Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
351	CVE-2026-20931	2.22%	84.1th	8.0		This vulnerability in Windows Telephony Service allows an authorized attacker on the same network to
352	CVE-2025-53144	2.22%	84.1th	8.8		A type confusion vulnerability in Windows Message Queuing allows authenticated attackers to execute
353	CVE-2025-50286	2.21%	84.1th	8.1		This vulnerability allows authenticated admin users in Grav CMS to upload malicious plugins through
354	CVE-2024-12600	2.21%	84.1th	7.2		This vulnerability allows authenticated attackers with Shop Manager or higher privileges to perform
355	CVE-2024-57228	2.19%	84.1th	8.0		This CVE describes a command injection vulnerability in Linksys E7350 routers where an attacker can
356	CVE-2024-57211	2.19%	84.1th	8.0		This CVE describes a command injection vulnerability in TOTOLINK A6000R routers that allows attacker
357	CVE-2023-28760	2.18%	84th	7.5		This vulnerability allows unauthenticated attackers on the local network to execute arbitrary code a
358	CVE-2024-13770	2.18%	84th	8.1		This CVE describes a PHP object injection vulnerability in the Puzzles WordPress theme that allows u
359	CVE-2024-13777	2.18%	84th	8.1		This vulnerability allows unauthenticated attackers to inject PHP objects via deserialization of unt
360	CVE-2025-21391	2.18%	84th	7.1	KEV	This Windows Storage Elevation of Privilege vulnerability allows authenticated attackers to gain SYS
361	CVE-2025-26356	2.17%	84th	7.2		This path traversal vulnerability in Q-Free MaxTime allows authenticated remote attackers to overwri
362	CVE-2025-26354	2.17%	84th	7.2		This path traversal vulnerability in Q-Free MaxTime allows authenticated remote attackers to overwri
363	CVE-2025-1702	2.17%	84th	7.5		This vulnerability allows unauthenticated attackers to perform time-based SQL injection attacks thro
364	CVE-2022-50791	2.17%	84th	7.8		This vulnerability allows unauthenticated attackers to execute arbitrary commands on SOUND4 IMPACT/F
365	CVE-2025-24364	2.16%	83.9th	7.2		Authenticated attackers with admin panel access to vaultwarden can execute arbitrary system commands
366	CVE-2025-2784	2.15%	83.9th	7.0		CVE-2025-2784 is a heap buffer over-read vulnerability in libsoup's skip_insight_whitespace() functi
367	CVE-2026-1192	2.14%	83.9th	7.3		This CVE describes a command injection vulnerability in Tosei Online Store Management System 1.01. A
368	CVE-2026-1802	2.14%	83.9th	7.3		This CVE describes a command injection vulnerability in the Ziroom ZHOME A0101 router firmware versi
369	CVE-2025-0328	2.14%	83.8th	7.3		This critical vulnerability allows remote attackers to execute arbitrary commands on KaiYuanTong ECT
370	CVE-2025-1546	2.14%	83.8th	7.3		This critical vulnerability allows remote attackers to execute arbitrary operating system commands o
371	CVE-2025-3259	2.11%	83.8th	8.8		A critical stack-based buffer overflow vulnerability in Tenda RX3 routers allows remote attackers to
372	CVE-2025-24076	2.1%	83.7th	7.3		This vulnerability in Windows Cross Device Service allows an authenticated attacker to escalate priv
373	CVE-2025-11488	2.1%	83.7th	7.3		This CVE describes a command injection vulnerability in D-Link DIR-852 routers that allows remote at
374	CVE-2025-0376	2.08%	83.7th	8.7		A cross-site scripting (XSS) vulnerability in GitLab CE/EE allows attackers to inject malicious scri
375	CVE-2026-21533	2.07%	83.6th	7.8	KEV	This vulnerability allows an authorized attacker with valid Remote Desktop credentials to elevate pr
376	CVE-2020-37041	2.05%	83.5th	7.5		CVE-2020-37041 is a directory traversal vulnerability in OpenCTI 3.3.1 that allows unauthenticated a
377	CVE-2025-26647	2.04%	83.5th	8.8		This vulnerability allows an authorized attacker to exploit improper input validation in Windows Ker
378	CVE-2025-5961	2.04%	83.5th	7.2		The WPvivid Backup & Migration WordPress plugin allows authenticated administrators to upload arbitr
379	CVE-2024-13487	2.02%	83.4th	7.3		The CURCY WooCommerce plugin allows unauthenticated attackers to execute arbitrary WordPress shortco
380	CVE-2025-29017	2.02%	83.4th	8.8		A remote code execution vulnerability in Code Astro Internet Banking System 2.0.0 allows attackers t
381	CVE-2025-57642	2.02%	83.4th	7.2		This vulnerability allows attackers to upload malicious PHP shell scripts to Tourism Management Syst
382	CVE-2025-61141	2.01%	83.4th	7.5		CVE-2025-61141 allows remote command injection in sqls-server/sqls version 0.2.28 through the config
383	CVE-2025-53772	1.99%	83.3th	8.8		This vulnerability allows an authorized attacker to execute arbitrary code on systems running vulner
384	CVE-2025-21395	1.99%	83.3th	7.8		This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable v
385	CVE-2025-21366	1.99%	83.3th	7.8		This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable v
386	CVE-2025-21345	1.99%	83.3th	7.8		This vulnerability in Microsoft Office Visio allows attackers to execute arbitrary code by tricking
387	CVE-2025-21186	1.99%	83.3th	7.8		This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable v
388	CVE-2025-60335	1.98%	83.3th	7.5		A NULL pointer dereference vulnerability in TOTOLINK N600R routers allows attackers to crash the dev
389	CVE-2024-13797	1.97%	83.2th	7.3		This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes in the
390	CVE-2024-13345	1.97%	83.2th	7.3		The Avada Builder WordPress plugin allows unauthenticated attackers to execute arbitrary shortcodes
391	CVE-2024-13055	1.95%	83.1th	7.1		The Dyn Business Panel WordPress plugin through version 1.0.0 contains a reflected cross-site script
392	CVE-2025-21363	1.95%	83.1th	7.8		This vulnerability allows remote code execution when a user opens a specially crafted Microsoft Word
393	CVE-2025-21220	1.94%	83.1th	7.5		Microsoft Message Queuing (MSMQ) contains an information disclosure vulnerability that allows authen
394	CVE-2025-7160	1.93%	83th	7.3		This critical SQL injection vulnerability in PHPGurukul Zoo Management System 2.1 allows attackers t
395	CVE-2025-29971	1.91%	82.9th	7.5		An out-of-bounds read vulnerability in Microsoft Web Threat Defense (WTD.sys) allows unauthorized at
396	CVE-2025-2169	1.89%	82.9th	7.3		The WPCS WordPress Currency Switcher Professional plugin up to version 1.2.0.4 allows unauthenticate
397	CVE-2024-13495	1.88%	82.8th	7.3		This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes throug
398	CVE-2025-27956	1.87%	82.7th	7.5		A directory traversal vulnerability in WebLaudos 24.2 (04) allows remote attackers to access sensiti
399	CVE-2024-44313	1.86%	82.7th	8.1		CVE-2024-44313 is an incorrect access control vulnerability in TastyIgniter 3.7.6 that allows unauth
400	CVE-2026-0507	1.84%	82.6th	8.4		This CVE describes an OS command injection vulnerability in SAP Application Server for ABAP and SAP

← Previous Page 8 of 265 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free