Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
2801	CVE-2025-3051	0.43%	62.2th	6.5	This vulnerability in Linux::Statm::Tiny for Perl allows untrusted code from the current working dir
2802	CVE-2025-63601	0.43%	62.2th	9.9	CVE-2025-63601 is a critical remote code execution vulnerability in Snipe-IT asset management softwa
2803	CVE-2025-55108	0.43%	62.2th	10.0	Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read/write, a
2804	CVE-2025-66562	0.43%	62.2th	N/A	CVE-2025-66562 is a critical Remote Code Execution vulnerability in TUUI desktop MCP client versions
2805	CVE-2025-21609	0.43%	62.1th	9.1	SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability in the POST /api/history/get
2806	CVE-2022-40916	0.43%	62.2th	9.8	CVE-2022-40916 is a session fixation vulnerability in Tiny File Manager v2.4.7 and below that allows
2807	CVE-2025-9808	0.43%	62.1th	5.3	The Events Calendar WordPress plugin versions up to 6.15.2 expose information about password-protect
2808	CVE-2025-68454	0.43%	62.1th	8.8	This vulnerability allows authenticated remote code execution in Craft CMS via Twig Server-Side Temp
2809	CVE-2025-0975	0.43%	62.1th	8.8	CVE-2025-0975 is an improper input validation vulnerability in IBM MQ console that allows authentica
2810	CVE-2025-30716	0.43%	62.1th	7.5	This vulnerability in Oracle E-Business Suite's CRM User Management Framework allows unauthenticated
2811	CVE-2025-30708	0.43%	62.1th	7.5	This vulnerability in Oracle E-Business Suite's User Management component allows unauthenticated att
2812	CVE-2025-6463	0.43%	62.1th	8.8	The Forminator WordPress plugin has a critical vulnerability that allows unauthenticated attackers t
2813	CVE-2025-11138	0.43%	62.1th	6.3	This CVE describes a remote command injection vulnerability in wenkucms versions up to 3.4. Attacker
2814	CVE-2025-10964	0.43%	62.1th	6.3	This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 devices
2815	CVE-2025-10963	0.43%	62.1th	6.3	This CVE describes a command injection vulnerability in Wavlink NU516U1 routers running firmware ver
2816	CVE-2025-10962	0.43%	62.1th	6.3	This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers
2817	CVE-2025-10960	0.43%	62.1th	6.3	This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers
2818	CVE-2025-10959	0.43%	62.1th	6.3	This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers
2819	CVE-2025-10958	0.43%	62.1th	6.3	This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers
2820	CVE-2025-11303	0.43%	62.1th	6.3	This CVE describes a command injection vulnerability in Belkin F9K1015 routers. Attackers can remote
2821	CVE-2026-22903	0.43%	62.1th	9.8	An unauthenticated remote attacker can crash or potentially execute arbitrary code on lighttpd web s
2822	CVE-2025-66213	0.43%	62th	8.8	CVE-2025-66213 is an authenticated command injection vulnerability in Coolify's File Storage Directo
2823	CVE-2025-66212	0.43%	62th	8.8	Coolify versions before 4.0.0-beta.451 contain an authenticated command injection vulnerability in D
2824	CVE-2025-2990	0.43%	62th	5.3	This critical vulnerability in Tenda FH1202 routers allows attackers to bypass access controls via t
2825	CVE-2025-55298	0.43%	62th	7.5	A format string vulnerability in ImageMagick's InterpretImageFilename function allows attackers to o
2826	CVE-2025-10747	0.43%	62th	7.2	The WP-DownloadManager WordPress plugin allows authenticated administrators to upload arbitrary file
2827	CVE-2025-65108	0.43%	62th	10.0	CVE-2025-65108 is a critical remote code execution vulnerability in md-to-pdf, a Node.js tool for co
2828	CVE-2025-27111	0.43%	62th	7.5	CVE-2025-27111 is a log injection vulnerability in Rack's Sendfile middleware that allows attackers
2829	CVE-2025-4830	0.43%	62th	8.8	This critical vulnerability in TOTOLINK routers allows remote attackers to execute arbitrary code vi
2830	CVE-2025-4827	0.43%	62th	8.8	This critical buffer overflow vulnerability in TOTOLINK routers allows remote attackers to execute a
2831	CVE-2025-4825	0.43%	62th	8.8	A critical buffer overflow vulnerability in TOTOLINK routers allows remote attackers to execute arbi
2832	CVE-2025-4823	0.43%	62th	8.8	This critical buffer overflow vulnerability in TOTOLINK routers allows remote attackers to execute a
2833	CVE-2025-4733	0.43%	62th	8.8	A critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers allows remote attack
2834	CVE-2025-4730	0.43%	62th	8.8	This critical buffer overflow vulnerability in TOTOLINK A3002R/A3002RU routers allows remote attacke
2835	CVE-2025-5905	0.43%	62th	8.8	A critical buffer overflow vulnerability in TOTOLINK T10 routers allows remote attackers to execute
2836	CVE-2025-5903	0.43%	62th	8.8	A critical buffer overflow vulnerability in TOTOLINK T10 routers allows remote attackers to execute
2837	CVE-2025-5902	0.43%	62th	8.8	This critical vulnerability in TOTOLINK T10 routers allows remote attackers to execute arbitrary cod
2838	CVE-2025-5792	0.43%	62th	8.8	A critical buffer overflow vulnerability in TOTOLINK EX1200T routers allows remote attackers to exec
2839	CVE-2025-6744	0.43%	62th	7.3	The Woodmart WordPress theme allows unauthenticated attackers to execute arbitrary shortcodes due to
2840	CVE-2024-58282	0.43%	62th	7.2	Serendipity 2.5.0 contains a remote code execution vulnerability where authenticated administrators
2841	CVE-2025-47154	0.43%	61.9th	9.0	This CVE describes a use-after-free vulnerability in LibJS within the Ladybird browser that allows r
2842	CVE-2025-5310	0.43%	61.9th	9.8	Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented, unauthenticated target
2843	CVE-2021-47778	0.43%	61.9th	7.2	CVE-2021-47778 is a PHP code injection vulnerability in GetSimple CMS My SMTP Contact Plugin 1.1.2 t
2844	CVE-2025-62515	0.43%	61.9th	9.8	This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable v
2845	CVE-2022-40924	0.43%	61.8th	7.2	CVE-2022-40924 is an arbitrary file upload vulnerability in Zoo Management System v1.0 that allows a
2846	CVE-2025-60688	0.43%	61.8th	6.5	A stack buffer overflow vulnerability in ToToLink router firmware allows unauthenticated attackers t
2847	CVE-2025-60684	0.43%	61.8th	6.5	A stack buffer overflow vulnerability in ToToLink router firmware allows unauthenticated attackers t
2848	CVE-2025-13773	0.43%	61.7th	9.8	This vulnerability allows unauthenticated attackers to execute arbitrary code on WordPress servers r
2849	CVE-2025-59385	0.43%	61.7th	9.8	This CVE describes an authentication bypass vulnerability in QNAP operating systems that allows remo
2850	CVE-2026-21446	0.43%	61.7th	9.8	Bagisto eCommerce platform versions before 2.3.10 have unprotected API endpoints that remain accessi

← Previous Page 57 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free