Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
2701	CVE-2025-31129	0.45%	63.2th	8.8	This vulnerability in Jooby's pac4j SessionStoreImpl module allows remote code execution through ins
2702	CVE-2025-52377	0.45%	63.2th	5.4	This command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router allows authenticated a
2703	CVE-2025-53825	0.45%	63.2th	9.4	CVE-2025-53825 is an unauthenticated remote code execution vulnerability in Dokploy's preview deploy
2704	CVE-2026-0796	0.45%	63.2th	8.8	This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALG
2705	CVE-2024-13364	0.45%	63.2th	5.3	The Raptive Ads WordPress plugin has an authorization bypass vulnerability that allows unauthenticat
2706	CVE-2025-25211	0.45%	63.2th	9.8	CVE-2025-25211 is a weak password requirements vulnerability in CHOCO TEI WATCHER mini (IB-MCT001) i
2707	CVE-2025-2363	0.45%	63.2th	6.3	This critical vulnerability in lenve VBlog allows remote attackers to perform path traversal attacks
2708	CVE-2025-5630	0.45%	63.2th	9.8	This critical vulnerability in D-Link DIR-816 routers allows remote attackers to execute arbitrary c
2709	CVE-2025-5624	0.45%	63.2th	9.8	This critical vulnerability in D-Link DIR-816 routers allows remote attackers to execute arbitrary c
2710	CVE-2025-10432	0.45%	63.2th	9.8	This vulnerability allows remote attackers to execute arbitrary code on Tenda AC1206 routers via a s
2711	CVE-2024-55590	0.45%	63.1th	8.8	This vulnerability allows authenticated attackers with read-only admin permissions and CLI access to
2712	CVE-2025-4903	0.45%	63.1th	5.3	This critical vulnerability in D-Link DI-7003GV2 routers allows remote attackers to change passwords
2713	CVE-2025-3054	0.45%	63.2th	8.8	The WP User Frontend Pro plugin for WordPress has a vulnerability that allows authenticated attacker
2714	CVE-2025-12824	0.45%	63.1th	8.8	The Player Leaderboard WordPress plugin contains a Local File Inclusion vulnerability that allows au
2715	CVE-2025-1717	0.45%	63.1th	8.1	The Login Me Now WordPress plugin versions up to 1.7.2 contain an authentication bypass vulnerabilit
2716	CVE-2025-9588	0.45%	63.1th	10.0	This critical OS command injection vulnerability in Iron Mountain Archiving Services EnVision allows
2717	CVE-2025-59741	0.45%	63.1th	9.8	This is a critical command injection vulnerability in AndSoft's e-TMS v25.03 that allows unauthentic
2718	CVE-2025-59740	0.45%	63.1th	9.8	This is a critical command injection vulnerability in AndSoft's e-TMS transportation management soft
2719	CVE-2025-59739	0.45%	63.1th	9.8	This is a critical command injection vulnerability in AndSoft's e-TMS transportation management soft
2720	CVE-2025-59738	0.45%	63.1th	9.8	This is a critical command injection vulnerability in AndSoft's e-TMS v25.03 that allows unauthentic
2721	CVE-2025-59737	0.45%	63.1th	9.8	This is a critical command injection vulnerability in AndSoft's e-TMS transportation management syst
2722	CVE-2025-59736	0.45%	63.1th	9.8	This is a critical command injection vulnerability in AndSoft's e-TMS v25.03 that allows attackers t
2723	CVE-2025-59735	0.45%	63.1th	9.8	This is a critical command injection vulnerability in AndSoft's e-TMS transportation management syst
2724	CVE-2025-25456	0.45%	63.1th	9.8	This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10 routers via a buf
2725	CVE-2025-4561	0.45%	63.1th	8.8	CVE-2025-4561 is an arbitrary file upload vulnerability in KFOX from KingFor that allows authenticat
2726	CVE-2025-6337	0.45%	63.1th	8.8	A critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers allows remote attack
2727	CVE-2025-5503	0.45%	63th	8.8	This critical vulnerability in TOTOLINK X15 routers allows remote attackers to execute arbitrary cod
2728	CVE-2026-22241	0.45%	63.1th	7.2	CVE-2026-22241 is an arbitrary file upload vulnerability in Open eClass (formerly GUnet eClass) that
2729	CVE-2025-26617	0.45%	63th	9.8	A SQL injection vulnerability in WeGIA's historico_paciente.php endpoint allows attackers to execute
2730	CVE-2025-26608	0.45%	63th	9.8	A SQL injection vulnerability in WeGIA's dependente_docdependente.php endpoint allows attackers to e
2731	CVE-2025-26606	0.45%	63th	9.8	A SQL injection vulnerability in WeGIA's informacao_adicional.php endpoint allows attackers to execu
2732	CVE-2025-27867	0.45%	63th	5.6	This is a cross-site scripting (XSS) vulnerability in Apache Felix HTTP Webconsole Plugin that allow
2733	CVE-2025-29420	0.45%	63th	7.5	PerfreeBlog v4.0.11 contains a directory traversal vulnerability in the getThemeFilesByName function
2734	CVE-2025-5397	0.45%	63th	9.8	This vulnerability allows unauthenticated attackers to bypass authentication and gain administrative
2735	CVE-2025-10640	0.45%	63th	9.8	CVE-2025-10640 allows unauthenticated attackers to bypass authentication on WorkExaminer Professiona
2736	CVE-2025-13539	0.45%	63th	9.8	The FindAll Membership WordPress plugin has an authentication bypass vulnerability that allows unaut
2737	CVE-2025-24172	0.45%	63th	9.8	A sandbox escape vulnerability in Apple Mail allows malicious email content to bypass the 'Block All
2738	CVE-2025-6445	0.45%	63th	8.1	ServiceStack's FindType method contains a directory traversal vulnerability that allows remote attac
2739	CVE-2025-4689	0.45%	62.9th	9.8	This vulnerability allows unauthenticated attackers to execute arbitrary code on WordPress servers r
2740	CVE-2025-7451	0.44%	62.9th	9.8	CVE-2025-7451 is an unauthenticated remote OS command injection vulnerability in iSherlock software
2741	CVE-2025-66259	0.44%	62.9th	9.8	This vulnerability allows authenticated attackers to execute arbitrary commands with root privileges
2742	CVE-2026-21448	0.44%	62.9th	9.8	Bagisto eCommerce platform versions before 2.3.10 are vulnerable to server-side template injection t
2743	CVE-2025-0840	0.44%	62.8th	5.0	A stack-based buffer overflow vulnerability exists in GNU Binutils' objdump tool when processing spe
2744	CVE-2024-12649	0.44%	62.8th	9.8	A buffer overflow vulnerability in XPS data font processing allows attackers on the same network seg
2745	CVE-2024-12647	0.44%	62.8th	9.8	A buffer overflow vulnerability in CPCA font download processing for Canon multifunction printers al
2746	CVE-2024-13408	0.44%	62.8th	7.5	This vulnerability allows authenticated WordPress users with Contributor-level access or higher to i
2747	CVE-2024-35106	0.44%	62.8th	4.6	A buffer overflow vulnerability exists in the NEXTU FLETA AX1500 WIFI6 router's web interface at /bo
2748	CVE-2025-2367	0.44%	62.8th	6.3	This CVE describes a critical OS command injection vulnerability in Oiwtech OIW-2431APGN-HP wireless
2749	CVE-2025-30065	0.44%	62.9th	9.8	This vulnerability in Apache Parquet's parquet-avro module allows attackers to execute arbitrary cod
2750	CVE-2025-9363	0.44%	62.8th	8.8	A stack-based buffer overflow vulnerability in Linksys RE series range extenders allows remote attac

← Previous Page 55 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free