Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
2251	CVE-2025-14306	0.56%	67.7th	9.1	A directory traversal vulnerability in Robocode's CacheCleaner component allows attackers to delete
2252	CVE-2025-22609	0.56%	67.7th	10.0	This vulnerability allows any authenticated user in Coolify to attach existing private SSH keys to t
2253	CVE-2024-9134	0.56%	67.7th	8.3	Multiple SQL injection vulnerabilities in the reporting application allow authenticated users with a
2254	CVE-2024-13624	0.56%	67.7th	7.1	This vulnerability allows attackers to inject malicious scripts into WordPress admin pages via unsan
2255	CVE-2025-30392	0.56%	67.7th	9.8	CVE-2025-30392 is an improper authorization vulnerability in Azure Bot Framework SDK that allows una
2256	CVE-2025-9654	0.56%	67.7th	6.3	CVE-2025-9654 is a command injection vulnerability in AiondaDotCom mcp-ssh up to version 1.0.3 that
2257	CVE-2025-8667	0.56%	67.7th	6.3	This critical vulnerability in SkyworkAI DeepResearchAgent allows remote attackers to execute arbitr
2258	CVE-2025-8665	0.56%	67.7th	6.3	This critical vulnerability allows remote attackers to execute arbitrary operating system commands t
2259	CVE-2025-34195	0.56%	67.7th	9.8	This vulnerability allows remote code execution on Windows systems running vulnerable versions of Va
2260	CVE-2025-9276	0.56%	67.7th	9.8	CVE-2025-9276 allows remote attackers to bypass authentication on systems using vulnerable Cockroach
2261	CVE-2025-65730	0.56%	67.7th	8.8	This vulnerability allows attackers to bypass authentication in GoAway by forging JWT tokens using a
2262	CVE-2025-13798	0.56%	67.7th	6.3	This vulnerability allows remote attackers to execute arbitrary commands on ADSLR NBR1005GPEV2 route
2263	CVE-2025-13797	0.56%	67.7th	6.3	This CVE describes a command injection vulnerability in the ADSLR B-QE2W401 device's web interface.
2264	CVE-2026-22781	0.56%	67.7th	9.8	TinyWeb HTTP Server versions before 1.98 are vulnerable to unauthenticated remote command injection
2265	CVE-2025-2551	0.56%	67.7th	4.3	This vulnerability in D-Link DIR-618 and DIR-605L routers allows attackers with local network access
2266	CVE-2024-11284	0.56%	67.6th	9.8	The WP JobHunt WordPress plugin has an authentication bypass vulnerability that allows unauthenticat
2267	CVE-2025-29189	0.56%	67.6th	7.6	Flowise versions up to 2.2.3 contain a SQL injection vulnerability in the Postgres_VectorStores comp
2268	CVE-2025-3834	0.56%	67.6th	8.1	This vulnerability allows authenticated attackers to execute arbitrary SQL commands through the OU H
2269	CVE-2025-29961	0.56%	67.6th	6.5	An out-of-bounds read vulnerability in Windows Routing and Remote Access Service (RRAS) allows unaut
2270	CVE-2025-10907	0.56%	67.6th	8.4	An arbitrary file upload vulnerability in WSO2 products allows authenticated administrators to uploa
2271	CVE-2024-58295	0.56%	67.6th	N/A	ElkArte Forum 1.1.9 contains an authenticated remote code execution vulnerability where administrato
2272	CVE-2025-0241	0.56%	67.6th	7.7	A memory corruption vulnerability in text segmentation components of Mozilla products could allow at
2273	CVE-2025-1634	0.56%	67.6th	7.5	A memory leak vulnerability in the quarkus-resteasy extension occurs when client requests timeout, c
2274	CVE-2025-47277	0.56%	67.6th	9.8	This vulnerability in vLLM versions 0.6.5 through 0.8.4 exposes the TCPStore interface on ALL networ
2275	CVE-2025-7913	0.56%	67.6th	8.8	This critical vulnerability in TOTOLINK T6 routers allows remote attackers to execute arbitrary code
2276	CVE-2025-21408	0.55%	67.5th	8.8	This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable v
2277	CVE-2021-27289	0.55%	67.5th	9.1	This vulnerability allows attackers within wireless range to replay captured Zigbee packets with man
2278	CVE-2025-29800	0.55%	67.5th	7.8	CVE-2025-29800 is a local privilege escalation vulnerability in Microsoft AutoUpdate (MAU) that allo
2279	CVE-2026-1327	0.55%	67.5th	6.3	This CVE describes a remote command injection vulnerability in Totolink NR1800X routers. Attackers c
2280	CVE-2025-26389	0.55%	67.5th	10.0	This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r
2281	CVE-2025-41736	0.55%	67.5th	8.8	A path traversal vulnerability in PHP allows low-privileged remote attackers to upload or overwrite
2282	CVE-2025-60738	0.55%	67.5th	9.8	This vulnerability allows remote attackers to execute arbitrary operating system commands on Ilevia
2283	CVE-2024-41792	0.55%	67.4th	8.6	The SENTRON 7KT PAC1260 Data Manager contains a path traversal vulnerability in its web interface th
2284	CVE-2025-5462	0.55%	67.5th	7.5	A heap-based buffer overflow vulnerability in Ivanti secure access products allows remote unauthenti
2285	CVE-2025-0180	0.55%	67.4th	9.8	The WP Foodbakery WordPress plugin has a privilege escalation vulnerability that allows unauthentica
2286	CVE-2025-32743	0.55%	67.4th	9.0	This vulnerability in ConnMan's DNS proxy allows attackers to crash the service or potentially execu
2287	CVE-2025-0292	0.55%	67.4th	5.5	This SSRF vulnerability in Ivanti Connect Secure and Policy Secure allows authenticated administrato
2288	CVE-2025-1736	0.55%	67.4th	7.3	This CVE describes an insufficient validation vulnerability in PHP's header handling that could allo
2289	CVE-2025-29955	0.55%	67.4th	6.2	An improper input validation vulnerability in Windows Hyper-V allows local attackers to cause denial
2290	CVE-2020-36869	0.55%	67.4th	7.2	Nagios XI versions before 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edi
2291	CVE-2024-49734	0.55%	67.4th	7.5	This vulnerability allows a Wi-Fi access point to determine what websites a device is visiting throu
2292	CVE-2025-30834	0.55%	67.4th	7.5	A path traversal vulnerability in the Bit Assist WordPress plugin allows attackers to access files o
2293	CVE-2026-21859	0.55%	67.4th	5.8	Mailpit versions 1.28.0 and below have a Server-Side Request Forgery (SSRF) vulnerability in the /pr
2294	CVE-2024-26006	0.55%	67.3th	7.5	This vulnerability allows remote unauthenticated attackers to perform cross-site scripting (XSS) att
2295	CVE-2025-32672	0.55%	67.3th	8.1	This vulnerability allows attackers to include and execute arbitrary PHP files on servers running th
2296	CVE-2025-32663	0.55%	67.3th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
2297	CVE-2025-32654	0.55%	67.3th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
2298	CVE-2025-32627	0.55%	67.3th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
2299	CVE-2025-31040	0.55%	67.3th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c
2300	CVE-2025-32668	0.55%	67.3th	8.1	This vulnerability allows attackers to include local files on the server through improper filename c

← Previous Page 46 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free