Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2301 | CVE-2025-30870 |
|
67.3th | 8.1 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 2302 | CVE-2025-30849 |
|
67.3th | 8.1 | This vulnerability allows attackers to include local files on the server through PHP's include/requi | |
| 2303 | CVE-2025-7206 |
|
67.3th | 9.8 | A critical stack-based buffer overflow vulnerability in D-Link DIR-825 router's httpd component allo | |
| 2304 | CVE-2025-7955 |
|
67.3th | 9.8 | The RingCentral Communications plugin for WordPress versions 1.5 to 1.6.8 contains an authentication | |
| 2305 | CVE-2025-47901 |
|
67.3th | 8.8 | This CVE describes an OS command injection vulnerability in Microchip Time Provider 4100 devices tha | |
| 2306 | CVE-2025-66217 |
|
67.3th | 7.5 | An integer underflow vulnerability in AIS-catcher's MQTT parsing allows attackers to trigger heap bu | |
| 2307 | CVE-2023-53983 |
|
67.3th | 9.8 | CVE-2023-53983 allows attackers to gain full administrative control of Anevia Flamingo XL/XS devices | |
| 2308 | CVE-2025-65213 |
|
67.3th | 9.8 | This CVE describes a critical remote code execution vulnerability in MooreThreads torch_musa where u | |
| 2309 | CVE-2025-53890 |
|
67.3th | 9.8 | An unsafe JavaScript evaluation vulnerability in pyLoad's CAPTCHA processing allows unauthenticated | |
| 2310 | CVE-2025-21405 |
|
67.2th | 7.3 | This CVE describes an elevation of privilege vulnerability in Visual Studio that allows authenticate | |
| 2311 | CVE-2025-21301 |
|
67.3th | 6.5 | This vulnerability in Windows Geolocation Service allows unauthorized access to location information | |
| 2312 | CVE-2024-56196 |
|
67.2th | 6.3 | Apache Traffic Server versions 10.0.0 through 10.0.3 contain an improper access control vulnerabilit | |
| 2313 | CVE-2024-55628 |
|
67.2th | 7.5 | This vulnerability in Suricata allows attackers to send specially crafted DNS messages with compress | |
| 2314 | CVE-2024-54007 |
|
67.1th | 7.2 | Authenticated command injection vulnerabilities in HPE 501 Wireless Client Bridge web interface allo | |
| 2315 | CVE-2025-30444 |
|
67.1th | 9.8 | A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker | |
| 2316 | CVE-2025-24053 |
|
67.1th | 7.2 | CVE-2025-24053 is an improper authentication vulnerability in Microsoft Dataverse that allows authen | |
| 2317 | CVE-2025-29985 |
|
67.1th | 6.5 | Dell Common Event Enabler version 9.0.0.0 contains an insecure default configuration vulnerability i | |
| 2318 | CVE-2025-55526 |
|
67.1th | 9.1 | This vulnerability in n8n-workflows allows attackers to perform directory traversal attacks through | |
| 2319 | CVE-2024-3884 |
|
67.1th | 7.5 | This vulnerability in Undertow allows remote attackers to cause denial of service by sending special | |
| 2320 | CVE-2024-10383 |
|
67.1th | 8.7 | This vulnerability allows cross-site scripting (XSS) attacks when loading .ipynb files in GitLab's w | |
| 2321 | CVE-2025-30672 |
|
67.1th | 6.5 | Mite for Perl before version 0.013000 includes the current working directory ('.') in Perl's @INC mo | |
| 2322 | CVE-2025-1934 |
|
67th | 6.5 | This vulnerability allows an attacker to interrupt RegExp bailout processing and execute additional | |
| 2323 | CVE-2025-34069 |
|
67.1th | 9.8 | This authentication bypass vulnerability in GFI Kerio Control allows unauthenticated attackers to ga | |
| 2324 | CVE-2025-9527 |
|
67.1th | 8.8 | A remote stack-based buffer overflow vulnerability exists in the Linksys E1700 router's QoS configur | |
| 2325 | CVE-2023-53955 |
|
67th | 9.8 | This CVE describes an insecure direct object reference vulnerability in SOUND4 IMPACT/FIRST/PULSE/Ec | |
| 2326 | CVE-2025-67188 |
|
67.1th | 9.8 | This buffer overflow vulnerability in TOTOLINK A950RG routers allows remote attackers to execute arb | |
| 2327 | CVE-2025-3544 |
|
67th | 8.0 | This critical vulnerability in H3C Magic routers allows authenticated attackers on the local network | |
| 2328 | CVE-2025-3542 |
|
67th | 8.0 | This critical vulnerability allows remote attackers to execute arbitrary commands on affected H3C Ma | |
| 2329 | CVE-2025-3540 |
|
67th | 8.0 | This critical vulnerability in H3C Magic routers allows attackers to execute arbitrary commands via | |
| 2330 | CVE-2024-13553 |
|
67th | 9.8 | This vulnerability allows unauthenticated attackers to bypass authentication and take over any user | |
| 2331 | CVE-2024-57604 |
|
67th | 9.8 | A privilege escalation vulnerability in MaysWind ezBookkeeping 0.7.0 allows remote attackers to gain | |
| 2332 | CVE-2024-12315 |
|
67th | 7.5 | This vulnerability allows unauthenticated attackers to access sensitive exported data files stored i | |
| 2333 | CVE-2024-39786 |
|
66.9th | 9.1 | This directory traversal vulnerability in Wavlink AC3000 routers allows authenticated attackers to b | |
| 2334 | CVE-2025-6691 |
|
67th | 8.1 | The SureForms WordPress plugin has an arbitrary file deletion vulnerability that allows unauthentica | |
| 2335 | CVE-2025-21387 |
|
66.9th | 7.8 | This vulnerability allows remote attackers to execute arbitrary code on affected systems by tricking | |
| 2336 | CVE-2025-2337 |
|
66.9th | 6.3 | A critical heap-based buffer overflow vulnerability in matio library versions 1.5.28 allows remote a | |
| 2337 | CVE-2025-21331 |
|
66.9th | 7.3 | This Windows Installer vulnerability allows attackers to elevate privileges on affected systems by e | |
| 2338 | CVE-2025-32869 |
|
66.9th | 8.8 | An SQL injection vulnerability in TeleControl Server Basic allows authenticated remote attackers to | |
| 2339 | CVE-2025-68274 |
|
66.9th | 7.5 | A nil pointer dereference vulnerability in SIPGO library's NewResponseFromRequest function allows re | |
| 2340 | CVE-2024-57401 |
|
66.8th | 9.8 | A critical SQL injection vulnerability in Uniclare Student Portal versions 2 and earlier allows remo | |
| 2341 | CVE-2025-32380 |
|
66.8th | 7.5 | A denial-of-service vulnerability in Apollo Router Core allows attackers to craft GraphQL queries wi | |
| 2342 | CVE-2025-24129 |
|
66.7th | 7.5 | A type confusion vulnerability in Apple operating systems allows remote attackers to cause unexpecte | |
| 2343 | CVE-2024-32115 |
|
66.8th | 5.5 | A relative path traversal vulnerability in Fortinet FortiManager allows privileged attackers to dele | |
| 2344 | CVE-2024-9140 |
|
66.7th | 9.8 | CVE-2024-9140 is a critical OS command injection vulnerability in Moxa cellular routers, secure rout | |
| 2345 | CVE-2025-30706 |
|
66.8th | 7.5 | This vulnerability in Oracle MySQL Connector/J allows attackers with low privileges and network acce | |
| 2346 | CVE-2023-48978 |
|
66.7th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on NCR ITM Web terminal systems | |
| 2347 | CVE-2025-52352 |
|
66.7th | 9.8 | The Aikaan IoT management platform v3.25.0325-5-g2e9c59796 has a critical authentication bypass vuln | |
| 2348 | CVE-2025-13282 |
|
66.8th | 8.1 | TenderDocTransfer software from Chunghwa Telecom has two critical vulnerabilities: lack of CSRF prot | |
| 2349 | CVE-2024-12215 |
|
66.7th | 8.8 | This vulnerability in kedro 0.19.8 allows remote code execution when users download micro packages v | |
| 2350 | CVE-2025-29913 |
|
66.7th | 9.8 | A critical heap buffer overflow vulnerability in CryptoLib versions 1.3.3 and prior allows attackers |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free