Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 351 | CVE-2024-13485 |
|
94.4th | 7.5 | This SQL injection vulnerability in the LTL Freight Quotes WordPress plugin allows unauthenticated a | |
| 352 | CVE-2024-13481 |
|
94.4th | 7.5 | This SQL injection vulnerability in the LTL Freight Quotes WordPress plugin allows unauthenticated a | |
| 353 | CVE-2025-49844 |
|
94.4th | 9.9 | This CVE describes a critical vulnerability in Redis where authenticated users can execute specially | |
| 354 | CVE-2025-60683 |
|
94.4th | 6.5 | This CVE describes a command injection vulnerability in ToToLink A720R router firmware that allows a | |
| 355 | CVE-2025-22828 |
|
94.4th | 4.3 | Apache CloudStack versions from 4.16.0 have an access validation flaw that allows authenticated user | |
| 356 | CVE-2025-24587 |
|
94.3th | 7.6 | This SQL injection vulnerability in the Email Subscription Popup WordPress plugin allows attackers t | |
| 357 | CVE-2025-29384 |
|
94.3th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Tenda AC9 routers by exploit | |
| 358 | CVE-2024-13181 |
|
94.3th | 7.3 | CVE-2024-13181 is a path traversal vulnerability in Ivanti Avalanche that allows remote unauthentica | |
| 359 | CVE-2026-21877 |
|
94.3th | 9.9 | This vulnerability allows authenticated attackers to execute arbitrary code on n8n workflow automati | |
| 360 | CVE-2025-34031 |
|
94.3th | 7.5 | A path traversal vulnerability in Moodle LMS Jmol plugin versions 6.1 and earlier allows unauthentic | |
| 361 | CVE-2025-3928 |
|
94.3th | 8.8 | KEV | CVE-2025-3928 is a vulnerability in Commvault Web Server that allows authenticated remote attackers |
| 362 | CVE-2025-8868 |
|
94.2th | 9.8 | An authenticated attacker can exploit SQL injection in Chef Automate's compliance service to gain un | |
| 363 | CVE-2025-59502 |
|
94.2th | 7.5 | This vulnerability in Windows Remote Procedure Call allows unauthorized attackers to cause denial of | |
| 364 | CVE-2025-34291 |
|
94.2th | 8.8 | This vulnerability in Langflow allows attackers to hijack user sessions through a CORS misconfigurat | |
| 365 | CVE-2024-57225 |
|
94.2th | 9.8 | This CVE describes a command injection vulnerability in Linksys E7350 routers where an attacker can | |
| 366 | CVE-2024-57223 |
|
94.2th | 9.8 | This CVE describes a command injection vulnerability in Linksys E7350 routers that allows attackers | |
| 367 | CVE-2025-22964 |
|
94.1th | 8.1 | This vulnerability allows unauthenticated attackers to perform time-based blind SQL injection attack | |
| 368 | CVE-2025-25291 |
|
94.1th | 9.8 | CVE-2025-25291 is an authentication bypass vulnerability in ruby-saml that allows attackers to bypas | |
| 369 | CVE-2024-12365 |
|
94.1th | 8.5 | The W3 Total Cache WordPress plugin up to version 2.8.1 lacks proper capability checks, allowing aut | |
| 370 | CVE-2024-57514 |
|
94.1th | 4.8 | This XSS vulnerability in TP-Link Archer A20 v3 routers allows attackers to inject malicious JavaScr | |
| 371 | CVE-2024-47908 |
|
94.1th | 9.1 | This vulnerability allows authenticated administrators in Ivanti Cloud Services Application (CSA) to | |
| 372 | CVE-2026-21509 |
|
94th | 7.8 | KEV | This vulnerability in Microsoft Office allows an attacker to bypass local security features by manip |
| 373 | CVE-2025-27203 |
|
94th | 9.6 | Adobe Connect versions 24.0 and earlier contain a deserialization vulnerability that allows attacker | |
| 374 | CVE-2025-34513 |
|
93.9th | 9.8 | Ilevia EVE X1 Server firmware contains an unauthenticated OS command injection vulnerability in mbus | |
| 375 | CVE-2024-12085 |
|
93.9th | 7.5 | This vulnerability in rsync allows attackers to leak uninitialized stack memory one byte at a time b | |
| 376 | CVE-2024-40890 |
|
93.9th | 8.8 | KEV | This is a post-authentication command injection vulnerability in Zyxel VMG4325-B10A DSL CPE devices |
| 377 | CVE-2024-55030 |
|
93.9th | 9.8 | A command injection vulnerability in NASA Fprime v3.4.3's Command Dispatcher Service allows attacker | |
| 378 | CVE-2025-26399 |
|
93.9th | 9.8 | CVE-2025-26399 is an unauthenticated remote code execution vulnerability in SolarWinds Web Help Desk | |
| 379 | CVE-2025-22941 |
|
93.9th | 9.8 | A command injection vulnerability in Adtran 411 ONT web interface allows attackers to execute arbitr | |
| 380 | CVE-2025-21307 |
|
93.7th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by | |
| 381 | CVE-2025-3935 |
|
93.7th | 8.1 | KEV | CVE-2025-3935 is a ViewState code injection vulnerability affecting ScreenConnect versions 25.2.3 an |
| 382 | CVE-2025-6805 |
|
93.7th | 9.1 | This vulnerability allows unauthenticated remote attackers to delete arbitrary files on Marvell QCon | |
| 383 | CVE-2025-6798 |
|
93.7th | 9.1 | This vulnerability allows unauthenticated remote attackers to delete arbitrary files on Marvell QCon | |
| 384 | CVE-2024-13375 |
|
93.6th | 9.8 | The Adifier System WordPress plugin has a critical privilege escalation vulnerability that allows un | |
| 385 | CVE-2025-22954 |
|
93.6th | 10.0 | This SQL injection vulnerability in Koha library management software allows attackers to execute arb | |
| 386 | CVE-2025-0665 |
|
93.6th | 9.8 | libcurl incorrectly closes the same eventfd file descriptor twice during threaded name resolution cl | |
| 387 | CVE-2022-50596 |
|
93.6th | 9.8 | CVE-2022-50596 is a critical command injection vulnerability in D-Link DIR-1260 routers that allows | |
| 388 | CVE-2025-50154 |
|
93.6th | 6.5 | This vulnerability in Windows File Explorer allows unauthorized attackers to perform network spoofin | |
| 389 | CVE-2025-28137 |
|
93.6th | 9.8 | This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on TOTOLINK | |
| 390 | CVE-2025-24383 |
|
93.6th | 9.1 | Dell Unity storage systems running version 5.4 or earlier contain an OS command injection vulnerabil | |
| 391 | CVE-2026-23744 |
|
93.5th | 9.8 | MCPJam inspector versions 1.4.2 and earlier contain a critical remote code execution vulnerability. | |
| 392 | CVE-2025-49825 |
|
93.5th | 9.8 | CVE-2025-49825 is a critical authentication bypass vulnerability in Teleport Community Edition that | |
| 393 | CVE-2025-26493 |
|
93.4th | 4.6 | Multiple DOM-based cross-site scripting (XSS) vulnerabilities exist in JetBrains TeamCity's Code Ins | |
| 394 | CVE-2024-48419 |
|
93.4th | 8.8 | This CVE describes multiple command injection vulnerabilities in Edimax AC1200 routers that allow au | |
| 395 | CVE-2025-24054 |
|
93.3th | 6.5 | KEV | This vulnerability in Windows NTLM allows an attacker to manipulate file paths or names externally, |
| 396 | CVE-2025-58434 |
|
93.3th | 9.8 | This vulnerability in Flowise allows unauthenticated attackers to generate password reset tokens for | |
| 397 | CVE-2024-57784 |
|
93.3th | 5.5 | This vulnerability allows attackers to perform directory traversal attacks through the /php/script_u | |
| 398 | CVE-2025-49716 |
|
93.3th | 7.5 | This vulnerability in Windows Netlogon allows unauthorized attackers to cause denial of service by c | |
| 399 | CVE-2025-7795 |
|
93.2th | 8.8 | A critical stack-based buffer overflow vulnerability in Tenda FH451 routers allows remote attackers | |
| 400 | CVE-2025-31131 |
|
93.2th | 8.6 | YesWiki versions before 4.5.2 contain a path traversal vulnerability in the squelette parameter that |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free