Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 3001 | CVE-2023-47693 |
|
60.3th | 7.5 | This vulnerability allows attackers to bypass authorization controls in the Ultimate Addons for Cont | |
| 3002 | CVE-2025-30660 |
|
60.3th | 7.5 | An unauthenticated attacker can cause denial-of-service on Juniper MX Series routers by sending high | |
| 3003 | CVE-2025-30658 |
|
60.3th | 7.5 | An unauthenticated attacker can cause a denial-of-service on Juniper SRX Series firewalls by sending | |
| 3004 | CVE-2025-30656 |
|
60.3th | 7.5 | An unauthenticated network attacker can cause sustained denial-of-service on Juniper MX and SRX seri | |
| 3005 | CVE-2025-30651 |
|
60.3th | 7.5 | An unauthenticated network attacker can send a specific ICMPv6 packet to cause the routing protocol | |
| 3006 | CVE-2025-30841 |
|
60.4th | 9.9 | This path traversal vulnerability in the Countdown & Clock WordPress plugin allows attackers to incl | |
| 3007 | CVE-2023-7308 |
|
60.3th | 7.5 | The SecGate3600 firewall has an authentication bypass vulnerability in its user management endpoint | |
| 3008 | CVE-2025-21594 |
|
60.3th | 7.5 | This vulnerability in Juniper Networks Junos OS on MX Series routers allows crafted IPv6 traffic to | |
| 3009 | CVE-2024-47215 |
|
60.3th | 7.5 | This vulnerability in Snowbridge setups sending data to Google Tag Manager Server Side allows attack | |
| 3010 | CVE-2024-47213 |
|
60.3th | 7.5 | A denial-of-service vulnerability in Snowplow Enrich allows attackers to crash the pipeline by sendi | |
| 3011 | CVE-2025-63916 |
|
60.3th | 8.1 | MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in its GIF compression | |
| 3012 | CVE-2025-25652 |
|
60.2th | 7.5 | This directory traversal vulnerability in Eptura Archibus allows attackers to access files outside t | |
| 3013 | CVE-2024-13798 |
|
60.2th | 5.3 | The Post Grid and Gutenberg Blocks β ComboBlocks WordPress plugin has an input validation vulnerab | |
| 3014 | CVE-2025-2165 |
|
60.2th | 6.1 | The SH Email Alert WordPress plugin has a reflected cross-site scripting vulnerability in all versio | |
| 3015 | CVE-2025-2519 |
|
60.2th | 6.5 | The Streamit WordPress theme contains a vulnerability that allows authenticated attackers with subsc | |
| 3016 | CVE-2025-4579 |
|
60.2th | 7.2 | The WP Content Security Plugin for WordPress has a stored cross-site scripting vulnerability in vers | |
| 3017 | CVE-2025-9783 |
|
60.2th | 8.8 | A buffer overflow vulnerability in TOTOLINK A702R routers allows remote attackers to execute arbitra | |
| 3018 | CVE-2025-9782 |
|
60.2th | 8.8 | This CVE describes a buffer overflow vulnerability in TOTOLINK A702R routers that allows remote atta | |
| 3019 | CVE-2025-9780 |
|
60.2th | 8.8 | This vulnerability is a remote buffer overflow in TOTOLINK A702R routers affecting the formIpQoS fun | |
| 3020 | CVE-2026-2095 |
|
60.2th | 9.8 | Agentflow software from Flowring contains an authentication bypass vulnerability that allows unauthe | |
| 3021 | CVE-2025-61808 |
|
60.2th | 9.1 | This vulnerability allows high-privileged attackers to upload dangerous file types to ColdFusion ser | |
| 3022 | CVE-2025-66297 |
|
60.2th | 8.8 | This vulnerability allows authenticated users with admin panel access in Grav CMS to escalate privil | |
| 3023 | CVE-2024-45418 |
|
60.1th | 5.4 | This vulnerability in Zoom macOS installers allows authenticated users to escalate privileges via sy | |
| 3024 | CVE-2024-48615 |
|
60.1th | 7.5 | A null pointer dereference vulnerability in libarchive 3.7.6 and earlier allows attackers to cause d | |
| 3025 | CVE-2025-2894 |
|
60.1th | 6.6 | The Go1 robotic companion contains an undocumented backdoor that allows remote attackers with the co | |
| 3026 | CVE-2022-45968 |
|
60.2th | 8.8 | CVE-2022-45968 allows authenticated users with file upload permission to upload arbitrary files to a | |
| 3027 | CVE-2024-11044 |
|
60.1th | 6.1 | An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows attacke | |
| 3028 | CVE-2025-5145 |
|
60.1th | 6.3 | A critical command injection vulnerability in Netcore networking devices allows remote attackers to | |
| 3029 | CVE-2026-2188 |
|
60.1th | 7.2 | This vulnerability allows remote attackers to execute arbitrary operating system commands on UTT θΏ | |
| 3030 | CVE-2026-2182 |
|
60.1th | 7.2 | This vulnerability allows remote attackers to execute arbitrary commands on UTT θΏε 521G devices | |
| 3031 | CVE-2026-2118 |
|
60.1th | 7.2 | This vulnerability allows remote attackers to execute arbitrary commands on UTT HiPER 810 routers by | |
| 3032 | CVE-2026-2080 |
|
60.1th | 7.2 | This vulnerability allows remote attackers to execute arbitrary commands on UTT HiPER 810 routers by | |
| 3033 | CVE-2025-13827 |
|
60.1th | N/A | This vulnerability allows attackers to upload arbitrary files through the GrapesJS Builder component | |
| 3034 | CVE-2023-0881 |
|
60.1th | 7.5 | This vulnerability allows attackers to cause a kernel crash (denial of service) by launching DDoS at | |
| 3035 | CVE-2025-29487 |
|
60.1th | 7.5 | CVE-2025-29487 is an out-of-memory vulnerability in libming's parseABC_STRING_INFO function that all | |
| 3036 | CVE-2025-25372 |
|
60.1th | 7.5 | CVE-2025-25372 is a memory corruption vulnerability in NASA cFS Aquila's Memory Management Module th | |
| 3037 | CVE-2025-25454 |
|
60.1th | 7.5 | This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10 routers via a buf | |
| 3038 | CVE-2025-25457 |
|
60.1th | 7.5 | This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10 routers via a buf | |
| 3039 | CVE-2025-31496 |
|
60.1th | 7.5 | A vulnerability in Apollo Compiler versions before 1.27.0 allows attackers to craft GraphQL queries | |
| 3040 | CVE-2025-9991 |
|
60.1th | 8.1 | The Tiny Bootstrap Elements Light WordPress plugin contains a Local File Inclusion vulnerability tha | |
| 3041 | CVE-2026-1357 |
|
60.1th | 9.8 | This vulnerability allows unauthenticated attackers to upload arbitrary PHP files to WordPress sites | |
| 3042 | CVE-2021-4468 |
|
60.1th | N/A | PLANEX CS-QP50F-ING2 smart cameras expose an unauthenticated HTTP configuration backup interface. Re | |
| 3043 | CVE-2025-1352 |
|
60.1th | 5.0 | A critical memory corruption vulnerability in GNU elfutils' eu-readelf component allows remote attac | |
| 3044 | CVE-2025-30773 |
|
60.1th | 7.2 | CVE-2025-30773 is a PHP object injection vulnerability in TranslatePress WordPress plugin caused by | |
| 3045 | CVE-2025-53515 |
|
60.1th | 8.8 | This vulnerability in Advantech iView allows authenticated attackers with user-level privileges to p | |
| 3046 | CVE-2025-52577 |
|
60.1th | 8.8 | This vulnerability in Advantech iView allows authenticated attackers with user-level privileges to p | |
| 3047 | CVE-2025-53766 |
|
60th | 9.8 | A heap-based buffer overflow vulnerability in Windows GDI+ allows remote attackers to execute arbitr | |
| 3048 | CVE-2025-20045 |
|
60th | 7.5 | This vulnerability allows an attacker to cause a denial of service by sending specially crafted SIP | |
| 3049 | CVE-2025-30735 |
|
59.9th | 8.1 | This vulnerability in Oracle PeopleSoft Enterprise CC Common Application Objects allows authenticate | |
| 3050 | CVE-2025-12003 |
|
59.9th | N/A | A path traversal vulnerability in WebDAV allows unauthenticated remote attackers to access or modify |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation β making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free