Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
2701	CVE-2025-54448	0.06%	20th	9.8	This vulnerability allows attackers to upload malicious files to Samsung MagicINFO 9 Server, leading
2702	CVE-2025-54442	0.06%	20th	9.8	This vulnerability allows attackers to upload malicious files to Samsung MagicINFO 9 Server, which c
2703	CVE-2025-54440	0.06%	20th	9.8	This vulnerability allows attackers to upload malicious files to Samsung MagicINFO 9 Server, which c
2704	CVE-2025-53639	0.06%	19.9th	9.8	This SQL injection vulnerability in MeterSphere allows attackers to execute arbitrary SQL commands t
2705	CVE-2025-43931	0.06%	19.7th	9.8	This vulnerability allows attackers to take over user accounts in Flask Boilerplate applications by
2706	CVE-2025-49867	0.06%	19.7th	9.8	CVE-2025-49867 is an incorrect privilege assignment vulnerability in the RealHomes WordPress theme t
2707	CVE-2025-23970	0.06%	19.7th	9.8	This vulnerability allows attackers to escalate privileges in the Service Finder Booking WordPress p
2708	CVE-2025-54677	0.06%	19.8th	9.1	This vulnerability allows attackers to upload malicious files to WordPress sites using the vcita Onl
2709	CVE-2025-6237	0.06%	19.7th	9.8	This vulnerability in InvokeAI allows attackers to perform path traversal attacks through the image
2710	CVE-2025-59345	0.06%	19.7th	9.1	Dragonfly Manager web UI endpoints /api/v1/jobs and /preheats lack authentication in versions before
2711	CVE-2025-42944	0.06%	19.9th	10.0	This CVE describes a critical deserialization vulnerability in SAP NetWeaver's RMI-P4 module that al
2712	CVE-2025-57148	0.06%	19.7th	9.1	phpgurukul Online Shopping Portal 2.0 contains an arbitrary file upload vulnerability in the admin p
2713	CVE-2024-45162	0.06%	19.8th	9.8	A stack-based buffer overflow vulnerability in the phddns client of Blu-Castle BCUM221E devices allo
2714	CVE-2025-61043	0.06%	19.8th	9.1	An out-of-bounds read vulnerability in Monkey's Audio 11.31 allows attackers to read beyond allocate
2715	CVE-2025-49060	0.06%	19.8th	10.0	This vulnerability allows attackers to upload arbitrary files, including web shells, to servers runn
2716	CVE-2025-48106	0.06%	19.8th	10.0	This vulnerability allows attackers to upload malicious files to websites using the Clanora WordPres
2717	CVE-2023-28814	0.06%	19.8th	9.8	Hikvision iSecure Center software has an improper file upload vulnerability that allows attackers to
2718	CVE-2025-60307	0.06%	19.7th	9.8	CVE-2025-60307 is a critical SQL injection vulnerability in code-projects Computer Laboratory System
2719	CVE-2025-51746	0.06%	19.9th	9.8	CVE-2025-51746 is a critical deserialization vulnerability in jishenghua JSH_ERP 2.3.1 that allows r
2720	CVE-2025-51745	0.06%	19.9th	9.8	CVE-2025-51745 is a critical deserialization vulnerability in jishenghua JSH_ERP 2.3.1 that allows r
2721	CVE-2025-51743	0.06%	19.9th	9.8	This vulnerability allows remote attackers to execute arbitrary code on JSH_ERP systems through fast
2722	CVE-2025-51742	0.06%	19.9th	9.8	This vulnerability allows remote attackers to execute arbitrary code on JSH_ERP systems by exploitin
2723	CVE-2025-40548	0.06%	19.7th	9.1	A missing validation vulnerability in SolarWinds Serv-U allows administrators to execute arbitrary c
2724	CVE-2025-54339	0.06%	19.7th	10.0	An incorrect access control vulnerability in Desktop Alert PingAlert application server versions 6.1
2725	CVE-2025-13026	0.06%	19.7th	9.8	This CVE describes a sandbox escape vulnerability in Firefox and Thunderbird's WebGPU component due
2726	CVE-2025-13024	0.06%	19.7th	9.8	A critical JIT miscompilation vulnerability in Firefox and Thunderbird's JavaScript engine allows ar
2727	CVE-2025-13023	0.06%	19.7th	9.8	A sandbox escape vulnerability in Firefox and Thunderbird's WebGPU component allows attackers to exe
2728	CVE-2025-13022	0.06%	19.7th	9.8	A critical vulnerability in Firefox and Thunderbird's WebGPU component allows memory corruption due
2729	CVE-2025-13021	0.06%	19.7th	9.8	A critical vulnerability in Firefox and Thunderbird's WebGPU component allows memory corruption due
2730	CVE-2025-60235	0.06%	19.8th	10.0	This vulnerability allows attackers to upload malicious files to WooCommerce sites using the Helpdes
2731	CVE-2025-60207	0.06%	19.8th	10.0	This vulnerability allows attackers to upload arbitrary files, including web shells, to WooCommerce
2732	CVE-2025-53283	0.06%	19.8th	10.0	This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress se
2733	CVE-2025-68615	0.06%	19.9th	9.8	A buffer overflow vulnerability in net-snmp's snmptrapd daemon allows remote attackers to crash the
2734	CVE-2025-67793	0.06%	19.9th	9.8	A privilege escalation vulnerability in DriveLock allows users with 'Manage roles and permissions' p
2735	CVE-2025-14321	0.06%	19.7th	9.8	A use-after-free vulnerability in the WebRTC signaling component allows attackers to execute arbitra
2736	CVE-2025-54303	0.06%	19.8th	9.8	Thermo Fisher Torrent Suite 5.18.1 uses weak default credentials (ionadmin/ionadmin) for administrat
2737	CVE-2025-11778	0.06%	19.8th	9.8	A stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2 allows remote a
2738	CVE-2025-14942	0.06%	19.9th	9.8	A critical authentication bypass vulnerability in wolfSSH's key exchange state machine allows attack
2739	CVE-2025-44619	0.06%	19.6th	9.1	The Tinxy WiFi Lock Controller v1 RF transmits on an open Wi-Fi network without authentication, allo
2740	CVE-2024-12225	0.06%	19.6th	9.1	This vulnerability in Quarkus's WebAuthn module allows attackers to bypass authentication by accessi
2741	CVE-2025-49216	0.06%	19.6th	9.8	This critical authentication bypass vulnerability in Trend Micro Endpoint Encryption PolicyServer al
2742	CVE-2025-40908	0.06%	19.5th	9.1	This vulnerability in YAML-LibYAML for Perl allows attackers to modify existing files on the system
2743	CVE-2025-48300	0.06%	19.5th	9.1	This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress se
2744	CVE-2025-8042	0.06%	19.4th	9.8	Firefox for Android versions before 141 allow sandboxed iframes without the 'allow-downloads' attrib
2745	CVE-2025-54874	0.06%	19.6th	9.8	This vulnerability in OpenJPEG allows an attacker to write data beyond allocated heap memory boundar
2746	CVE-2025-52549	0.06%	19.4th	9.8	CVE-2025-52549 allows attackers to predict the root Linux password on vulnerable E3 Site Supervisor
2747	CVE-2025-41347	0.06%	19.6th	9.8	This vulnerability allows unauthenticated attackers to upload dangerous files (like webshells) to Wi
2748	CVE-2025-62047	0.06%	19.6th	9.9	This vulnerability allows attackers to upload arbitrary files to WordPress sites using the Case Addo
2749	CVE-2025-62016	0.06%	19.6th	9.9	This vulnerability allows attackers to upload arbitrary files to WordPress sites using the Kallyas t
2750	CVE-2026-23906	0.06%	19.7th	9.8	This authentication bypass vulnerability in Apache Druid allows attackers to gain unauthorized acces

← Previous Page 55 of 70 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free