Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 3551 | CVE-2025-8801 |
|
56th | 5.3 | This vulnerability in Open5GS AMF component allows remote attackers to cause denial of service by ex | |
| 3552 | CVE-2025-54886 |
|
55.9th | 8.4 | CVE-2025-54886 is a deserialization vulnerability in the skops Python library that allows arbitrary | |
| 3553 | CVE-2024-45598 |
|
55.9th | 6.0 | This vulnerability in Cacti allows administrators to read arbitrary local files on the server by man | |
| 3554 | CVE-2025-2787 |
|
55.8th | 8.8 | This vulnerability in KNIME Business Hub's ingress-nginx component allows authenticated attackers to | |
| 3555 | CVE-2024-10264 |
|
55.8th | 9.8 | CVE-2024-10264 is an HTTP request smuggling vulnerability in netease-youdao/qanything version 1.4.1 | |
| 3556 | CVE-2025-3698 |
|
55.9th | 7.5 | An interface exposure vulnerability in the CarlCare mobile application allows unauthorized access to | |
| 3557 | CVE-2025-43843 |
|
55.8th | 9.8 | CVE-2025-43843 is a critical command injection vulnerability in Retrieval-based-Voice-Conversion-Web | |
| 3558 | CVE-2025-56513 |
|
55.9th | 9.8 | NiceHash QuickMiner 6.12.0 performs software updates over unencrypted HTTP without digital signature | |
| 3559 | CVE-2025-66203 |
|
55.9th | 9.9 | StreamVault versions before 251126 contain a remote code execution vulnerability that allows attacke | |
| 3560 | CVE-2025-21316 |
|
55.7th | 5.5 | This Windows kernel vulnerability allows attackers to read sensitive memory information from the ker | |
| 3561 | CVE-2025-25274 |
|
55.7th | 4.3 | This vulnerability allows authenticated users to execute slash commands in archived Mattermost chann | |
| 3562 | CVE-2025-26644 |
|
55.7th | 5.1 | This vulnerability in Windows Hello's automated recognition mechanism allows an unauthorized local a | |
| 3563 | CVE-2025-5149 |
|
55.7th | 5.6 | This CVE describes an improper authentication vulnerability in WCMS that allows attackers to bypass | |
| 3564 | CVE-2025-29631 |
|
55.7th | 9.8 | A critical remote code execution vulnerability in Gardyn 4 allows attackers to execute arbitrary cod | |
| 3565 | CVE-2025-7415 |
|
55.7th | 6.3 | This critical vulnerability in Tenda O3V2 routers allows remote attackers to execute arbitrary comma | |
| 3566 | CVE-2025-9813 |
|
55.7th | 8.8 | A buffer overflow vulnerability in Tenda CH22 router firmware allows remote attackers to execute arb | |
| 3567 | CVE-2025-12733 |
|
55.7th | 8.8 | The WP All Import WordPress plugin contains a critical remote code execution vulnerability that allo | |
| 3568 | CVE-2025-67895 |
|
55.7th | 9.8 | This vulnerability allows authenticated DAG authors in Apache Airflow 2 to perform remote code execu | |
| 3569 | CVE-2025-14092 |
|
55.7th | 4.7 | This CVE describes an OS command injection vulnerability in Edimax BR-6478AC V3 routers. Attackers c | |
| 3570 | CVE-2022-29164 |
|
55.7th | 7.1 | This vulnerability in Argo Workflows allows authenticated attackers to create malicious workflows th | |
| 3571 | CVE-2025-2186 |
|
55.6th | 7.5 | This SQL injection vulnerability in the FunnelKit WooCommerce plugin allows unauthenticated attacker | |
| 3572 | CVE-2025-24988 |
|
55.6th | 6.6 | This vulnerability allows an authorized attacker with physical access to a Windows system to exploit | |
| 3573 | CVE-2025-54057 |
|
55.6th | 6.1 | This CVE describes a cross-site scripting (XSS) vulnerability in Apache SkyWalking where malicious s | |
| 3574 | CVE-2025-13322 |
|
55.7th | 8.1 | The WP AUDIO GALLERY WordPress plugin allows authenticated attackers with subscriber-level access or | |
| 3575 | CVE-2025-12399 |
|
55.6th | 7.2 | The Alex Reservations WordPress plugin up to version 2.2.3 allows authenticated administrators to up | |
| 3576 | CVE-2025-25711 |
|
55.6th | 8.8 | This vulnerability allows remote attackers to escalate privileges in dtp.ae tNexus Airport View vers | |
| 3577 | CVE-2025-13307 |
|
55.6th | 7.2 | The Ocean Modal Window WordPress plugin before version 2.3.3 contains a remote code execution vulner | |
| 3578 | CVE-2025-59468 |
|
55.6th | 9.0 | This vulnerability allows a Backup Administrator with legitimate credentials to execute arbitrary co | |
| 3579 | CVE-2024-24421 |
|
55.5th | 9.8 | A type confusion vulnerability in Magma's NAS message decoding function allows attackers to execute | |
| 3580 | CVE-2024-56276 |
|
55.5th | 4.3 | This CVE describes a missing authorization vulnerability in WPForms Contact Form plugin that allows | |
| 3581 | CVE-2024-38292 |
|
55.5th | 9.8 | This vulnerability in Extreme Networks XIQ-SE allows attackers to bypass access controls via path tr | |
| 3582 | CVE-2025-31123 |
|
55.5th | 8.7 | Zitadel identity infrastructure software has a vulnerability where expired JWT keys can be used to o | |
| 3583 | CVE-2025-30153 |
|
55.5th | 7.5 | This vulnerability in kin-openapi allows attackers to upload specially crafted ZIP files (like ZIP b | |
| 3584 | CVE-2025-2345 |
|
55.5th | 9.8 | This critical vulnerability in IROAD dash cams allows remote attackers to bypass authorization contr | |
| 3585 | CVE-2025-37103 |
|
55.6th | 9.8 | CVE-2025-37103 is a critical authentication bypass vulnerability in HPE Networking Instant On Access | |
| 3586 | CVE-2025-24229 |
|
55.4th | 7.4 | A sandbox escape vulnerability in macOS allows sandboxed applications to bypass security restriction | |
| 3587 | CVE-2025-27580 |
|
55.5th | 7.5 | This vulnerability in NIH BRICS allows unauthenticated users with a Common Access Card to generate p | |
| 3588 | CVE-2025-6544 |
|
55.4th | 9.8 | A critical deserialization vulnerability in h2oai/h2o-3 allows attackers to bypass security checks u | |
| 3589 | CVE-2025-11849 |
|
55.5th | 9.3 | Mammoth document conversion library versions before 1.11.0 are vulnerable to directory traversal att | |
| 3590 | CVE-2021-47718 |
|
55.5th | 7.5 | OpenBMCS 2.4 contains an unauthenticated directory listing vulnerability that allows attackers to br | |
| 3591 | CVE-2025-24611 |
|
55.4th | 4.9 | This path traversal vulnerability in WP Ultimate Exporter allows attackers to read arbitrary files o | |
| 3592 | CVE-2024-55541 |
|
55.3th | 6.1 | A stored cross-site scripting (XSS) vulnerability in Acronis Cyber Protect 16 allows attackers to in | |
| 3593 | CVE-2025-1543 |
|
55.4th | 4.3 | This vulnerability in iteachyou Dreamer CMS 4.1.3 allows remote attackers to perform path traversal | |
| 3594 | CVE-2025-24409 |
|
55.4th | 8.2 | This CVE describes an incorrect authorization vulnerability in Adobe Commerce that allows attackers | |
| 3595 | CVE-2024-13829 |
|
55.3th | 5.3 | The Tripetto WordPress plugin has a vulnerability that allows unauthenticated attackers to access fi | |
| 3596 | CVE-2025-2523 |
|
55.4th | 9.4 | An integer underflow vulnerability in Honeywell Experion PKS and OneWireless WDM's Control Data Acce | |
| 3597 | CVE-2025-2521 |
|
55.4th | 8.6 | This CVE describes a memory buffer vulnerability in Honeywell Experion PKS and OneWireless WDM's Con | |
| 3598 | CVE-2025-54944 |
|
55.4th | 9.8 | This vulnerability allows remote attackers to upload malicious files to SUNNET Corporate Training Ma | |
| 3599 | CVE-2025-34220 |
|
55.3th | 5.3 | An unauthenticated API endpoint in Vasion Print (formerly PrinterLogic) allows remote attackers to e | |
| 3600 | CVE-2025-58763 |
|
55.3th | 8.0 | This command injection vulnerability in Tautulli allows attackers with administrative access to exec |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free