has a reflected cross-site scripting vulnerability in all versi
2093	CVE-2024-12214	0.61%	69.2th	6.1	This vulnerability allows unauthenticated attackers to inject malicious scripts via the 'videolink'
2094	CVE-2024-12153	0.61%	69.2th	6.1	The GDY Modular Content WordPress plugin contains a reflected cross-site scripting (XSS) vulnerabili
2095	CVE-2024-12126	0.61%	69.2th	6.1	The SEO Keywords WordPress plugin contains a reflected cross-site scripting (XSS) vulnerability that
2096	CVE-2024-11810	0.61%	69.2th	6.1	The PayGreen Payment Gateway WordPress plugin has a reflected cross-site scripting vulnerability in
2097	CVE-2024-11378	0.61%	69.2th	6.1	The Bizapp for WooCommerce WordPress plugin contains a reflected cross-site scripting vulnerability
2098	CVE-2024-11375	0.61%	69.2th	6.1	The WC1C WordPress plugin is vulnerable to reflected cross-site scripting (XSS) in all versions up t
2099	CVE-2024-12098	0.61%	69.2th	6.1	This vulnerability allows attackers to inject malicious scripts via the 'utm_keyword' parameter in t
2100	CVE-2025-2369	0.61%	69.2th	8.8	A critical stack-based buffer overflow vulnerability in TOTOLINK EX1800T routers allows remote attac

← Previous Page 42 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free