Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
2551	CVE-2024-13531	0.48%	64.7th	7.5	This SQL injection vulnerability in the ShipEngine Shipping Quotes WordPress plugin allows unauthent
2552	CVE-2024-13490	0.48%	64.7th	7.5	This SQL injection vulnerability in the LTL Freight Quotes – XPO Edition WordPress plugin allows u
2553	CVE-2024-13440	0.48%	64.7th	8.2	The Super Store Finder WordPress plugin contains an SQL injection vulnerability in the 'ssf_wp_user_
2554	CVE-2025-31194	0.48%	64.7th	9.8	This vulnerability allows macOS shortcuts to execute with administrative privileges without proper a
2555	CVE-2025-44823	0.48%	64.7th	9.9	Nagios Log Server before version 2024R1.3.2 allows authenticated users to retrieve cleartext adminis
2556	CVE-2024-50609	0.48%	64.7th	7.5	CVE-2024-50609 is a NULL pointer dereference vulnerability in Fluent Bit's OpenTelemetry input plugi
2557	CVE-2024-50608	0.48%	64.7th	7.5	CVE-2024-50608 is a NULL pointer dereference vulnerability in Fluent Bit's Prometheus Remote Write i
2558	CVE-2025-2006	0.48%	64.7th	8.8	The Inline Image Upload for BBPress WordPress plugin allows authenticated attackers (Subscriber-leve
2559	CVE-2025-7327	0.48%	64.7th	8.8	The Widget for Google Reviews WordPress plugin contains a directory traversal vulnerability that all
2560	CVE-2024-11951	0.48%	64.6th	9.8	The Homey Login Register WordPress plugin allows unauthenticated attackers to create accounts with a
2561	CVE-2025-1671	0.48%	64.6th	9.8	The Academist Membership WordPress plugin has an authentication bypass vulnerability that allows una
2562	CVE-2025-1564	0.48%	64.6th	9.8	The SetSail Membership plugin for WordPress has an authentication bypass vulnerability in social log
2563	CVE-2025-30016	0.48%	64.6th	9.8	CVE-2025-30016 is an authentication bypass vulnerability in SAP Financial Consolidation that allows
2564	CVE-2024-6809	0.48%	64.6th	9.8	CVE-2024-6809 is a critical SQL injection vulnerability in the Simple Video Directory WordPress plug
2565	CVE-2025-50349	0.48%	64.6th	7.5	PHPGurukul Pre-School Enrollment System V1.0 contains a directory traversal vulnerability in update-
2566	CVE-2025-9299	0.48%	64.6th	8.8	A stack-based buffer overflow vulnerability in Tenda M3 routers allows remote attackers to execute a
2567	CVE-2024-57176	0.48%	64.6th	7.6	This vulnerability in White-Jotter v0.2.2 allows attackers to bypass access controls via directory t
2568	CVE-2025-2101	0.48%	64.6th	8.1	The Edumall WordPress theme contains a Local File Inclusion vulnerability that allows unauthenticate
2569	CVE-2025-44176	0.48%	64.5th	6.5	This vulnerability allows remote attackers to execute arbitrary code on Tenda FH451 routers running
2570	CVE-2025-27690	0.48%	64.5th	9.8	Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.0 contain a default password vulnerability tha
2571	CVE-2025-44084	0.48%	64.5th	9.8	This CVE describes a command injection vulnerability in D-link DI-8100 firmware that allows remote a
2572	CVE-2025-20275	0.48%	64.5th	5.3	This vulnerability allows unauthenticated attackers to execute arbitrary code on Cisco Unified CCX E
2573	CVE-2026-0762	0.48%	64.5th	8.1	This vulnerability allows remote attackers to execute arbitrary code with root privileges on GPT Aca
2574	CVE-2025-3762	0.48%	64.5th	7.3	CVE-2025-3762 is a critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's MPUT command h
2575	CVE-2025-3727	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
2576	CVE-2025-3725	0.48%	64.5th	7.3	A critical buffer overflow vulnerability exists in PCMan FTP Server 2.0.7's MIC command handler, all
2577	CVE-2025-3723	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
2578	CVE-2025-3683	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
2579	CVE-2025-3681	0.48%	64.5th	7.3	CVE-2025-3681 is a critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's MODE command h
2580	CVE-2025-3679	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
2581	CVE-2025-3678	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
2582	CVE-2024-54092	0.48%	64.5th	9.8	This vulnerability allows unauthenticated remote attackers to bypass authentication on specific API
2583	CVE-2025-3379	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
2584	CVE-2025-3377	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
2585	CVE-2025-3375	0.48%	64.5th	7.3	CVE-2025-3375 is a critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's CDUP command h
2586	CVE-2025-3373	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
2587	CVE-2025-3372	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
2588	CVE-2025-3349	0.48%	64.5th	7.3	A critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 allows remote attackers to execut
2589	CVE-2025-9605	0.48%	64.5th	9.8	A stack-based buffer overflow vulnerability in Tenda AC21 and AC23 routers allows remote attackers t
2590	CVE-2025-34336	0.48%	64.5th	N/A	This vulnerability allows unauthenticated attackers to upload arbitrary files to eGovFramework serve
2591	CVE-2021-47757	0.48%	64.5th	8.8	CVE-2021-47757 is an authenticated remote code execution vulnerability in Chikitsa Patient Managemen
2592	CVE-2024-12757	0.48%	64.4th	8.6	CVE-2024-12757 is an authentication bypass vulnerability in Nedap Librix Ecoreader that allows unaut
2593	CVE-2025-43960	0.48%	64.4th	8.6	CVE-2025-43960 is a PHP Object Injection vulnerability in Adminer 4.8.1 when using Monolog for loggi
2594	CVE-2023-7312	0.48%	64.4th	4.8	Nagios Fusion versions before 4.2.0 contain a stored cross-site scripting vulnerability in email set
2595	CVE-2025-24150	0.48%	64.4th	8.8	This vulnerability allows command injection when copying URLs from Web Inspector in affected Apple p
2596	CVE-2024-39774	0.48%	64.4th	9.1	This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 router
2597	CVE-2024-39358	0.48%	64.4th	9.1	A buffer overflow vulnerability in the Wavlink AC3000 router's adm.cgi set_wzap() function allows au
2598	CVE-2024-39299	0.48%	64.4th	9.1	This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 router
2599	CVE-2024-37184	0.48%	64.4th	9.1	A buffer overflow vulnerability in the Wavlink AC3000 router's adm.cgi component allows authenticate
2600	CVE-2024-36272	0.48%	64.4th	9.1	This vulnerability allows authenticated attackers to execute arbitrary code on Wavlink AC3000 router

← Previous Page 52 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free