Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
2901	CVE-2025-2733	0.42%	61.3th	6.3	This critical vulnerability in OpenManus allows remote attackers to execute arbitrary operating syst
2902	CVE-2025-58321	0.42%	61.4th	10.0	Delta Electronics DIALink has a directory traversal authentication bypass vulnerability that allows
2903	CVE-2024-55553	0.42%	61.3th	7.5	This vulnerability in FRRouting (FRR) allows attackers to trigger continuous route re-validation by
2904	CVE-2025-31681	0.42%	61.3th	9.8	This CVE describes a Missing Authorization vulnerability in Drupal's Authenticator Login module that
2905	CVE-2021-38383	0.42%	61.3th	9.8	CVE-2021-38383 is a use-after-free vulnerability in OwnTone's net_bind() function that allows attack
2906	CVE-2025-13562	0.42%	61.3th	7.3	This vulnerability allows remote attackers to execute arbitrary commands on D-Link DIR-852 routers b
2907	CVE-2021-4466	0.42%	61.3th	N/A	CVE-2021-4466 is an authenticated remote code execution vulnerability in IPCop firewall software. Au
2908	CVE-2024-8176	0.42%	61.2th	7.5	A stack overflow vulnerability in libexpat allows attackers to cause denial of service or potentiall
2909	CVE-2025-28401	0.42%	61.2th	6.7	A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privi
2910	CVE-2025-3621	0.42%	61.2th	9.6	This critical vulnerability in ActADUR local server allows attackers to execute arbitrary commands o
2911	CVE-2025-0569	0.42%	61.2th	7.5	This vulnerability allows remote attackers to cause denial-of-service on Sante PACS Server by sendin
2912	CVE-2025-24146	0.42%	61.2th	9.8	A macOS vulnerability in the Messages app where deleting conversations may expose user contact infor
2913	CVE-2025-5395	0.42%	61.2th	8.8	The WordPress Automatic Plugin has a vulnerability allowing authenticated attackers with Author-leve
2914	CVE-2025-61880	0.42%	61.1th	8.8	This vulnerability in Infoblox NIOS allows attackers to execute arbitrary code remotely through inse
2915	CVE-2025-1741	0.42%	61.1th	4.7	This vulnerability in b1gMail allows remote attackers to perform deserialization attacks via the que
2916	CVE-2025-27610	0.42%	61.1th	7.5	This vulnerability in Rack's static file serving component allows attackers to bypass directory rest
2917	CVE-2025-26008	0.41%	61.1th	9.8	An unauthenticated stack overflow vulnerability in Telesquare TLR-2005KSH routers allows remote atta
2918	CVE-2025-26006	0.41%	61.1th	9.8	This vulnerability allows unauthenticated remote attackers to execute arbitrary code on Telesquare T
2919	CVE-2025-26004	0.41%	61.1th	9.8	The Telesquare TLR-2005KSH router firmware version 1.1.4 contains a stack buffer overflow vulnerabil
2920	CVE-2025-26002	0.41%	61.1th	9.8	This vulnerability allows unauthenticated remote attackers to execute arbitrary code on Telesquare T
2921	CVE-2025-27776	0.41%	61th	5.3	Applio versions 3.2.7 and earlier contain a server-side request forgery (SSRF) vulnerability in mode
2922	CVE-2025-26927	0.41%	61.1th	10.0	This critical vulnerability in the EPC AI Hub WordPress plugin allows attackers to upload arbitrary
2923	CVE-2025-4462	0.41%	61th	8.8	A critical buffer overflow vulnerability in TOTOLINK N150RT routers allows remote attackers to execu
2924	CVE-2025-58757	0.41%	61th	8.8	This vulnerability in MONAI's pickle_operations function allows arbitrary code execution through uns
2925	CVE-2025-11200	0.41%	61th	9.8	This vulnerability allows remote attackers to bypass authentication in MLflow installations due to w
2926	CVE-2024-8502	0.41%	61th	9.8	This vulnerability allows remote attackers to execute arbitrary code on servers running modelscope/a
2927	CVE-2025-6559	0.41%	61th	9.8	Multiple Sapido wireless router models contain an unauthenticated remote OS command injection vulner
2928	CVE-2025-48626	0.41%	61th	9.8	This Android vulnerability allows attackers to launch applications from the background without user
2929	CVE-2024-11725	0.41%	60.9th	8.8	This vulnerability in the SMS Alert Order Notifications WooCommerce plugin allows authenticated atta
2930	CVE-2025-26346	0.41%	60.9th	5.5	This SQL injection vulnerability in Q-Free MaxTime allows authenticated attackers to execute arbitra
2931	CVE-2024-50567	0.41%	60.9th	7.2	This CVE describes an OS command injection vulnerability in Fortinet FortiWeb web application firewa
2932	CVE-2025-29784	0.41%	60.9th	7.5	NamelessMC versions 2.1.4 and earlier have a vulnerability in forum search functionality where the '
2933	CVE-2025-32030	0.41%	60.9th	7.5	A denial-of-service vulnerability in Apollo Gateway allows attackers to craft GraphQL queries with d
2934	CVE-2025-4104	0.41%	60.9th	9.8	The Frontend Dashboard WordPress plugin versions 1.0 to 2.2.6 contain a privilege escalation vulnera
2935	CVE-2025-12916	0.41%	60.9th	6.3	This vulnerability allows remote attackers to execute arbitrary commands on Sangfor Operation and Ma
2936	CVE-2025-67489	0.41%	60.9th	9.8	CVE-2025-67489 allows remote attackers to execute arbitrary code on Vite development servers using v
2937	CVE-2025-13800	0.41%	60.9th	6.3	This vulnerability allows remote attackers to execute arbitrary commands on ADSLR NBR1005GPEV2 route
2938	CVE-2025-13799	0.41%	60.9th	6.3	This vulnerability allows remote attackers to execute arbitrary commands on ADSLR NBR1005GPEV2 route
2939	CVE-2024-13318	0.41%	60.9th	5.3	The Essential WP Real Estate plugin for WordPress has a vulnerability that allows unauthenticated at
2940	CVE-2025-27096	0.41%	60.8th	9.8	A SQL injection vulnerability in WeGIA's personalizacao_upload.php endpoint allows authenticated att
2941	CVE-2025-26614	0.41%	60.8th	8.8	CVE-2025-26614 is a SQL injection vulnerability in WeGIA's deletar_documento.php endpoint that allow
2942	CVE-2025-26610	0.41%	60.8th	9.8	A SQL injection vulnerability in WeGIA's restaurar_produto_desocultar.php endpoint allows authentica
2943	CVE-2025-26605	0.41%	60.8th	8.8	A SQL injection vulnerability in WeGIA's deletar_cargo.php endpoint allows authenticated attackers t
2944	CVE-2024-57523	0.41%	60.8th	4.5	This CSRF vulnerability in SourceCodester Packers and Movers Management System allows attackers to c
2945	CVE-2025-24901	0.41%	60.8th	8.8	A SQL injection vulnerability in WeGIA's deletar_permissao.php endpoint allows authenticated attacke
2946	CVE-2025-7081	0.41%	60.9th	6.3	CVE-2025-7081 is a critical OS command injection vulnerability in Belkin F9K1122 routers that allows
2947	CVE-2025-2725	0.41%	60.8th	8.0	A critical command injection vulnerability in H3C Magic router series allows attackers to execute ar
2948	CVE-2025-31932	0.41%	60.8th	8.8	A deserialization vulnerability in BizRobo! Management Console allows remote attackers to execute ar
2949	CVE-2025-3623	0.41%	60.8th	9.1	The Uncanny Automator WordPress plugin contains a PHP object injection vulnerability that allows una
2950	CVE-2025-29836	0.41%	60.8th	6.5	An out-of-bounds read vulnerability in Windows Routing and Remote Access Service (RRAS) allows unaut

← Previous Page 59 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free