Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2351 | CVE-2025-29911 |
|
66.7th | 9.8 | A critical heap buffer overflow vulnerability in CryptoLib versions 1.3.3 and prior allows attackers | |
| 2352 | CVE-2025-26634 |
|
66.7th | 7.5 | This vulnerability is a heap-based buffer overflow in Windows Core Messaging that allows an authenti | |
| 2353 | CVE-2025-67172 |
|
66.7th | 7.2 | RiteCMS v3.1.0 contains an authenticated remote code execution vulnerability in the parse_special_ta | |
| 2354 | CVE-2024-57170 |
|
66.6th | 6.5 | SOPlanning 1.53.00 has a directory traversal vulnerability in the upload.php file that allows authen | |
| 2355 | CVE-2025-2359 |
|
66.6th | 7.3 | This critical vulnerability in D-Link DIR-823G routers allows attackers to bypass authorization cont | |
| 2356 | CVE-2025-24045 |
|
66.6th | 8.1 | This vulnerability in Windows Remote Desktop Services allows attackers to access sensitive data stor | |
| 2357 | CVE-2025-7444 |
|
66.6th | 9.8 | The LoginPress Pro WordPress plugin has an authentication bypass vulnerability that allows unauthent | |
| 2358 | CVE-2025-13442 |
|
66.6th | 7.3 | This CVE describes a command injection vulnerability in UTT θΏε 750W devices up to version 3.2.2- | |
| 2359 | CVE-2025-30430 |
|
66.6th | 9.8 | This vulnerability allows password autofill to incorrectly populate passwords even after authenticat | |
| 2360 | CVE-2025-31724 |
|
66.6th | 4.3 | The Jenkins Cadence vManager Plugin stores Verisium Manager vAPI keys unencrypted in job configurati | |
| 2361 | CVE-2024-12278 |
|
66.6th | 7.2 | The Booster for WooCommerce WordPress plugin has a stored cross-site scripting (XSS) vulnerability t | |
| 2362 | CVE-2026-22227 |
|
66.5th | 7.2 | A command injection vulnerability in TP-Link Archer BE230 routers allows authenticated attackers to | |
| 2363 | CVE-2026-22225 |
|
66.5th | 7.2 | This CVE describes a command injection vulnerability in the Archer BE230 router's VPN Connection Ser | |
| 2364 | CVE-2026-22224 |
|
66.5th | 7.2 | This CVE describes an authenticated command injection vulnerability in TP-Link Archer BE230 routers. | |
| 2365 | CVE-2026-22226 |
|
66.5th | 7.2 | This CVE describes a command injection vulnerability in TP-Link Archer BE230 routers that allows aut | |
| 2366 | CVE-2025-62193 |
|
66.6th | 9.8 | This vulnerability allows remote, unauthenticated attackers to execute arbitrary operating system co | |
| 2367 | CVE-2025-1240 |
|
66.5th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on affected WinZip installation | |
| 2368 | CVE-2024-12243 |
|
66.5th | 5.3 | This vulnerability in GnuTLS (via libtasn1) allows remote attackers to cause denial-of-service by se | |
| 2369 | CVE-2024-11039 |
|
66.5th | 8.8 | This vulnerability allows remote attackers to execute arbitrary commands on systems running vulnerab | |
| 2370 | CVE-2025-22900 |
|
66.5th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Totolink N600R routers by ex | |
| 2371 | CVE-2025-49730 |
|
66.5th | 7.8 | A Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in Microsoft Windows QoS scheduler | |
| 2372 | CVE-2025-8359 |
|
66.5th | 9.8 | The AdForest WordPress theme contains an authentication bypass vulnerability that allows unauthentic | |
| 2373 | CVE-2025-62199 |
|
66.5th | 7.8 | CVE-2025-62199 is a use-after-free vulnerability in Microsoft Office that allows an attacker to exec | |
| 2374 | CVE-2025-21382 |
|
66.4th | 7.8 | This vulnerability in the Windows Graphics Component allows attackers to escalate privileges on affe | |
| 2375 | CVE-2025-63228 |
|
66.5th | 9.8 | The Mozart FM Transmitter web management interface contains an unauthenticated file upload vulnerabi | |
| 2376 | CVE-2025-34469 |
|
66.5th | 7.5 | Cowrie honeypot versions before 2.9.0 contain a server-side request forgery vulnerability in the emu | |
| 2377 | CVE-2024-13426 |
|
66.4th | 5.4 | The WP-Polls WordPress plugin up to version 2.77.2 contains an SQL injection vulnerability via cooki | |
| 2378 | CVE-2025-21172 |
|
66.4th | 7.5 | This CVE describes a heap-based buffer overflow vulnerability in .NET and Visual Studio that could a | |
| 2379 | CVE-2024-55224 |
|
66.4th | 9.6 | An HTML injection vulnerability in Vaultwarden allows attackers to inject malicious HTML/JavaScript | |
| 2380 | CVE-2024-12299 |
|
66.3th | 6.1 | The System Dashboard WordPress plugin contains a reflected cross-site scripting (XSS) vulnerability | |
| 2381 | CVE-2024-13706 |
|
66.3th | 6.1 | The WP Image Uploader WordPress plugin contains a reflected cross-site scripting vulnerability that | |
| 2382 | CVE-2025-1513 |
|
66.3th | 7.2 | This stored XSS vulnerability in the Contest Gallery WordPress plugin allows unauthenticated attacke | |
| 2383 | CVE-2024-13711 |
|
66.3th | 6.1 | The Pollin WordPress plugin has a reflected cross-site scripting vulnerability in all versions up to | |
| 2384 | CVE-2024-13508 |
|
66.3th | 6.1 | This vulnerability allows unauthenticated attackers to inject malicious scripts via the locale param | |
| 2385 | CVE-2025-0521 |
|
66.3th | 7.2 | The Post SMTP WordPress plugin has a stored cross-site scripting vulnerability that allows unauthent | |
| 2386 | CVE-2024-13704 |
|
66.3th | 7.2 | The Super Testimonials WordPress plugin has a stored XSS vulnerability in the 'st_user_title' parame | |
| 2387 | CVE-2024-13867 |
|
66.3th | 6.1 | This vulnerability allows unauthenticated attackers to inject malicious scripts via the 's' paramete | |
| 2388 | CVE-2025-2325 |
|
66.3th | 7.2 | The WP Test Email plugin for WordPress has a stored cross-site scripting vulnerability that allows u | |
| 2389 | CVE-2024-9217 |
|
66.3th | 6.1 | The Currency Switcher for WooCommerce WordPress plugin contains a reflected cross-site scripting (XS | |
| 2390 | CVE-2025-9571 |
|
66.3th | N/A | A remote code execution vulnerability in Google Cloud Data Fusion allows authenticated users with ar | |
| 2391 | CVE-2025-3641 |
|
66.3th | 8.8 | A remote code execution vulnerability exists in Moodle's Dropbox repository feature, allowing authen | |
| 2392 | CVE-2025-32914 |
|
66.3th | 7.4 | CVE-2025-32914 is an out-of-bounds read vulnerability in libsoup's soup_multipart_new_from_message() | |
| 2393 | CVE-2025-10210 |
|
66.3th | 6.3 | This CVE describes a SQL injection vulnerability in ChanCMS up to version 3.3.0, specifically in the | |
| 2394 | CVE-2025-34522 |
|
66.3th | 9.8 | A heap-based buffer overflow vulnerability in Arcserve Unified Data Protection (UDP) allows unauthen | |
| 2395 | CVE-2025-10294 |
|
66.3th | 9.8 | The OwnID Passwordless Login plugin for WordPress has an authentication bypass vulnerability that al | |
| 2396 | CVE-2025-9209 |
|
66.3th | 9.8 | This vulnerability allows unauthenticated attackers to bypass authentication in the RestroPress Word | |
| 2397 | CVE-2025-6388 |
|
66.3th | 9.8 | The Spirit Framework WordPress plugin has an authentication bypass vulnerability that allows unauthe | |
| 2398 | CVE-2024-13513 |
|
66.2th | 9.8 | The Oliver POS WordPress plugin exposes sensitive clientToken data through logging functionality, al | |
| 2399 | CVE-2025-1020 |
|
66.2th | 9.8 | Memory safety vulnerabilities in Firefox and Thunderbird versions before 135 could allow attackers t | |
| 2400 | CVE-2025-34161 |
|
66.3th | 8.8 | Coolify versions before v4.0.0-beta.420.7 contain a command injection vulnerability in the Git Repos |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation β making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free