Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
301	CVE-2025-44872	3.18%	86.7th	9.8		This CVE describes a command injection vulnerability in Tenda AC9 routers that allows attackers to e
302	CVE-2024-48445	3.15%	86.6th	9.8		A critical authentication bypass vulnerability in compop.ca ONLINE MALL v3.5.3 allows remote attacke
303	CVE-2025-32444	3.07%	86.4th	10.0		This vulnerability allows remote code execution on vLLM instances using mooncake integration via ins
304	CVE-2025-6543	3.05%	86.4th	9.8	KEV	A critical memory overflow vulnerability in NetScaler ADC and NetScaler Gateway allows attackers to
305	CVE-2025-27364	3.04%	86.4th	10.0		This CVE describes a critical Remote Code Execution vulnerability in MITRE Caldera's agent compilati
306	CVE-2025-45890	3.04%	86.4th	9.8		A directory traversal vulnerability in novel plus allows remote attackers to read, write, or execute
307	CVE-2025-45491	3.01%	86.3th	9.8		This CVE describes a command injection vulnerability in Linksys E5600 routers via the DynDNS usernam
308	CVE-2025-2941	2.94%	86.1th	9.8		This vulnerability allows unauthenticated attackers to move arbitrary files on WordPress servers run
309	CVE-2025-21415	2.92%	86.1th	9.9		This critical vulnerability in Azure AI Face Service allows attackers to bypass authentication mecha
310	CVE-2025-21613	2.86%	85.9th	9.8		An argument injection vulnerability in go-git versions before 5.13.0 allows attackers to set arbitra
311	CVE-2025-29046	2.85%	85.9th	9.8		A buffer overflow vulnerability in ALFA WiFi CampPro router firmware allows remote attackers to exec
312	CVE-2025-29044	2.85%	85.9th	9.8		A buffer overflow vulnerability in Netgear R61 router firmware allows remote attackers to execute ar
313	CVE-2025-7643	2.81%	85.8th	9.1		The Attachment Manager WordPress plugin has an arbitrary file deletion vulnerability that allows una
314	CVE-2025-7712	2.81%	85.8th	9.1		The Madara - Core WordPress plugin has an arbitrary file deletion vulnerability that allows unauthen
315	CVE-2025-34223	2.8%	85.8th	9.8		This vulnerability allows unauthenticated remote attackers to take over administrative control of Va
316	CVE-2024-13824	2.79%	85.8th	9.8		CVE-2024-13824 is a PHP object injection vulnerability in the CiyaShop WordPress theme that allows u
317	CVE-2025-41243	2.78%	85.7th	10.0		CVE-2025-41243 allows attackers to modify Spring Environment properties through unsecured Spring Boo
318	CVE-2025-6065	2.77%	85.7th	9.1		The Image Resizer On The Fly WordPress plugin contains an arbitrary file deletion vulnerability that
319	CVE-2024-36295	2.74%	85.7th	9.1		This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 ro
320	CVE-2024-21797	2.74%	85.7th	9.1		This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 ro
321	CVE-2025-34329	2.73%	85.6th	9.8		AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23 expose an unauthenticat
322	CVE-2025-26817	2.73%	85.6th	9.8		CVE-2025-26817 is an OS command injection vulnerability in Netwrix Password Secure 9.2.0.32454 that
323	CVE-2021-41691	2.71%	85.6th	9.8		This SQL injection vulnerability in OS4Ed OpenSIS allows attackers to execute arbitrary SQL commands
324	CVE-2024-54756	2.63%	85.4th	9.8		This CVE describes a critical remote code execution vulnerability in GZDoom v4.13.1. Attackers can e
325	CVE-2025-4828	2.6%	85.3th	9.8		This vulnerability in the Support Board WordPress plugin allows attackers to delete arbitrary files
326	CVE-2025-55010	2.6%	85.3th	9.1		CVE-2025-55010 is an unsafe deserialization vulnerability in Kanboard that allows admin users to exe
327	CVE-2025-25742	2.56%	85.2th	9.8		This CVE describes a critical stack-based buffer overflow vulnerability in D-Link DIR-853 routers th
328	CVE-2025-23317	2.53%	85.1th	9.1		NVIDIA Triton Inference Server's HTTP server has a heap-based buffer overflow vulnerability (CWE-122
329	CVE-2025-50165	2.48%	85th	9.8		This critical vulnerability in Microsoft Graphics Component allows remote attackers to execute arbit
330	CVE-2025-12488	2.45%	84.9th	9.8		This vulnerability allows remote attackers to execute arbitrary code on oobabooga text-generation-we
331	CVE-2025-12487	2.45%	84.9th	9.8		This vulnerability allows remote attackers to execute arbitrary code on oobabooga text-generation-we
332	CVE-2023-53963	2.44%	84.9th	9.8		CVE-2023-53963 is an unauthenticated remote command injection vulnerability in SOUND4 IMPACT/FIRST/P
333	CVE-2024-39760	2.4%	84.8th	10.0		This critical vulnerability allows unauthenticated attackers to execute arbitrary operating system c
334	CVE-2025-2512	2.35%	84.6th	9.8		The File Away WordPress plugin allows unauthenticated attackers to upload arbitrary files to affecte
335	CVE-2024-8156	2.33%	84.5th	9.8		This CVE-2024-8156 is a critical command injection vulnerability in AutoGPT's GitHub Actions workflo
336	CVE-2024-48590	2.32%	84.5th	9.8		Inflectra SpiraTeam 7.2.00 contains a Server-Side Request Forgery (SSRF) vulnerability in the NewsRe
337	CVE-2025-30023	2.3%	84.4th	9.0		This vulnerability allows authenticated users to execute arbitrary code remotely on affected systems
338	CVE-2025-20188	2.27%	84.3th	10.0		This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a
339	CVE-2024-13410	2.26%	84.3th	9.8		This CVE describes a PHP Object Injection vulnerability in CozyStay and TinySalt WordPress plugins.
340	CVE-2025-3065	2.26%	84.3th	9.1		The Database Toolset WordPress plugin contains an arbitrary file deletion vulnerability that allows
341	CVE-2024-13645	2.23%	84.2th	9.8		The tagDiv Composer WordPress plugin has a PHP object instantiation vulnerability that allows unauth
342	CVE-2025-9501	2.18%	84th	9.0		The W3 Total Cache WordPress plugin before version 2.8.13 contains a command injection vulnerability
343	CVE-2024-9053	2.18%	84th	9.8		CVE-2024-9053 is a critical remote code execution vulnerability in vLLM's AsyncEngineRPCServer where
344	CVE-2025-51390	2.16%	83.9th	9.8		This CVE describes a command injection vulnerability in TOTOLINK N600R routers that allows attackers
345	CVE-2024-12433	2.14%	83.9th	9.8		This CVE allows remote attackers to execute arbitrary code on systems running vulnerable versions of
346	CVE-2025-2332	2.12%	83.8th	9.8		This CVE describes a PHP object injection vulnerability in the Export All Posts, Products, Orders, R
347	CVE-2024-57686	2.12%	83.8th	9.8		A reflected Cross-Site Scripting (XSS) vulnerability in PHPGurukul Land Record System v1.0 allows re
348	CVE-2024-40071	2.1%	83.7th	9.8		This vulnerability allows attackers to upload arbitrary PHP files to Sourcecodester Online ID Genera
349	CVE-2025-29064	2.1%	83.7th	9.8		This vulnerability allows remote attackers to execute arbitrary operating system commands on TOTOLIN
350	CVE-2025-4094	2.09%	83.7th	9.8		The DIGITS WordPress plugin before version 8.4.6.1 lacks rate limiting on OTP validation attempts, a

← Previous Page 7 of 70 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free