Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
3501	CVE-2025-20674	0.34%	56.3th	9.8	This vulnerability in MediaTek WLAN AP drivers allows attackers to inject arbitrary packets without
3502	CVE-2025-9846	0.34%	56.2th	10.0	This critical vulnerability in Inka.Net allows attackers to upload malicious files and execute arbit
3503	CVE-2023-53970	0.34%	56.3th	7.5	This authentication bypass vulnerability in Screen SFT DAB 600/C devices allows attackers to reset d
3504	CVE-2023-53969	0.34%	56.3th	7.5	This authentication bypass vulnerability in Screen SFT DAB 600/C firmware allows attackers to change
3505	CVE-2023-53967	0.34%	56.3th	7.5	This authentication bypass vulnerability in Screen SFT DAB 600/C firmware allows attackers to change
3506	CVE-2024-54497	0.34%	56.2th	6.5	This vulnerability in Apple operating systems allows processing malicious web content to cause denia
3507	CVE-2025-30223	0.34%	56.2th	9.3	A Cross-Site Scripting (XSS) vulnerability in Beego's RenderForm() function allows attackers to inje
3508	CVE-2025-2586	0.34%	56.2th	7.5	CVE-2025-2586 is an unauthenticated API request flooding vulnerability in OpenShift Lightspeed Servi
3509	CVE-2025-27598	0.34%	56.2th	7.5	An out-of-bounds write vulnerability in ImageSharp's GIF decoder allows attackers to cause denial of
3510	CVE-2025-54381	0.34%	56.2th	9.9	This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in BentoML's file upload syste
3511	CVE-2025-8625	0.34%	56.2th	9.8	The Copypress Rest API WordPress plugin versions 1.1 to 1.2 contain a critical remote code execution
3512	CVE-2025-10619	0.34%	56.2th	6.3	This vulnerability allows remote attackers to execute arbitrary operating system commands via comman
3513	CVE-2025-55729	0.34%	56.2th	10.0	CVE-2025-55729 is a critical remote code execution vulnerability in XWiki Remote Macros that allows
3514	CVE-2025-63402	0.34%	56.2th	5.5	This vulnerability in HCLTech GRAGON allows remote attackers to execute arbitrary code by exploiting
3515	CVE-2026-0784	0.34%	56.2th	8.8	This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALG
3516	CVE-2026-0783	0.34%	56.2th	8.8	This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALG
3517	CVE-2026-0782	0.34%	56.2th	8.8	This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALG
3518	CVE-2026-0781	0.34%	56.2th	8.8	This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALG
3519	CVE-2026-0780	0.34%	56.2th	8.8	This vulnerability allows authenticated remote attackers to execute arbitrary system commands on ALG
3520	CVE-2025-15458	0.34%	56.2th	7.3	This vulnerability allows attackers to bypass authentication in MiniCMS versions up to 1.8 by exploi
3521	CVE-2025-15457	0.34%	56.2th	7.3	This vulnerability allows remote attackers to bypass authentication in MiniCMS's trash file restore
3522	CVE-2024-40765	0.34%	56.2th	9.8	An integer-based buffer overflow vulnerability in SonicOS IPSec implementation allows remote attacke
3523	CVE-2025-0237	0.34%	56.1th	5.4	This vulnerability in Mozilla's WebChannel API allows privilege escalation by accepting arbitrary pr
3524	CVE-2024-12742	0.34%	56.2th	7.8	This vulnerability allows arbitrary code execution through deserialization of untrusted data in NI G
3525	CVE-2025-30722	0.34%	56.1th	5.3	A vulnerability in Oracle MySQL's mysqldump client allows low-privileged attackers with network acce
3526	CVE-2025-13262	0.34%	56.2th	7.3	A path traversal vulnerability in lsfusion platform allows remote attackers to manipulate file paths
3527	CVE-2025-30817	0.34%	56th	5.4	This CVE describes a missing authorization vulnerability in the wpzita Z Companion WordPress plugin
3528	CVE-2025-32218	0.34%	56th	5.4	This CVE describes a missing authorization vulnerability in the TableOn WordPress plugin that allows
3529	CVE-2025-4897	0.34%	56th	8.8	This critical vulnerability in Tenda A15 routers allows remote attackers to execute arbitrary code v
3530	CVE-2025-4054	0.34%	56th	6.1	The Relevanssi WordPress plugin has a stored XSS vulnerability in its highlights functionality that
3531	CVE-2025-6734	0.34%	56.1th	8.8	A critical buffer overflow vulnerability in UTT HiPER 840G routers allows remote attackers to execut
3532	CVE-2025-6732	0.34%	56.1th	8.8	A critical buffer overflow vulnerability in UTT HiPER 840G routers allows remote attackers to execut
3533	CVE-2025-27212	0.34%	56.1th	9.8	This CVE describes an improper input validation vulnerability in UniFi Access devices that allows co
3534	CVE-2025-54374	0.34%	56.1th	8.8	CVE-2025-54374 is a one-click remote code execution vulnerability in Eidos Personal Data Management
3535	CVE-2025-14420	0.34%	56.1th	7.8	This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable v
3536	CVE-2025-14413	0.34%	56.1th	7.8	This vulnerability allows remote attackers to execute arbitrary code on Soda PDF Desktop by tricking
3537	CVE-2025-47270	0.34%	56.1th	7.5	This vulnerability allows attackers to cause Denial of Service (DoS) by sending specially crafted Di
3538	CVE-2025-24057	0.34%	56th	7.8	A heap-based buffer overflow vulnerability in Microsoft Office allows attackers to execute arbitrary
3539	CVE-2025-21180	0.34%	56th	7.8	A heap-based buffer overflow vulnerability in the Windows exFAT file system driver allows local atta
3540	CVE-2025-39527	0.34%	55.9th	8.8	This vulnerability allows attackers to inject malicious objects through deserialization of untrusted
3541	CVE-2025-32662	0.34%	55.9th	8.8	A deserialization vulnerability in the Stylemix uListing WordPress plugin allows attackers to inject
3542	CVE-2025-24908	0.34%	56th	6.8	This path traversal vulnerability in Hitachi Vantara Pentaho Data Integration & Analytics allows att
3543	CVE-2025-32144	0.34%	55.9th	8.8	A PHP object injection vulnerability in the Job Board Manager WordPress plugin allows attackers to e
3544	CVE-2025-32370	0.34%	55.9th	7.2	Kentico Xperience CMS versions before 13.0.178 allow unauthenticated attackers to bypass file extens
3545	CVE-2025-1805	0.34%	55.9th	5.3	CVE-2025-1805 is a cryptographic vulnerability in Crypt::Salt for Perl version 0.01 where the insecu
3546	CVE-2025-30892	0.34%	55.9th	8.8	This vulnerability allows attackers to inject malicious objects through deserialization of untrusted
3547	CVE-2025-29069	0.34%	55.9th	7.3	A heap buffer overflow vulnerability exists in lcms2-2.16's UnrollChunkyBytes function in cmspack.c,
3548	CVE-2025-7640	0.34%	56th	8.1	This CSRF vulnerability in the hiWeb Export Posts WordPress plugin allows unauthenticated attackers
3549	CVE-2025-8913	0.34%	55.9th	9.8	CVE-2025-8913 is a critical Local File Inclusion vulnerability in WellChoose's Organization Portal S
3550	CVE-2025-8805	0.34%	56th	5.3	A denial-of-service vulnerability exists in Open5GS SMF component where the smf_gsm_state_wait_pfcp_

← Previous Page 71 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free