Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
3801	CVE-2025-52913	0.31%	54th	9.8	An unauthenticated path traversal vulnerability in Mitel MiCollab's NuPoint Unified Messaging compon
3802	CVE-2025-36386	0.31%	54th	9.8	CVE-2025-36386 is an authentication bypass vulnerability in IBM Maximo Application Suite that allows
3803	CVE-2025-46581	0.31%	53.9th	9.8	ZTE's ZXCDN product has a critical Apache Struts vulnerability allowing unauthenticated remote code
3804	CVE-2025-59372	0.31%	54th	N/A	A path traversal vulnerability in certain ASUS router models allows authenticated remote attackers t
3805	CVE-2025-59367	0.31%	54th	9.8	This authentication bypass vulnerability in certain ASUS DSL series routers allows remote attackers
3806	CVE-2024-57439	0.31%	53.9th	4.9	This vulnerability in RuoYi v4.8.0 allows administrators to cause a Denial of Service (DoS) by dupli
3807	CVE-2025-0476	0.31%	53.9th	4.3	Mattermost Mobile Apps versions up to 2.22.0 contain a vulnerability where specially crafted attachm
3808	CVE-2025-1744	0.31%	53.9th	9.8	CVE-2025-1744 is an out-of-bounds write vulnerability in radare2 that allows heap-based buffer over-
3809	CVE-2024-12011	0.31%	53.8th	7.6	CVE-2024-12011 is a buffer over-read vulnerability in the 130.8005 TCP/IP Gateway firmware that allo
3810	CVE-2024-13232	0.31%	53.8th	8.8	This vulnerability in the WordPress Awesome Import & Export Plugin allows authenticated attackers wi
3811	CVE-2024-58036	0.31%	53.8th	5.5	Net::Dropbox::API 1.9 and earlier for Perl uses non-cryptographically secure random number generatio
3812	CVE-2025-5865	0.31%	53.8th	8.0	CVE-2025-5865 is a critical memory corruption vulnerability in RT-Thread 5.1.0's sys_select function
3813	CVE-2026-2151	0.31%	53.8th	7.2	This CVE describes an OS command injection vulnerability in D-Link DIR-615 routers affecting the DMZ
3814	CVE-2026-1505	0.31%	53.8th	7.2	This CVE describes a remote OS command injection vulnerability in D-Link DIR-615 routers via the /se
3815	CVE-2025-27104	0.31%	53.7th	7.5	This vulnerability in Vyper smart contract language allows multiple evaluation of iterator expressio
3816	CVE-2024-50569	0.31%	53.7th	6.6	This OS command injection vulnerability in Fortinet FortiWeb allows attackers to execute arbitrary c
3817	CVE-2025-31116	0.31%	53.8th	4.4	This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Mobile Security Framework (
3818	CVE-2025-2997	0.31%	53.7th	6.3	This critical vulnerability in Youkefu 4.2.0 allows remote attackers to perform server-side request
3819	CVE-2025-31577	0.31%	53.7th	6.6	This vulnerability allows attackers to upload arbitrary files, including web shells, to Appointify W
3820	CVE-2024-57061	0.31%	53.8th	9.8	This vulnerability allows a physically proximate attacker to execute arbitrary code on Termius insta
3821	CVE-2025-39538	0.31%	53.7th	6.6	This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress se
3822	CVE-2025-3587	0.31%	53.7th	6.3	This critical vulnerability in ZeroWdd/code-projects studentmanager 1.0 allows unauthorized access t
3823	CVE-2025-3324	0.31%	53.7th	6.3	CVE-2025-3324 is a critical unrestricted file upload vulnerability in Nimrod 0.8's FileRestControlle
3824	CVE-2025-5955	0.31%	53.7th	8.1	The Service Finder SMS System WordPress plugin has an authentication bypass vulnerability that allow
3825	CVE-2025-10226	0.31%	53.8th	9.8	This vulnerability in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier allows remote attackers to expl
3826	CVE-2025-60772	0.31%	53.7th	9.8	CVE-2025-60772 is an authentication bypass vulnerability in NETLINK HG322G GPON ONT devices that all
3827	CVE-2025-34468	0.31%	53.7th	9.8	A stack-based buffer overflow vulnerability in libcoap allows remote attackers to crash applications
3828	CVE-2024-32761	0.31%	53.7th	6.5	This CVE describes a data leak vulnerability in F5 BIG-IP Traffic Management Microkernels (TMMs) run
3829	CVE-2025-22222	0.31%	53.6th	7.7	VMware Aria Operations contains an information disclosure vulnerability where authenticated non-admi
3830	CVE-2024-50563	0.31%	53.6th	7.3	This vulnerability allows attackers to perform brute-force attacks against Fortinet management platf
3831	CVE-2025-22383	0.31%	53.6th	4.6	A cross-site scripting (XSS) vulnerability exists in Optimizely Configured Commerce's Contact Us fun
3832	CVE-2024-11733	0.31%	53.6th	7.3	The WordPress Popular Posts plugin up to version 7.1.0 allows unauthenticated attackers to execute a
3833	CVE-2025-21254	0.31%	53.7th	6.5	This vulnerability in Internet Connection Sharing (ICS) allows attackers to cause a denial of servic
3834	CVE-2025-21212	0.31%	53.7th	6.5	This vulnerability in Internet Connection Sharing (ICS) allows attackers to cause a denial of servic
3835	CVE-2024-6875	0.31%	53.6th	6.5	This vulnerability in Infinispan's REST compare API allows attackers to cause a buffer leak and out-
3836	CVE-2025-29974	0.31%	53.7th	5.7	An integer underflow vulnerability in the Windows Kernel allows attackers on adjacent networks to re
3837	CVE-2025-60938	0.31%	53.6th	7.5	CVE-2025-60938 is a remote code execution vulnerability in Emoncms 11.7.3 that allows authenticated
3838	CVE-2025-11423	0.31%	53.6th	9.8	This vulnerability in Tenda CH22 routers allows remote attackers to execute arbitrary code or cause
3839	CVE-2025-65669	0.31%	53.7th	9.1	CVE-2025-65669 is an authorization bypass vulnerability in classroomio 0.1.13 that allows student ac
3840	CVE-2024-58314	0.31%	53.6th	8.8	This CVE describes an authenticated command injection vulnerability in Atcom 100M IP Phones firmware
3841	CVE-2024-53862	0.31%	53.6th	7.5	This vulnerability in Argo Workflows allows attackers to retrieve archived workflows without proper
3842	CVE-2025-21360	0.31%	53.6th	7.8	This vulnerability in Microsoft AutoUpdate allows local attackers to escalate privileges on affected
3843	CVE-2025-21287	0.31%	53.6th	7.8	This Windows Installer vulnerability allows authenticated attackers to elevate privileges on affecte
3844	CVE-2025-21275	0.31%	53.6th	7.8	This vulnerability in Windows App Package Installer allows attackers to elevate privileges on affect
3845	CVE-2025-25740	0.31%	53.6th	5.5	This CVE describes a stack-based buffer overflow vulnerability in D-Link DIR-853 A1 routers via the
3846	CVE-2025-28361	0.31%	53.6th	7.5	A buffer overflow vulnerability in Telesquare TLR-2005KSH routers allows remote attackers to read se
3847	CVE-2025-27507	0.31%	53.6th	9.0	Zitadel's Admin API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow auth
3848	CVE-2025-32593	0.31%	53.6th	8.2	This CVE describes a Missing Authorization vulnerability in the Add Product Frontend for WooCommerce
3849	CVE-2024-50596	0.31%	53.6th	4.3	An integer underflow vulnerability in the HTTP server PUT request functionality of STMicroelectronic
3850	CVE-2024-50594	0.31%	53.6th	4.3	An integer underflow vulnerability in STMicroelectronics X-CUBE-AZRTOS-WL HTTP server PUT request ha

← Previous Page 77 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free