Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2051 | CVE-2025-63666 |
|
31.8th | 9.8 | The Tenda AC15 router firmware exposes password hashes in authentication cookies and uses weak sessi | |
| 2052 | CVE-2025-55895 |
|
31.8th | 9.1 | This vulnerability allows unauthenticated remote attackers to bypass access controls on TOTOLINK rou | |
| 2053 | CVE-2024-5986 |
|
31.7th | 9.1 | This vulnerability in h2o-3 allows remote attackers to write arbitrary data to any file on the serve | |
| 2054 | CVE-2023-37777 |
|
31.6th | 9.8 | A critical SQL injection vulnerability in Synnefo Internet Management Software (IMS) allows attacker | |
| 2055 | CVE-2025-1751 |
|
31.7th | 9.8 | A SQL injection vulnerability in Ciges 2.15.5 allows attackers to manipulate database operations thr | |
| 2056 | CVE-2025-54379 |
|
31.6th | 9.8 | CVE-2025-54379 is a critical SQL injection vulnerability in LF Edge eKuiper's getLast API that allow | |
| 2057 | CVE-2025-59954 |
|
31.6th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Knowage servers by exploitin | |
| 2058 | CVE-2025-59041 |
|
31.6th | 9.8 | CVE-2025-59041 is a critical remote code execution vulnerability in Claude Code where malicious git | |
| 2059 | CVE-2025-10916 |
|
31.6th | 9.1 | The FormGent WordPress plugin before version 1.0.4 contains an arbitrary file deletion vulnerability | |
| 2060 | CVE-2024-20148 |
|
31.5th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected devices via Wi-Fi w | |
| 2061 | CVE-2025-28388 |
|
31.5th | 9.8 | OpenC3 COSMOS versions before v6.0.2 contain hardcoded credentials for a Service Account, allowing a | |
| 2062 | CVE-2025-43983 |
|
31.5th | 9.1 | KuWFi CPF908-CP5 devices running WEB5.0_LCD_20210125 firmware have unauthenticated API endpoints tha | |
| 2063 | CVE-2025-49708 |
|
31.5th | 9.9 | This is a use-after-free vulnerability in Microsoft Graphics Component that allows an authenticated | |
| 2064 | CVE-2025-31651 |
|
31.3th | 9.8 | This vulnerability in Apache Tomcat allows attackers to bypass security constraints by crafting requ | |
| 2065 | CVE-2025-47889 |
|
31.2th | 9.8 | The Jenkins WSO2 Oauth Plugin 1.0 and earlier contains an authentication bypass vulnerability where | |
| 2066 | CVE-2014-0468 |
|
31.2th | 9.8 | This vulnerability in FusionForge's Apache configuration allows remote code execution by enabling at | |
| 2067 | CVE-2025-52425 |
|
31.3th | 9.8 | An SQL injection vulnerability in QuMagie allows remote attackers to execute arbitrary SQL commands. | |
| 2068 | CVE-2025-15016 |
|
31.3th | 9.8 | Enterprise Cloud Database by Ragic contains a hard-coded cryptographic key vulnerability that allows | |
| 2069 | CVE-2025-43428 |
|
31.4th | 9.8 | This CVE describes an authentication bypass vulnerability in Apple's Photos app where unauthorized u | |
| 2070 | CVE-2025-64111 |
|
31.3th | 9.8 | This vulnerability allows attackers to modify files in the .git directory of Gogs installations, pot | |
| 2071 | CVE-2025-65552 |
|
31.3th | 9.8 | The D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on its 433 MHz s | |
| 2072 | CVE-2025-61548 |
|
31.4th | 9.8 | This SQL injection vulnerability in Print Shop Pro WebDesk allows remote attackers to execute arbitr | |
| 2073 | CVE-2025-68456 |
|
31.3th | 9.1 | Unauthenticated attackers can trigger database backup operations in vulnerable Craft CMS versions, p | |
| 2074 | CVE-2026-24936 |
|
31.4th | 9.8 | An unauthenticated remote attacker can write arbitrary data to any file on Asustor ADM systems when | |
| 2075 | CVE-2024-57971 |
|
31.2th | 9.1 | This vulnerability in Knowage Server allows attackers to perform JNDI injection attacks by manipulat | |
| 2076 | CVE-2025-28200 |
|
31.1th | 9.8 | The Victure RX1800 router uses a weak default password derived from the last 8 digits of its MAC add | |
| 2077 | CVE-2025-6542 |
|
31.2th | 9.8 | This critical vulnerability (CVE-2025-6542) allows remote unauthenticated attackers to execute arbit | |
| 2078 | CVE-2024-8898 |
|
31th | 9.8 | A path traversal vulnerability in parisneo/lollms-webui version V12 allows attackers to create or de | |
| 2079 | CVE-2025-47282 |
|
31th | 9.9 | A privilege escalation vulnerability in Gardener External DNS Management allows users with administr | |
| 2080 | CVE-2022-31491 |
|
31th | 10.0 | This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code on Vol | |
| 2081 | CVE-2025-59978 |
|
31th | 9.0 | This stored XSS vulnerability in Juniper Networks Junos Space allows attackers to inject malicious s | |
| 2082 | CVE-2024-25178 |
|
30.8th | 9.1 | This vulnerability is an out-of-bounds read in the stack-overflow handler of LuaJIT, which could all | |
| 2083 | CVE-2024-25176 |
|
30.8th | 9.8 | This CVE describes a stack buffer overflow vulnerability in LuaJIT's string formatting function (lj_ | |
| 2084 | CVE-2025-41672 |
|
30.9th | 10.0 | This critical vulnerability allows remote unauthenticated attackers to generate valid JWT tokens usi | |
| 2085 | CVE-2025-65099 |
|
30.9th | 9.8 | CVE-2025-65099 is a critical code execution vulnerability in Claude Code where Yarn plugins could ex | |
| 2086 | CVE-2026-22904 |
|
30.8th | 9.8 | This critical vulnerability allows unauthenticated remote attackers to trigger a stack buffer overfl | |
| 2087 | CVE-2024-56523 |
|
30.6th | 9.1 | This vulnerability allows remote attackers to bypass Radware Cloud WAF filters by sending HTTP GET r | |
| 2088 | CVE-2025-45615 |
|
30.7th | 9.8 | This vulnerability allows attackers to bypass access controls in yaoqishan's admin API, enabling una | |
| 2089 | CVE-2025-45611 |
|
30.7th | 9.8 | This vulnerability allows unauthenticated attackers to bypass authentication in hope-boot v1.0.0 by | |
| 2090 | CVE-2025-5408 |
|
30.6th | 9.8 | A critical buffer overflow vulnerability in WAVLINK wireless routers allows remote attackers to exec | |
| 2091 | CVE-2025-51536 |
|
30.6th | 9.8 | OpenAtlas v8.11.0 contains a hardcoded administrator password, allowing attackers to gain full admin | |
| 2092 | CVE-2025-62586 |
|
30.7th | 9.8 | CVE-2025-62586 is a critical authentication bypass vulnerability in OPEXUS FOIAXpress that allows re | |
| 2093 | CVE-2025-12866 |
|
30.7th | 9.8 | CVE-2025-12866 is a critical authentication bypass vulnerability in EIP Plus software developed by H | |
| 2094 | CVE-2025-48330 |
|
30.6th | 9.8 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 2095 | CVE-2025-39468 |
|
30.6th | 9.8 | This vulnerability allows remote attackers to include and execute arbitrary PHP files on servers run | |
| 2096 | CVE-2025-39466 |
|
30.6th | 9.8 | This vulnerability allows attackers to include and execute arbitrary local PHP files on servers runn | |
| 2097 | CVE-2025-39463 |
|
30.6th | 9.8 | This CVE describes a PHP Local File Inclusion vulnerability in the Dessau WordPress theme. Attackers | |
| 2098 | CVE-2025-65037 |
|
30.7th | 10.0 | This critical vulnerability in Azure Container Apps allows remote attackers to execute arbitrary cod | |
| 2099 | CVE-2025-69981 |
|
30.7th | 9.8 | FUXA v1.2.7 has an unauthenticated file upload vulnerability in the /api/upload endpoint that allows | |
| 2100 | CVE-2024-37567 |
|
30.5th | 9.1 | Infoblox NIOS through version 8.6.4 has improper access control for Grids, allowing unauthorized use |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free