Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
201	CVE-2025-24118	6.79%	91.1th	7.1		This is a memory corruption vulnerability in Apple operating systems that allows malicious applicati
202	CVE-2024-57609	6.78%	91.1th	8.6		A code injection vulnerability in Pygwalker's login redirection function allows attackers to execute
203	CVE-2025-22226	6.7%	91.1th	7.1	KEV	This vulnerability allows attackers with administrative privileges on a virtual machine to read memo
204	CVE-2025-1338	6.67%	91th	7.3		This critical vulnerability in NUUO Camera software allows remote attackers to execute arbitrary com
205	CVE-2025-1025	6.61%	91th	7.5		CVE-2025-1025 is an arbitrary file upload vulnerability in Cockpit CMS where attackers can bypass up
206	CVE-2024-56898	6.59%	91th	8.8		A broken access control vulnerability in Geovision GV-ASWeb versions v6.1.0.0 and earlier allows low
207	CVE-2025-32023	6.59%	91th	7.0		This CVE describes a memory corruption vulnerability in Redis hyperloglog operations that allows aut
208	CVE-2025-24990	6.43%	90.8th	7.8	KEV	This CVE describes an elevation of privilege vulnerability in the Agere Modem driver (ltmdm64.sys) t
209	CVE-2024-12152	6.19%	90.6th	7.5		The MIPL WC Multisite Sync WordPress plugin contains a directory traversal vulnerability that allows
210	CVE-2025-15503	6.15%	90.6th	7.3		CVE-2025-15503 is an unrestricted file upload vulnerability in Sangfor Operation and Maintenance Man
211	CVE-2025-21417	6.04%	90.5th	8.8		This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
212	CVE-2025-21413	6.04%	90.5th	8.8		This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
213	CVE-2025-21411	6.04%	90.5th	8.8		This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
214	CVE-2025-21409	6.04%	90.5th	8.8		This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
215	CVE-2025-21339	6.04%	90.5th	8.8		This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploitin
216	CVE-2025-27222	5.94%	90.4th	8.6		CVE-2025-27222 is a path traversal vulnerability in TRUfusion Enterprise's /trufusionPortal/getCobra
217	CVE-2025-29805	5.89%	90.4th	7.5		CVE-2025-29805 is an information disclosure vulnerability in Outlook for Android that allows unautho
218	CVE-2026-21510	5.83%	90.3th	8.8	KEV	A protection mechanism failure in Windows Shell allows attackers to bypass security features over a
219	CVE-2025-6218	5.81%	90.3th	7.8	KEV	This vulnerability in WinRAR allows attackers to execute arbitrary code by tricking users into openi
220	CVE-2025-11307	5.81%	90.3th	8.8		This vulnerability in the WP Go Maps WordPress plugin allows unauthenticated attackers to inject mal
221	CVE-2025-10666	5.77%	90.3th	8.8		A buffer overflow vulnerability in D-Link DIR-825 routers allows remote attackers to execute arbitra
222	CVE-2024-37301	5.75%	90.3th	7.2		CVE-2024-37301 is a server-side template injection vulnerability in Document Merge Service versions
223	CVE-2025-21355	5.74%	90.2th	8.6		CVE-2025-21355 is a missing authentication vulnerability in Microsoft Bing that allows unauthorized
224	CVE-2024-13129	5.74%	90.2th	8.8		CVE-2024-13129 is a critical OS command injection vulnerability in Roxy-WI's action_service function
225	CVE-2025-2007	5.64%	90.1th	8.1		This vulnerability in the Import Export Suite for CSV and XML Datafeed WordPress plugin allows authe
226	CVE-2025-0528	5.59%	90.1th	7.2		This critical vulnerability in Tenda AC8, AC10, and AC18 routers allows remote attackers to execute
227	CVE-2025-2609	5.52%	90th	8.2		An unauthenticated cross-site scripting (XSS) vulnerability in MagnusBilling's login logging compone
228	CVE-2025-21335	5.49%	90th	7.8	KEV	This vulnerability allows an authenticated attacker with guest VM access to execute arbitrary code w
229	CVE-2025-49586	5.44%	90th	8.8		This vulnerability allows any XWiki user with edit rights on an App Within Minutes application to es
230	CVE-2024-12313	5.4%	89.9th	8.1		The Compare Products for WooCommerce WordPress plugin is vulnerable to PHP object injection through
231	CVE-2024-13180	5.38%	89.9th	7.5		CVE-2024-13180 is a path traversal vulnerability in Ivanti Avalanche that allows remote unauthentica
232	CVE-2025-21348	5.24%	89.7th	7.2		This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server
233	CVE-2025-34038	5.22%	89.7th	7.5		This SQL injection vulnerability in Weaver e-cology 8.0 allows unauthenticated attackers to execute
234	CVE-2026-1687	5.03%	89.5th	7.3		This CVE describes a command injection vulnerability in Tenda HG10 routers through the Boa webserver
235	CVE-2025-4123	4.96%	89.4th	7.6		This CVE describes a cross-site scripting (XSS) vulnerability in Grafana that combines client path t
236	CVE-2025-3729	4.89%	89.3th	7.3		This critical vulnerability allows remote attackers to execute arbitrary operating system commands o
237	CVE-2025-3520	4.88%	89.3th	8.1		The Avatar WordPress plugin has an arbitrary file deletion vulnerability that allows authenticated a
238	CVE-2023-53962	4.83%	89.3th	7.5		CVE-2023-53962 is an unauthenticated directory traversal vulnerability in SOUND4 IMPACT/FIRST/PULSE/
239	CVE-2025-2594	4.81%	89.3th	8.1		This vulnerability in the User Registration & Membership WordPress plugin allows attackers to authen
240	CVE-2025-23209	4.66%	89.1th	8.0	KEV	This is a remote code execution vulnerability in Craft CMS versions 4 and 5 that allows attackers to
241	CVE-2025-54313	4.59%	89th	7.5	KEV	This CVE describes a supply chain compromise where malicious versions of eslint-config-prettier cont
242	CVE-2025-67254	4.41%	88.8th	7.5		NagiosXI 2026R1.0.1 build 1762361101 contains a directory traversal vulnerability in /admin/coreconf
243	CVE-2025-57808	4.38%	88.7th	8.1		This authentication bypass vulnerability in ESPHome allows attackers to access web server functional
244	CVE-2025-24472	4.37%	88.7th	8.1	KEV	This authentication bypass vulnerability in FortiOS and FortiProxy allows remote unauthenticated att
245	CVE-2026-1689	4.33%	88.7th	7.3		This CVE describes a remote command injection vulnerability in Tenda HG10 routers. Attackers can exe
246	CVE-2024-13483	4.3%	88.6th	7.5		This SQL injection vulnerability in the LTL Freight Quotes – SAIA Edition WordPress plugin allows
247	CVE-2024-13479	4.3%	88.6th	7.5		This SQL injection vulnerability in the LTL Freight Quotes WordPress plugin allows unauthenticated a
248	CVE-2024-13489	4.3%	88.6th	7.5		This SQL injection vulnerability in the LTL Freight Quotes WordPress plugin allows unauthenticated a
249	CVE-2024-50960	4.28%	88.6th	7.2		A command injection vulnerability in the Nmap diagnostic tool within Extron SMP/SME admin web consol
250	CVE-2013-10044	4.26%	88.6th	8.8		This CVE describes a critical vulnerability chain in OpenEMR where an authenticated attacker can per

← Previous Page 5 of 265 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free