Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
351	CVE-2025-47226	0.62%	69.6th	5.0	CVE-2025-47226 is an authorization bypass vulnerability in Snipe-IT that allows unauthorized access
352	CVE-2025-2568	0.62%	69.5th	5.3	The Vayu Blocks WordPress plugin has missing capability checks in two callback functions, allowing u
353	CVE-2025-31693	0.61%	69.4th	6.6	This OS command injection vulnerability in Drupal AI allows attackers to execute arbitrary operating
354	CVE-2025-10961	0.61%	69.2th	5.5	This vulnerability allows remote attackers to execute arbitrary commands on Wavlink NU516U1 routers
355	CVE-2024-13422	0.61%	69.2th	6.1	This vulnerability allows unauthenticated attackers to inject malicious scripts via the 'url' parame
356	CVE-2024-13319	0.61%	69.2th	6.1	The Themify Builder WordPress plugin contains a reflected cross-site scripting (XSS) vulnerability t
357	CVE-2024-13516	0.61%	69.2th	6.1	The Kubio AI Page Builder WordPress plugin has a reflected cross-site scripting vulnerability that a
358	CVE-2024-13334	0.61%	69.2th	6.1	The Car Demon WordPress plugin has a reflected cross-site scripting (XSS) vulnerability that allows
359	CVE-2024-12407	0.61%	69.2th	6.1	This vulnerability allows unauthenticated attackers to inject malicious scripts via the 'pushnotific
360	CVE-2024-12261	0.61%	69.2th	6.1	This vulnerability allows unauthenticated attackers to execute reflected cross-site scripting attack
361	CVE-2024-12324	0.61%	69.2th	6.1	The Unilevel MLM Plan WordPress plugin has a reflected cross-site scripting vulnerability that allow
362	CVE-2024-12290	0.61%	69.2th	6.1	The Infility Global WordPress plugin has a reflected cross-site scripting vulnerability in all versi
363	CVE-2024-12214	0.61%	69.2th	6.1	This vulnerability allows unauthenticated attackers to inject malicious scripts via the 'videolink'
364	CVE-2024-12153	0.61%	69.2th	6.1	The GDY Modular Content WordPress plugin contains a reflected cross-site scripting (XSS) vulnerabili
365	CVE-2024-12126	0.61%	69.2th	6.1	The SEO Keywords WordPress plugin contains a reflected cross-site scripting (XSS) vulnerability that
366	CVE-2024-11810	0.61%	69.2th	6.1	The PayGreen Payment Gateway WordPress plugin has a reflected cross-site scripting vulnerability in
367	CVE-2024-11378	0.61%	69.2th	6.1	The Bizapp for WooCommerce WordPress plugin contains a reflected cross-site scripting vulnerability
368	CVE-2024-11375	0.61%	69.2th	6.1	The WC1C WordPress plugin is vulnerable to reflected cross-site scripting (XSS) in all versions up t
369	CVE-2024-12098	0.61%	69.2th	6.1	This vulnerability allows attackers to inject malicious scripts via the 'utm_keyword' parameter in t
370	CVE-2025-2553	0.61%	69.2th	4.3	This vulnerability in D-Link DIR-618 and DIR-605L routers allows improper access control to the /gof
371	CVE-2024-14002	0.61%	69.2th	5.5	Nagios XI versions before 2024R1.1.4 contain an authenticated local file inclusion vulnerability in
372	CVE-2024-56374	0.61%	69.1th	5.8	This vulnerability in Django allows attackers to cause denial-of-service by sending specially crafte
373	CVE-2025-26803	0.61%	69.1th	5.3	A vulnerability in Phusion Passenger's HTTP parser allows denial of service attacks when processing
374	CVE-2025-30698	0.61%	69.1th	5.6	This vulnerability in Oracle Java SE and GraalVM's 2D component allows an unauthenticated attacker w
375	CVE-2025-5569	0.6%	69.1th	6.3	This critical SQL injection vulnerability in IdeaCMS allows remote attackers to manipulate database
376	CVE-2025-29226	0.6%	68.9th	6.3	This CVE describes a command injection vulnerability in Linksys E5600 routers where an attacker can
377	CVE-2023-53773	0.6%	68.8th	5.3	MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows re
378	CVE-2025-31124	0.6%	68.8th	5.3	ZITADEL's 'Ignoring unknown usernames' setting fails to properly hide user existence due to username
379	CVE-2024-41454	0.59%	68.7th	6.5	This vulnerability allows attackers to upload malicious PHP or HTML files through the login page log
380	CVE-2025-56520	0.59%	68.7th	5.3	Dify v1.6.0 contains a Server-Side Request Forgery (SSRF) vulnerability in the RemoteFileUploadApi c
381	CVE-2025-4032	0.59%	68.7th	5.0	This CVE describes a critical OS command injection vulnerability in inclusionAI AWorld's shell_tool.
382	CVE-2025-2479	0.59%	68.7th	6.1	The Easy Custom Admin Bar WordPress plugin contains a reflected cross-site scripting (XSS) vulnerabi
383	CVE-2025-21627	0.59%	68.6th	6.5	GLPI versions before 10.0.18 contain a reflected cross-site scripting (XSS) vulnerability on the sea
384	CVE-2025-3675	0.58%	68.4th	5.3	This critical vulnerability in TOTOLINK A3700R routers allows attackers to bypass access controls on
385	CVE-2025-54958	0.58%	68.4th	6.3	This CVE describes an OS command injection vulnerability in Powered BLUE 870 software versions 0.201
386	CVE-2025-25968	0.58%	68.3th	6.0	This vulnerability allows editor-privileged users in DDSN Interactive cm3 Acora CMS version 10.1.1 t
387	CVE-2025-2151	0.58%	68.3th	6.3	A critical stack-based buffer overflow vulnerability in Assimp's GetNextLine function allows remote
388	CVE-2025-26477	0.58%	68.3th	4.3	Dell ECS versions 3.8.1.4 and earlier contain an improper input validation vulnerability that allows
389	CVE-2024-24456	0.57%	68.2th	5.9	A buffer overflow vulnerability in Athonet MME allows remote attackers to crash the system by sendin
390	CVE-2025-24986	0.57%	68.1th	6.5	This vulnerability in Azure PromptFlow allows unauthorized attackers to execute arbitrary code remot
391	CVE-2025-21573	0.57%	68th	6.0	This vulnerability in Oracle Financial Services Revenue Management and Billing's Chatbot component a
392	CVE-2024-45626	0.57%	68th	6.5	Apache James server versions below 3.7.6 and 3.8.2 have a vulnerability in their JMAP HTML-to-text c
393	CVE-2025-34330	0.57%	68th	5.3	This vulnerability allows unauthenticated remote attackers to upload files to AudioCodes Fax Server
394	CVE-2025-27220	0.57%	67.9th	4.0	A Regular Expression Denial of Service (ReDoS) vulnerability exists in the CGI gem for Ruby versions
395	CVE-2025-55901	0.56%	67.9th	6.5	This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK A3300R routers
396	CVE-2025-55893	0.56%	67.9th	6.5	This vulnerability allows remote attackers to execute arbitrary commands on TOTOLINK N200RE routers
397	CVE-2025-9654	0.56%	67.7th	6.3	CVE-2025-9654 is a command injection vulnerability in AiondaDotCom mcp-ssh up to version 1.0.3 that
398	CVE-2025-8667	0.56%	67.7th	6.3	This critical vulnerability in SkyworkAI DeepResearchAgent allows remote attackers to execute arbitr
399	CVE-2025-8665	0.56%	67.7th	6.3	This critical vulnerability allows remote attackers to execute arbitrary operating system commands t
400	CVE-2025-13798	0.56%	67.7th	6.3	This vulnerability allows remote attackers to execute arbitrary commands on ADSLR NBR1005GPEV2 route

← Previous Page 8 of 331 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free