Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 2951 | CVE-2025-11675 |
|
60.8th | 7.2 | CVE-2025-11675 is an arbitrary file upload vulnerability in Ragic's Enterprise Cloud Database that a | |
| 2952 | CVE-2024-58279 |
|
60.8th | 8.8 | appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administ | |
| 2953 | CVE-2025-0317 |
|
60.7th | 7.5 | A vulnerability in Ollama versions up to 0.3.14 allows attackers to upload malicious GGUF model file | |
| 2954 | CVE-2025-6825 |
|
60.7th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK A702R routers allows remote attackers to execut | |
| 2955 | CVE-2025-6400 |
|
60.7th | 8.8 | This critical vulnerability in TOTOLINK N300RH routers allows remote attackers to execute arbitrary | |
| 2956 | CVE-2025-6399 |
|
60.7th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK X15 routers allows remote attackers to execute | |
| 2957 | CVE-2025-6164 |
|
60.7th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK A3002R routers allows remote attackers to execu | |
| 2958 | CVE-2025-6162 |
|
60.7th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK EX1200T routers allows remote attackers to exec | |
| 2959 | CVE-2025-6149 |
|
60.7th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK A3002R routers allows remote attackers to execu | |
| 2960 | CVE-2025-6147 |
|
60.7th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK A702R routers allows remote attackers to execut | |
| 2961 | CVE-2025-6145 |
|
60.7th | 8.8 | This critical vulnerability in TOTOLINK EX1200T routers allows remote attackers to execute arbitrary | |
| 2962 | CVE-2025-6138 |
|
60.7th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK T10 routers allows remote attackers to execute | |
| 2963 | CVE-2025-7460 |
|
60.7th | 8.8 | This critical vulnerability in TOTOLINK T6 routers allows remote attackers to execute arbitrary code | |
| 2964 | CVE-2025-7407 |
|
60.8th | 6.3 | This critical vulnerability in Netgear D6400 routers allows remote attackers to execute arbitrary op | |
| 2965 | CVE-2025-6953 |
|
60.7th | 8.8 | This critical vulnerability in TOTOLINK A3002RU routers allows remote attackers to execute arbitrary | |
| 2966 | CVE-2025-67076 |
|
60.7th | 7.5 | This directory traversal vulnerability in Omnispace Agora Project allows unauthenticated attackers t | |
| 2967 | CVE-2025-1181 |
|
60.7th | 5.0 | A critical memory corruption vulnerability in GNU Binutils' linker component (ld) allows remote atta | |
| 2968 | CVE-2025-4146 |
|
60.6th | 8.8 | A critical buffer overflow vulnerability in Netgear EX6200 routers allows remote attackers to execut | |
| 2969 | CVE-2025-9809 |
|
60.6th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code by providing a specially crafte | |
| 2970 | CVE-2025-21189 |
|
60.6th | 4.3 | This vulnerability allows attackers to bypass Internet Explorer's security zone restrictions, potent | |
| 2971 | CVE-2025-45746 |
|
60.6th | 6.5 | CVE-2025-45746 allows unauthenticated attackers to craft valid JWT tokens using a hardcoded secret, | |
| 2972 | CVE-2025-46122 |
|
60.6th | 9.1 | This vulnerability allows authenticated attackers to execute arbitrary commands as root on Ruckus Un | |
| 2973 | CVE-2025-9360 |
|
60.6th | 8.8 | A stack-based buffer overflow vulnerability in Linksys WiFi range extenders allows remote attackers | |
| 2974 | CVE-2024-52791 |
|
60.5th | 5.3 | Matrix Media Repo (MMR) versions before 1.3.8 are vulnerable to memory exhaustion attacks when proce | |
| 2975 | CVE-2025-24957 |
|
60.5th | 9.8 | This SQL injection vulnerability in WeGIA's get_detalhes_socio.php endpoint allows authenticated att | |
| 2976 | CVE-2025-24905 |
|
60.5th | 9.8 | CVE-2025-24905 is a critical SQL injection vulnerability in WeGIA's get_codigobarras_cobranca.php en | |
| 2977 | CVE-2025-2732 |
|
60.5th | 8.0 | This critical vulnerability in H3C Magic routers allows authenticated attackers on the local network | |
| 2978 | CVE-2025-2731 |
|
60.5th | 8.0 | This critical vulnerability in H3C Magic routers allows authenticated attackers on the local network | |
| 2979 | CVE-2025-2730 |
|
60.5th | 8.0 | This critical vulnerability in H3C Magic routers allows authenticated attackers on the local network | |
| 2980 | CVE-2025-2729 |
|
60.5th | 8.0 | This critical vulnerability in H3C Magic routers allows attackers within the local network to execut | |
| 2981 | CVE-2025-2728 |
|
60.5th | 8.0 | This critical vulnerability in H3C Magic NX30 Pro and Magic NX400 routers allows authenticated attac | |
| 2982 | CVE-2025-2727 |
|
60.5th | 8.0 | This critical vulnerability in H3C Magic NX30 Pro routers allows attackers on the local network to e | |
| 2983 | CVE-2025-2726 |
|
60.5th | 8.0 | This critical vulnerability in H3C Magic routers allows authenticated attackers on the local network | |
| 2984 | CVE-2025-8854 |
|
60.5th | 9.8 | A stack-based buffer overflow vulnerability in bulletphysics bullet3's LoadOFF function allows remot | |
| 2985 | CVE-2023-53741 |
|
60.5th | 8.1 | Screen SFT DAB 1.9.3 has a weak session management vulnerability where attackers can bypass authenti | |
| 2986 | CVE-2025-1570 |
|
60.5th | 8.1 | This vulnerability allows unauthenticated attackers to brute-force OTP codes and reset passwords for | |
| 2987 | CVE-2019-8900 |
|
60.5th | 6.8 | A SecureROM vulnerability in certain Apple devices allows unauthenticated local attackers with physi | |
| 2988 | CVE-2025-21383 |
|
60.5th | 7.8 | This vulnerability in Microsoft Excel allows an attacker to read sensitive information from memory w | |
| 2989 | CVE-2025-20260 |
|
60.4th | 9.8 | A critical buffer overflow vulnerability in ClamAV's PDF scanning allows remote attackers to crash t | |
| 2990 | CVE-2025-5309 |
|
60.4th | 9.8 | A Server-Side Template Injection vulnerability in BeyondTrust's Remote Support and Privileged Remote | |
| 2991 | CVE-2025-50475 |
|
60.5th | 9.8 | An unauthenticated OS command injection vulnerability in Russound MBX-PRE-D67F firmware allows attac | |
| 2992 | CVE-2026-22244 |
|
60.5th | 7.2 | OpenMetadata versions before 1.11.4 contain a Server-Side Template Injection vulnerability in FreeMa | |
| 2993 | CVE-2025-24120 |
|
60.4th | 7.5 | A memory management vulnerability in macOS allows attackers to cause application crashes through imp | |
| 2994 | CVE-2025-30765 |
|
60.4th | 7.6 | This SQL injection vulnerability in WPPOOL FlexStock WordPress plugin allows attackers to execute ar | |
| 2995 | CVE-2025-30966 |
|
60.4th | 5.4 | A path traversal vulnerability in the WPJobBoard WordPress plugin allows attackers to access files o | |
| 2996 | CVE-2025-32203 |
|
60.4th | 7.6 | This SQL injection vulnerability in the Falling Things WordPress plugin allows attackers to execute | |
| 2997 | CVE-2025-6129 |
|
60.4th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK EX1200T routers allows remote attackers to exec | |
| 2998 | CVE-2025-6043 |
|
60.4th | 8.1 | This vulnerability in the Malcure Malware Scanner WordPress plugin allows authenticated attackers wi | |
| 2999 | CVE-2025-9481 |
|
60.4th | 8.8 | A stack-based buffer overflow vulnerability in Linksys RE series range extenders allows remote attac | |
| 3000 | CVE-2025-9297 |
|
60.4th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on Tenda i22 routers by exploit |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free