Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 3051 | CVE-2024-40584 |
|
59.9th | 7.2 | This OS command injection vulnerability in Fortinet FortiAnalyzer and FortiManager products allows a | |
| 3052 | CVE-2025-31691 |
|
59.9th | 9.8 | This vulnerability allows attackers to bypass authorization checks in Drupal OAuth2 Server through f | |
| 3053 | CVE-2025-29315 |
|
59.9th | 9.8 | This vulnerability allows attackers to bypass Shiro-based RBAC controls in OpenDaylight SFC, enablin | |
| 3054 | CVE-2025-48390 |
|
59.9th | 7.2 | FreeScout versions before 1.8.178 contain a code injection vulnerability in the php_path parameter. | |
| 3055 | CVE-2023-53883 |
|
59.9th | 7.2 | CVE-2023-53883 is a remote code execution vulnerability in Webedition CMS v2.9.8.8 that allows authe | |
| 3056 | CVE-2025-24051 |
|
59.8th | 8.8 | A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allow | |
| 3057 | CVE-2024-48761 |
|
59.8th | 8.8 | This is a reflected cross-site scripting (XSS) vulnerability in Celk Sistemas Celk Saude healthcare | |
| 3058 | CVE-2024-55573 |
|
59.8th | 9.1 | A critical SQL injection vulnerability in Centreon centreon-web allows authenticated users with high | |
| 3059 | CVE-2024-36512 |
|
59.7th | 7.2 | This path traversal vulnerability in Fortinet FortiManager and FortiAnalyzer allows attackers to exe | |
| 3060 | CVE-2025-22132 |
|
59.8th | 8.3 | This Cross-Site Scripting (XSS) vulnerability in WeGIA's file upload functionality allows attackers | |
| 3061 | CVE-2025-26325 |
|
59.8th | 9.8 | ShopXO 6.4.0 contains an unrestricted file upload vulnerability in ThemeDataService.php that allows | |
| 3062 | CVE-2025-1013 |
|
59.8th | 6.5 | A race condition vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird could cause private | |
| 3063 | CVE-2024-54016 |
|
59.8th | 4.3 | Apache Seata (incubating) has a vulnerability where improper handling of highly compressed data can | |
| 3064 | CVE-2024-29643 |
|
59.8th | 9.1 | This vulnerability allows attackers to perform Host header injection in Croogo v3.0.2 via the feed.r | |
| 3065 | CVE-2023-54329 |
|
59.8th | 9.8 | CVE-2023-54329 is a critical remote command execution vulnerability in Inbit Messenger versions 4.6. | |
| 3066 | CVE-2022-45830 |
|
59.7th | 6.5 | CVE-2022-45830 is a missing authorization vulnerability in the Analytify WordPress plugin that allow | |
| 3067 | CVE-2025-0867 |
|
59.7th | 9.9 | This vulnerability allows standard users to execute commands with administrative privileges through | |
| 3068 | CVE-2024-57426 |
|
59.7th | 7.3 | NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing attackers to execute arbitrary code | |
| 3069 | CVE-2024-54362 |
|
59.7th | 8.1 | This path traversal vulnerability in the GetShop eCommerce WordPress plugin allows attackers to acce | |
| 3070 | CVE-2025-2284 |
|
59.7th | 7.5 | A denial-of-service vulnerability in the GetWebLoginCredentials function of Sante PACS Server.exe al | |
| 3071 | CVE-2025-32583 |
|
59.7th | 9.9 | This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable v | |
| 3072 | CVE-2024-47264 |
|
59.7th | 4.9 | This path traversal vulnerability in Synology Active Backup for Business allows authenticated admini | |
| 3073 | CVE-2025-3043 |
|
59.6th | 5.3 | This critical vulnerability in GuoMinJim PersonManage 1.0 allows remote attackers to perform path tr | |
| 3074 | CVE-2025-31715 |
|
59.6th | 9.8 | CVE-2025-31715 is a command injection vulnerability in vowifi service that allows remote attackers t | |
| 3075 | CVE-2025-10647 |
|
59.7th | 8.8 | The Embed PDF for WPForms WordPress plugin allows authenticated users with Subscriber-level access o | |
| 3076 | CVE-2025-20703 |
|
59.6th | 6.5 | This vulnerability allows remote denial of service attacks against devices with affected MediaTek mo | |
| 3077 | CVE-2025-9561 |
|
59.7th | 8.8 | The AP Background WordPress plugin versions 3.8.1 to 3.8.2 contain an arbitrary file upload vulnerab | |
| 3078 | CVE-2025-63932 |
|
59.6th | 7.3 | The D-Link DIR-868L A1 router has an unauthenticated remote code execution vulnerability in its HNAP | |
| 3079 | CVE-2025-12871 |
|
59.7th | 9.8 | CVE-2025-12871 is an authentication abuse vulnerability in a+HRD software that allows unauthenticate | |
| 3080 | CVE-2021-47888 |
|
59.7th | 8.8 | CVE-2021-47888 is an authenticated remote code execution vulnerability in Textpattern CMS that allow | |
| 3081 | CVE-2025-29925 |
|
59.6th | 5.3 | XWiki Platform REST endpoints improperly list protected pages even when users lack view permissions. | |
| 3082 | CVE-2025-8531 |
|
59.6th | 6.8 | A remote attacker can send specially crafted packets to cause an integer underflow in Mitsubishi Ele | |
| 3083 | CVE-2023-53889 |
|
59.6th | 7.2 | CVE-2023-53889 is a remote code execution vulnerability in Perch CMS 3.2 that allows authenticated a | |
| 3084 | CVE-2025-14108 |
|
59.6th | 8.8 | This vulnerability allows remote attackers to execute arbitrary commands on ZSPACE Q2C NAS devices b | |
| 3085 | CVE-2025-54307 |
|
59.6th | 8.8 | This vulnerability allows authenticated low-privilege users to upload ZIP files containing path trav | |
| 3086 | CVE-2025-22937 |
|
59.5th | 9.8 | This vulnerability in Adtran 411 ONT devices allows attackers to escalate privileges from a lower-pr | |
| 3087 | CVE-2025-30868 |
|
59.5th | 7.5 | This CVE describes a PHP Local File Inclusion vulnerability in the DynamicWebLab Team Manager WordPr | |
| 3088 | CVE-2025-30845 |
|
59.5th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 3089 | CVE-2025-31330 |
|
59.5th | 9.9 | CVE-2025-31330 is a critical code injection vulnerability in SAP Landscape Transformation (SLT) that | |
| 3090 | CVE-2025-27429 |
|
59.5th | 9.9 | This critical vulnerability in SAP S/4HANA allows authenticated users to inject arbitrary ABAP code | |
| 3091 | CVE-2025-20666 |
|
59.5th | 7.5 | This vulnerability in MediaTek modems allows remote denial of service through system crashes when de | |
| 3092 | CVE-2024-45438 |
|
59.5th | 9.1 | CVE-2024-45438 is an authentication bypass vulnerability in TitanHQ SpamTitan Email Security Gateway | |
| 3093 | CVE-2026-1428 |
|
59.5th | 8.8 | CVE-2026-1428 is an OS command injection vulnerability in WellChoose's Single Sign-On Portal System | |
| 3094 | CVE-2025-22388 |
|
59.4th | 5.7 | A stored cross-site scripting (XSS) vulnerability in Optimizely EPiServer CMS Core allows attackers | |
| 3095 | CVE-2025-31334 |
|
59.4th | 6.8 | This vulnerability allows attackers to bypass Windows' 'Mark of the Web' security warnings by tricki | |
| 3096 | CVE-2025-20212 |
|
59.5th | 7.7 | An authenticated attacker with VPN credentials can cause a denial of service on Cisco Meraki MX/Z Se | |
| 3097 | CVE-2025-5106 |
|
59.5th | 7.3 | This critical vulnerability in Fujian Kelixun 1.0 allows remote attackers to execute arbitrary opera | |
| 3098 | CVE-2025-6688 |
|
59.5th | 9.8 | The Simple Payment WordPress plugin contains an authentication bypass vulnerability that allows unau | |
| 3099 | CVE-2025-4973 |
|
59.5th | 9.8 | The Workreap WordPress plugin has an authentication bypass vulnerability that allows unauthenticated | |
| 3100 | CVE-2025-8139 |
|
59.5th | 8.8 | This critical vulnerability in TOTOLINK A702R routers allows remote attackers to execute arbitrary c |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free