Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
3301	CVE-2024-56901	0.36%	57.9th	8.8	This CSRF vulnerability in Geovision GV-ASWeb allows attackers to create administrator accounts with
3302	CVE-2025-27786	0.36%	57.9th	9.1	Applio voice conversion tool versions 3.2.8-bugfix and prior contain a path traversal vulnerability
3303	CVE-2025-27198	0.36%	57.9th	7.8	A heap-based buffer overflow vulnerability in Adobe Photoshop allows attackers to execute arbitrary
3304	CVE-2025-32196	0.36%	57.8th	6.5	This stored cross-site scripting (XSS) vulnerability in the News Kit Elementor Addons WordPress plug
3305	CVE-2025-32169	0.36%	57.8th	6.5	This DOM-based Cross-Site Scripting (XSS) vulnerability in the Showeblogin Social WordPress plugin a
3306	CVE-2025-45784	0.36%	57.8th	9.8	D-Link DPH-400S/SE VoIP phones contain hardcoded provisioning credentials in their firmware, allowin
3307	CVE-2025-54576	0.36%	57.8th	9.1	This vulnerability allows attackers to bypass authentication in OAuth2-Proxy by crafting URLs with q
3308	CVE-2025-57567	0.36%	57.8th	9.1	This vulnerability allows authenticated administrator users in PluXml CMS to overwrite the minify.ph
3309	CVE-2025-15389	0.36%	57.9th	8.8	This vulnerability allows authenticated remote attackers to execute arbitrary operating system comma
3310	CVE-2025-15388	0.36%	57.9th	8.8	This vulnerability allows authenticated remote attackers to execute arbitrary operating system comma
3311	CVE-2025-13711	0.36%	57.8th	7.8	This vulnerability in Tencent TFace allows remote attackers to execute arbitrary code with root priv
3312	CVE-2025-13709	0.36%	57.8th	7.8	This vulnerability in Tencent TFace's restore_checkpoint function allows remote attackers to execute
3313	CVE-2026-0855	0.36%	57.9th	8.8	Merit LILIN IP cameras have an OS command injection vulnerability that allows authenticated remote a
3314	CVE-2026-0854	0.36%	57.9th	8.8	This vulnerability allows authenticated remote attackers to execute arbitrary operating system comma
3315	CVE-2026-25512	0.36%	57.8th	8.8	This CVE describes a remote code execution vulnerability in Group-Office where an authenticated atta
3316	CVE-2025-25515	0.36%	57.8th	8.8	Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_collect.php that allows au
3317	CVE-2025-26357	0.36%	57.7th	4.9	This vulnerability allows authenticated remote attackers to read sensitive files on Q-Free MaxTime s
3318	CVE-2024-53942	0.36%	57.8th	4.8	This vulnerability allows remote attackers to execute arbitrary operating system commands with root
3319	CVE-2025-4810	0.36%	57.7th	8.8	A critical stack-based buffer overflow vulnerability in Tenda AC7 routers allows remote attackers to
3320	CVE-2025-4809	0.36%	57.7th	8.8	A critical stack-based buffer overflow vulnerability in Tenda AC7 routers allows remote attackers to
3321	CVE-2024-56370	0.36%	57.7th	6.5	Net::Xero 0.044 and earlier for Perl uses non-cryptographically secure random number generation via
3322	CVE-2025-34183	0.36%	57.7th	7.5	This vulnerability allows unauthenticated remote attackers to retrieve plaintext credentials from ex
3323	CVE-2025-67843	0.36%	57.7th	8.3	This Server-Side Template Injection vulnerability in Mintlify's MDX Rendering Engine allows attacker
3324	CVE-2025-36745	0.36%	57.7th	7.8	SolarEdge SE3680H inverters ship with an outdated Linux kernel containing unpatched vulnerabilities
3325	CVE-2024-58280	0.36%	57.7th	8.8	CMSimple 5.15 contains a remote command execution vulnerability where authenticated attackers can mo
3326	CVE-2025-21213	0.36%	57.6th	4.6	This Secure Boot vulnerability allows attackers with physical access or administrative privileges to
3327	CVE-2025-5600	0.36%	57.7th	9.8	A critical stack-based buffer overflow vulnerability in TOTOLINK EX1200T routers allows remote attac
3328	CVE-2025-7117	0.36%	57.6th	8.8	A critical buffer overflow vulnerability in UTT HiPER 840G routers allows remote attackers to execut
3329	CVE-2025-7084	0.36%	57.6th	8.8	A critical stack-based buffer overflow vulnerability in Belkin F9K1122 routers allows remote attacke
3330	CVE-2023-53885	0.36%	57.7th	7.2	Webutler v3.2 contains an arbitrary file upload vulnerability that allows authenticated administrato
3331	CVE-2025-0373	0.36%	57.6th	6.0	A stack buffer overflow vulnerability in FreeBSD's cd9660, tarfs, and ext2fs filesystems allows atta
3332	CVE-2025-29907	0.36%	57.6th	7.5	CVE-2025-29907 is a denial-of-service vulnerability in jsPDF library where attackers can pass malici
3333	CVE-2025-32107	0.36%	57.6th	8.0	This CVE describes an OS command injection vulnerability in Deco BE65 Pro mesh Wi-Fi systems that al
3334	CVE-2025-50900	0.36%	57.5th	9.8	This vulnerability in rebuild 4.0.4 allows unauthenticated attackers to bypass authentication by man
3335	CVE-2025-13435	0.36%	57.5th	5.6	CVE-2025-13435 is a path traversal vulnerability in Dreampie Resty's HttpClient module that allows a
3336	CVE-2021-4469	0.36%	57.6th	N/A	Denver SHO-110 IP cameras expose an unauthenticated HTTP endpoint on port 8001 that allows remote at
3337	CVE-2025-21292	0.36%	57.5th	8.8	This vulnerability allows attackers to elevate privileges on Windows systems by exploiting the Windo
3338	CVE-2025-21171	0.36%	57.5th	7.5	This .NET vulnerability allows remote attackers to execute arbitrary code on affected systems by exp
3339	CVE-2025-27553	0.36%	57.5th	7.5	This CVE describes a path traversal vulnerability in Apache Commons VFS where encoded '..' sequences
3340	CVE-2025-48744	0.36%	57.5th	6.4	This vulnerability in SIGB PMB allows attackers to perform Local File Inclusion (LFI) and achieve re
3341	CVE-2025-55139	0.36%	57.5th	6.8	This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in multiple Ivanti security pr
3342	CVE-2025-11889	0.36%	57.5th	7.2	The AIO Forms WordPress plugin allows authenticated administrators to upload arbitrary files due to
3343	CVE-2025-11967	0.36%	57.5th	7.2	The Mail Mint WordPress plugin allows authenticated administrators to upload arbitrary files due to
3344	CVE-2025-46070	0.36%	57.5th	9.8	A critical remote code execution vulnerability in Automai BotManager v25.2.0 allows attackers to exe
3345	CVE-2024-54794	0.36%	57.4th	9.1	CVE-2024-54794 is a command injection vulnerability in SpagoBI 3.5.1 that allows attackers to execut
3346	CVE-2025-21219	0.36%	57.5th	4.3	This vulnerability allows attackers to bypass security zone restrictions in Windows when processing
3347	CVE-2025-1339	0.36%	57.5th	6.3	This critical vulnerability in TOTOLINK X18 routers allows remote attackers to execute arbitrary ope
3348	CVE-2025-26359	0.36%	57.4th	9.8	This vulnerability allows unauthenticated remote attackers to reset user PINs in Q-Free MaxTime syst
3349	CVE-2025-1178	0.36%	57.5th	5.6	A memory corruption vulnerability exists in GNU Binutils' bfd_putl64 function within the ld componen
3350	CVE-2025-29964	0.36%	57.5th	8.8	A heap-based buffer overflow vulnerability in Windows Media allows remote attackers to execute arbit

← Previous Page 67 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free