Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 251 | CVE-2024-9193 |
|
96.3th | 9.8 | This vulnerability in the WHMpress WordPress plugin allows unauthenticated attackers to include and | |
| 252 | CVE-2025-12139 |
|
96.3th | 7.5 | This vulnerability in the File Manager for Google Drive WordPress plugin exposes sensitive Google OA | |
| 253 | CVE-2025-13138 |
|
96.3th | 7.5 | This SQL injection vulnerability in the WP Directory Kit WordPress plugin allows unauthenticated att | |
| 254 | CVE-2025-52284 |
|
96.3th | 6.5 | This CVE describes an unauthenticated command injection vulnerability in Totolink X6000R routers. At | |
| 255 | CVE-2025-66301 |
|
96.3th | 9.6 | This vulnerability allows editors with limited permissions in Grav CMS to modify form processing log | |
| 256 | CVE-2025-21181 |
|
96.3th | 7.5 | A denial-of-service vulnerability in Microsoft Message Queuing (MSMQ) allows attackers to crash the | |
| 257 | CVE-2025-21285 |
|
96.2th | 7.5 | This vulnerability in Microsoft Message Queuing (MSMQ) allows attackers to cause a denial of service | |
| 258 | CVE-2024-8859 |
|
96.2th | 7.5 | A path traversal vulnerability in MLflow 2.15.1 allows attackers to read arbitrary files when the DB | |
| 259 | CVE-2025-27915 |
|
96.2th | 5.4 | KEV | This stored XSS vulnerability in Zimbra Collaboration allows attackers to inject malicious JavaScrip |
| 260 | CVE-2025-4334 |
|
96.2th | 9.8 | The Simple User Registration plugin for WordPress has a privilege escalation vulnerability that allo | |
| 261 | CVE-2025-46817 |
|
96.1th | 7.0 | This CVE describes an integer overflow vulnerability in Redis that allows authenticated users to exe | |
| 262 | CVE-2025-23120 |
|
96.1th | 8.8 | This vulnerability allows remote code execution (RCE) for domain users in Veeam Backup & Replication | |
| 263 | CVE-2025-24989 |
|
96.1th | 8.2 | KEV | An improper access control vulnerability in Microsoft Power Pages allows unauthorized attackers to b |
| 264 | CVE-2025-0364 |
|
96.1th | 9.8 | BigAntSoft BigAnt Server up to version 5.6.06 allows unauthenticated remote attackers to create admi | |
| 265 | CVE-2025-47539 |
|
96.1th | 9.8 | This vulnerability allows attackers to escalate privileges in the Themewinter Eventin WordPress plug | |
| 266 | CVE-2024-55963 |
|
96.1th | 6.5 | This vulnerability allows any authenticated user without admin permissions to trigger the restart AP | |
| 267 | CVE-2025-53118 |
|
96.1th | 9.8 | An authentication bypass vulnerability in Securden Unified PAM allows unauthenticated attackers to a | |
| 268 | CVE-2024-57968 |
|
96th | 9.9 | KEV | This vulnerability in Advantive VeraCore allows authenticated remote users to upload files to uninte |
| 269 | CVE-2023-25610 |
|
96th | 9.8 | This critical vulnerability allows remote unauthenticated attackers to execute arbitrary code or com | |
| 270 | CVE-2025-6095 |
|
96th | 7.3 | CVE-2025-6095 is a critical SQL injection vulnerability in Jasmin Ransomware 1.0.1 that allows remot | |
| 271 | CVE-2024-10644 |
|
96th | 9.1 | This vulnerability allows remote authenticated administrators to inject malicious code into Ivanti C | |
| 272 | CVE-2025-54782 |
|
96th | 8.8 | A critical Remote Code Execution vulnerability in @nestjs/devtools-integration package allows malici | |
| 273 | CVE-2024-13478 |
|
96th | 7.5 | This SQL injection vulnerability in the LTL Freight Quotes WordPress plugin allows unauthenticated a | |
| 274 | CVE-2025-5946 |
|
95.9th | 7.2 | This OS command injection vulnerability in Centreon Infra Monitoring allows authenticated high-privi | |
| 275 | CVE-2025-20281 |
|
95.9th | 10.0 | KEV | An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers |
| 276 | CVE-2025-1307 |
|
95.9th | 9.8 | The Newscrunch WordPress theme contains a vulnerability that allows authenticated users with Subscri | |
| 277 | CVE-2025-66039 |
|
95.9th | 9.8 | FreePBX Endpoint Manager versions before 16.0.44 and 17.0.23 contain an authentication bypass vulner | |
| 278 | CVE-2025-21420 |
|
95.8th | 7.8 | This vulnerability allows an authenticated attacker to exploit the Windows Disk Cleanup Tool to gain | |
| 279 | CVE-2025-8730 |
|
95.8th | 9.8 | This critical vulnerability in Belkin routers allows attackers to use hard-coded credentials to gain | |
| 280 | CVE-2025-21624 |
|
95.8th | 9.8 | ClipBucket V5 has a file upload vulnerability in the Manage Playlist functionality that allows attac | |
| 281 | CVE-2024-12157 |
|
95.8th | 7.5 | This SQL injection vulnerability in the Popup plugin for WordPress allows unauthenticated attackers | |
| 282 | CVE-2025-2010 |
|
95.8th | 7.5 | This SQL injection vulnerability in the JobWP WordPress plugin allows unauthenticated attackers to i | |
| 283 | CVE-2025-6058 |
|
95.7th | 9.8 | The WPBookit WordPress plugin allows unauthenticated attackers to upload arbitrary files due to miss | |
| 284 | CVE-2025-29085 |
|
95.7th | 9.8 | This CVE describes a critical SQL injection vulnerability in vipshop Saturn's console dashboard comp | |
| 285 | CVE-2025-32814 |
|
95.7th | 9.8 | Unauthenticated SQL injection vulnerability in Infoblox NETMRI allows attackers to execute arbitrary | |
| 286 | CVE-2024-7097 |
|
95.7th | 4.3 | This vulnerability allows attackers to create unauthorized user accounts in WSO2 products regardless | |
| 287 | CVE-2025-21351 |
|
95.6th | 7.5 | This vulnerability in Windows Active Directory Domain Services API allows attackers to cause a denia | |
| 288 | CVE-2025-55183 |
|
95.6th | 5.3 | An information leak vulnerability in React Server Components allows attackers to retrieve source cod | |
| 289 | CVE-2025-54068 |
|
95.6th | 9.8 | This vulnerability in Livewire v3 allows unauthenticated attackers to execute arbitrary commands rem | |
| 290 | CVE-2025-8110 |
|
95.6th | 8.8 | KEV | CVE-2025-8110 is a path traversal vulnerability in Gogs' PutContents API that allows improper symbol |
| 291 | CVE-2025-6793 |
|
95.6th | 9.4 | This vulnerability in Marvell QConvergeConsole allows unauthenticated remote attackers to delete arb | |
| 292 | CVE-2025-27410 |
|
95.6th | 6.5 | CVE-2025-27410 is a path traversal vulnerability in PwnDoc's backup restore functionality that allow | |
| 293 | CVE-2025-28915 |
|
95.6th | 9.1 | This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress si | |
| 294 | CVE-2025-34076 |
|
95.6th | 7.2 | An authenticated local file inclusion vulnerability in Microweber CMS allows authenticated users to | |
| 295 | CVE-2025-30397 |
|
95.5th | 7.5 | KEV | A type confusion vulnerability in Microsoft Scripting Engine allows remote attackers to execute arbi |
| 296 | CVE-2025-32969 |
|
95.5th | 9.8 | This vulnerability allows remote unauthenticated attackers to perform blind SQL injection on XWiki i | |
| 297 | CVE-2025-1035 |
|
95.5th | 5.7 | This path traversal vulnerability in Komtera Technologies KLog Server allows attackers to manipulate | |
| 298 | CVE-2025-4396 |
|
95.5th | 7.5 | The Relevanssi WordPress plugin has a time-based SQL injection vulnerability in its search functiona | |
| 299 | CVE-2025-35939 |
|
95.5th | 5.3 | KEV | CVE-2025-35939 is a session file injection vulnerability in Craft CMS where unauthenticated users ca |
| 300 | CVE-2024-56902 |
|
95.5th | 7.5 | This vulnerability in Geovision GV-ASManager web application versions v6.1.0.0 and earlier allows at |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free