Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
351	CVE-2021-4455	2.09%	83.7th	9.8		The Smart Product Review WordPress plugin allows unauthenticated attackers to upload arbitrary files
352	CVE-2025-1093	2.09%	83.7th	9.8		The AIHub WordPress theme allows unauthenticated attackers to upload arbitrary files due to missing
353	CVE-2024-42936	2.07%	83.6th	9.8		This vulnerability allows remote attackers to execute arbitrary code on Ruijie RG-EW300N wireless ac
354	CVE-2025-50428	2.07%	83.6th	9.8		This CVE describes a command injection vulnerability in RaspAP raspap-webgui that allows attackers t
355	CVE-2024-39800	2.05%	83.5th	9.1		This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 ro
356	CVE-2024-39798	2.05%	83.5th	9.1		This vulnerability allows authenticated attackers to execute arbitrary commands on Wavlink AC3000 ro
357	CVE-2024-56518	2.05%	83.5th	9.8		CVE-2024-56518 allows remote attackers to execute arbitrary code on Hazelcast Management Center serv
358	CVE-2025-63353	2.05%	83.5th	9.8		This vulnerability allows attackers to predict the default Wi-Fi password on FiberHome GPON ONU HG61
359	CVE-2023-38036	2.03%	83.5th	9.8		This is a critical buffer overflow vulnerability in Ivanti Avalanche Manager that allows unauthentic
360	CVE-2025-50460	2.03%	83.5th	9.8		This CVE describes a remote code execution vulnerability in ms-swift version 3.3.0 due to unsafe YAM
361	CVE-2025-65856	1.99%	83.3th	9.8		CVE-2025-65856 is an authentication bypass vulnerability in Xiongmai XM530 IP cameras that allows un
362	CVE-2025-29662	1.98%	83.3th	9.8		CVE-2025-29662 is a critical remote code execution vulnerability in LandChat 3.25.12.18 that allows
363	CVE-2025-11779	1.97%	83.2th	9.8		A stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 allows remote a
364	CVE-2024-55215	1.97%	83.2th	9.8		An unauthenticated remote attacker can exploit the /auth/register initialization interface in Trojan
365	CVE-2025-46120	1.95%	83.1th	9.8		A path traversal vulnerability in Ruckus Unleashed and ZoneDirector web interfaces allows unauthenti
366	CVE-2024-53944	1.94%	83.1th	9.8		This CVE describes a critical command injection vulnerability in Tuoshi/Dionlink 4G Wi-Fi devices. U
367	CVE-2025-11202	1.94%	83.1th	9.8		This vulnerability allows remote attackers to execute arbitrary code on win-cli-mcp-server installat
368	CVE-2025-25789	1.92%	83th	9.8		FoxCMS v1.2.5 contains a critical remote code execution vulnerability in the index() method of the S
369	CVE-2025-26014	1.92%	83th	9.8		A critical Remote Code Execution vulnerability in Loggrove v1.0 allows attackers to execute arbitrar
370	CVE-2022-50796	1.91%	83th	9.8		This vulnerability allows unauthenticated attackers to execute arbitrary code on SOUND4 IMPACT/FIRST
371	CVE-2023-53922	1.89%	82.8th	9.8		CVE-2023-53922 is a critical remote code execution vulnerability in TinyWebGallery v2.5 that allows
372	CVE-2025-4564	1.88%	82.8th	9.8		The TicketBAI Facturas para WooCommerce WordPress plugin has an arbitrary file deletion vulnerabilit
373	CVE-2024-42733	1.88%	82.8th	9.8		CVE-2024-42733 is a critical remote code execution vulnerability in Docmosis Tornado document genera
374	CVE-2025-2244	1.86%	82.7th	9.8		This vulnerability allows remote attackers to execute arbitrary code on Bitdefender GravityZone Cons
375	CVE-2025-55747	1.85%	82.7th	9.1		XWiki Platform versions 6.1-milestone-2 through 16.10.6 expose configuration files via the webjars A
376	CVE-2022-32221	1.82%	82.5th	9.8		This vulnerability in libcurl allows an attacker to cause memory corruption or data leakage when reu
377	CVE-2025-24797	1.82%	82.5th	9.4		CVE-2025-24797 is a critical buffer overflow vulnerability in Meshtastic firmware that allows unauth
378	CVE-2024-48818	1.81%	82.5th	9.8		This critical vulnerability in IIT Bombay's Bodhitree cs101 platform allows remote attackers to exec
379	CVE-2025-2004	1.8%	82.5th	9.1		The Simple WP Events WordPress plugin allows unauthenticated attackers to delete arbitrary files on
380	CVE-2025-1497	1.8%	82.4th	9.8		CVE-2025-1497 is a critical remote code execution vulnerability in PlotAI where insufficient validat
381	CVE-2025-24237	1.79%	82.4th	9.8		A buffer overflow vulnerability in Apple operating systems allows malicious apps to cause system cra
382	CVE-2025-54261	1.78%	82.4th	10.0		This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted
383	CVE-2025-22926	1.78%	82.4th	9.8		This vulnerability allows attackers to perform directory traversal attacks by sending a specially cr
384	CVE-2025-44022	1.75%	82.2th	9.8		This vulnerability in Vvveb CMS v1.0.6 allows remote attackers to execute arbitrary code through the
385	CVE-2025-45487	1.74%	82.2th	9.8		This CVE describes a command injection vulnerability in the Linksys E5600 router's runtime.InternetC
386	CVE-2024-52577	1.74%	82.1th	9.0		This vulnerability allows remote code execution on Apache Ignite servers by bypassing class serializ
387	CVE-2025-46271	1.74%	82.1th	9.1		UNI-NMS-Lite contains a command injection vulnerability that allows unauthenticated attackers to exe
388	CVE-2023-53774	1.74%	82.1th	9.8		MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol, allowing atta
389	CVE-2025-31200	1.73%	82.1th	9.8	KEV	This is a critical memory corruption vulnerability in Apple's media processing that allows remote co
390	CVE-2025-45489	1.73%	82.1th	9.8		This CVE describes a command injection vulnerability in Linksys E5600 routers that allows attackers
391	CVE-2024-57235	1.73%	82.1th	9.8		This vulnerability allows remote attackers to execute arbitrary commands on NETGEAR RAX5 routers by
392	CVE-2024-57233	1.73%	82.1th	9.8		This vulnerability allows remote attackers to execute arbitrary commands on NETGEAR RAX5 routers by
393	CVE-2024-57231	1.73%	82.1th	9.8		This CVE describes a command injection vulnerability in NETGEAR RAX5 routers that allows attackers t
394	CVE-2024-57229	1.73%	82.1th	9.8		This vulnerability allows remote attackers to execute arbitrary commands on NETGEAR RAX5 routers by
395	CVE-2025-22927	1.72%	82th	9.1		This vulnerability allows attackers to perform directory traversal attacks by sending a specially cr
396	CVE-2025-29909	1.72%	82th	9.8		A heap buffer overflow vulnerability in CryptoLib's Crypto_TC_ApplySecurity() function allows attack
397	CVE-2025-28219	1.71%	82th	9.8		Netgear DC112A V1.0.0.64 contains an OS command injection vulnerability in the usb_adv.cgi endpoint
398	CVE-2025-7916	1.71%	82th	9.8		WinMatrix3 software from Simopro Technology has a critical insecure deserialization vulnerability th
399	CVE-2024-12857	1.71%	82th	9.8		The AdForest WordPress theme has an authentication bypass vulnerability that allows unauthenticated
400	CVE-2025-53835	1.7%	81.9th	9.0		This vulnerability in XWiki Rendering allows cross-site scripting (XSS) attacks through raw HTML blo

← Previous Page 8 of 70 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free