Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
3701	CVE-2024-57654	0.32%	54.6th	7.5	A vulnerability in the qst_vec_get_int64 component of OpenLink Virtuoso Open-Source allows attackers
3702	CVE-2025-32652	0.32%	54.6th	9.9	This vulnerability allows attackers to upload malicious files to WordPress sites using the Solace Ex
3703	CVE-2025-27282	0.32%	54.6th	9.9	This vulnerability allows attackers to upload malicious files to WordPress sites using the Theme Fil
3704	CVE-2025-53693	0.32%	54.6th	9.8	This vulnerability allows attackers to poison the cache in Sitecore Experience Manager/Platform by e
3705	CVE-2025-15076	0.32%	54.6th	7.3	This vulnerability allows remote attackers to bypass authentication and perform path traversal attac
3706	CVE-2025-13646	0.32%	54.6th	7.5	The Modula Image Gallery WordPress plugin versions 2.13.1 to 2.13.2 contain a vulnerability that all
3707	CVE-2025-0626	0.32%	54.5th	7.5	This vulnerability in patient monitor firmware creates a backdoor by forcing the device to connect t
3708	CVE-2025-21547	0.32%	54.5th	9.1	This vulnerability in Oracle Hospitality OPERA 5 allows unauthenticated attackers with network acces
3709	CVE-2025-2833	0.32%	54.6th	5.3	This vulnerability in OneBlog up to version 2.3.9 allows remote attackers to cause denial of service
3710	CVE-2025-61197	0.32%	54.5th	8.9	This vulnerability in Orban Optimod audio processors allows remote attackers to escalate privileges
3711	CVE-2025-67073	0.32%	54.5th	9.8	A buffer overflow vulnerability in Tenda AC10V4.0 routers allows remote attackers to cause denial of
3712	CVE-2025-24093	0.32%	54.4th	9.8	This CVE describes a macOS permissions vulnerability where applications can access removable storage
3713	CVE-2024-12010	0.32%	54.4th	7.2	This vulnerability allows authenticated attackers with administrator privileges to execute arbitrary
3714	CVE-2024-12009	0.32%	54.4th	7.2	This vulnerability allows authenticated attackers with administrator privileges to execute arbitrary
3715	CVE-2024-11253	0.32%	54.4th	7.2	This CVE describes a post-authentication command injection vulnerability in Zyxel VMG8825-T50K devic
3716	CVE-2025-26182	0.32%	54.4th	6.5	This vulnerability allows remote attackers to execute arbitrary code on systems running xxyopen nove
3717	CVE-2025-3783	0.32%	54.4th	6.3	This critical vulnerability in SourceCodester Web-based Pharmacy Product Management System 1.0 allow
3718	CVE-2025-30710	0.32%	54.4th	4.9	This vulnerability in Oracle MySQL Cluster allows high-privileged attackers with network access to c
3719	CVE-2025-30696	0.32%	54.4th	4.9	This vulnerability in Oracle MySQL Server's Prepared Statements component allows high-privileged att
3720	CVE-2025-30684	0.32%	54.4th	4.9	This vulnerability in MySQL Server's replication component allows high-privileged attackers with net
3721	CVE-2025-21585	0.32%	54.4th	4.9	This vulnerability in MySQL Server's optimizer component allows high-privileged attackers with netwo
3722	CVE-2025-21583	0.32%	54.4th	4.9	This vulnerability in Oracle MySQL Server allows high-privileged attackers with network access to ca
3723	CVE-2025-21581	0.32%	54.4th	4.9	This vulnerability in MySQL Server's optimizer component allows high-privileged attackers with netwo
3724	CVE-2025-21579	0.32%	54.4th	4.9	This vulnerability in MySQL Server allows high-privileged attackers with network access to cause a d
3725	CVE-2025-3535	0.32%	54.4th	4.3	This vulnerability in shuanx BurpAPIFinder allows remote attackers to cause denial of service by man
3726	CVE-2024-13604	0.32%	54.4th	7.5	This vulnerability allows unauthenticated attackers to access sensitive files stored in the /wp-cont
3727	CVE-2025-45146	0.32%	54.4th	9.8	CVE-2025-45146 is a critical deserialization vulnerability in ModelCache for LLM that allows remote
3728	CVE-2025-55669	0.32%	54.4th	7.5	A vulnerability in F5 BIG-IP Advanced WAF and ASM allows undisclosed HTTP/2 traffic to cause the Tra
3729	CVE-2025-24177	0.32%	54.3th	7.5	A null pointer dereference vulnerability in Apple operating systems allows remote attackers to cause
3730	CVE-2025-22141	0.32%	54.3th	8.8	A SQL injection vulnerability in WeGIA's /dao/verificar_recursos_cargo.php endpoint allows attackers
3731	CVE-2025-22140	0.32%	54.3th	8.8	A SQL injection vulnerability in WeGIA's dependente_listar_um.php endpoint allows attackers to execu
3732	CVE-2025-57811	0.32%	54.3th	7.2	This CVE describes a remote code execution vulnerability in Craft CMS via Twig Server-Side Template
3733	CVE-2025-8853	0.32%	54.3th	9.8	Official Document Management System by 2100 Technology has an authentication bypass vulnerability th
3734	CVE-2025-60676	0.32%	54.3th	6.5	This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on D-Link D
3735	CVE-2025-60673	0.32%	54.3th	6.5	This CVE describes an unauthenticated command injection vulnerability in D-Link DIR-878A1 router fir
3736	CVE-2025-40992	0.32%	54.3th	N/A	A stored cross-site scripting (XSS) vulnerability exists in Creativeitem Sociopro software due to in
3737	CVE-2025-15280	0.32%	54.4th	8.8	This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening
3738	CVE-2025-15271	0.32%	54.4th	8.8	This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening
3739	CVE-2025-15270	0.32%	54.4th	8.8	This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening
3740	CVE-2025-15269	0.32%	54.4th	8.8	A use-after-free vulnerability in FontForge's SFD file parser allows remote attackers to execute arb
3741	CVE-2023-53907	0.32%	54.3th	6.5	CVE-2023-53907 is an authenticated file download vulnerability in Bludit's Backup Plugin that allows
3742	CVE-2025-69983	0.32%	54.3th	9.8	CVE-2025-69983 is a critical remote code execution vulnerability in FUXA v1.2.7 that allows attacker
3743	CVE-2024-57726	0.32%	54.3th	9.9	SimpleHelp remote support software versions 5.5.7 and earlier contain an authorization vulnerability
3744	CVE-2024-56283	0.32%	54.2th	8.1	This vulnerability allows attackers to inject malicious objects through deserialization of untrusted
3745	CVE-2023-51309	0.32%	54.3th	4.3	This vulnerability in PHPJabbers Car Park Booking System allows attackers to send excessive emails t
3746	CVE-2024-53851	0.32%	54.2th	4.3	This vulnerability in Discourse allows authenticated users to send excessive URL requests to the inl
3747	CVE-2025-29770	0.32%	54.3th	6.5	This vulnerability in vLLM's outlines library cache allows denial of service attacks. A malicious us
3748	CVE-2025-14908	0.32%	54.2th	6.3	CVE-2025-14908 is an authentication bypass vulnerability in JeecgBoot's multi-tenant management modu
3749	CVE-2024-58306	0.32%	54.2th	N/A	CVE-2024-58306 is a denial of service vulnerability in minaliC 2.0.0 that allows remote attackers to
3750	CVE-2025-68670	0.32%	54.2th	9.1	CVE-2025-68670 is an unauthenticated stack-based buffer overflow vulnerability in xrdp (open source

← Previous Page 75 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free