Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
4051	CVE-2025-7366	0.29%	52.3th	7.3	This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes in the
4052	CVE-2025-63800	0.29%	52.3th	7.5	This vulnerability allows authenticated users to set their account password to an empty string via t
4053	CVE-2025-13087	0.29%	52.3th	6.2	This vulnerability allows remote attackers with administrative access to execute arbitrary commands
4054	CVE-2025-11787	0.29%	52.3th	8.8	This CVE describes a command injection vulnerability in Circutor SGE-PLC1000/SGE-PLC50 devices that
4055	CVE-2024-24423	0.29%	52.2th	7.5	A buffer overflow vulnerability in Magma's decode_esm_message_container function allows attackers to
4056	CVE-2024-24419	0.29%	52.2th	7.5	A buffer overflow vulnerability in Magma's decode_traffic_flow_template_packet_filter function allow
4057	CVE-2024-24418	0.29%	52.2th	7.5	This vulnerability is a buffer overflow in the decode_pdn_address function of the Linux Foundation M
4058	CVE-2024-24417	0.29%	52.2th	7.5	A buffer overflow vulnerability in Magma's decode_protocol_configuration_options function allows att
4059	CVE-2024-24416	0.29%	52.2th	7.5	A buffer overflow vulnerability in Magma's decode_access_point_name_ie function allows attackers to
4060	CVE-2024-12104	0.29%	52.2th	5.3	The Atarim WordPress plugin has a vulnerability that allows unauthenticated attackers to delete proj
4061	CVE-2024-46210	0.29%	52.2th	7.2	An arbitrary file upload vulnerability in Redaxo CMS v5.17.1 allows attackers to upload malicious fi
4062	CVE-2025-26819	0.29%	52.3th	8.6	Monero versions before commit ec74ff4 lack HTTP server connection response limits, allowing attacker
4063	CVE-2025-1707	0.29%	52.2th	8.8	The Review Schema WordPress plugin has a Local File Inclusion vulnerability that allows authenticate
4064	CVE-2025-26630	0.29%	52.3th	7.8	A use-after-free vulnerability in Microsoft Office Access allows attackers to execute arbitrary code
4065	CVE-2025-24077	0.29%	52.3th	7.8	A use-after-free vulnerability in Microsoft Office Word allows attackers to execute arbitrary code o
4066	CVE-2025-24075	0.29%	52.3th	7.8	A stack-based buffer overflow vulnerability in Microsoft Office Excel allows attackers to execute ar
4067	CVE-2025-3563	0.29%	52.2th	4.7	This critical vulnerability in WuzhiCMS 4.1 allows remote attackers to execute arbitrary code throug
4068	CVE-2025-43860	0.29%	52.2th	7.6	OpenEMR versions before 7.0.3.4 have a stored XSS vulnerability where authenticated users with patie
4069	CVE-2025-56752	0.29%	52.3th	9.4	This critical authentication bypass vulnerability in Ruijie RG-ES series switches allows remote atta
4070	CVE-2023-7322	0.29%	52.2th	8.1	Nagios Log Server versions before 2024R1 have an incorrect authorization vulnerability where authent
4071	CVE-2025-28357	0.29%	52.2th	8.8	A CRLF injection vulnerability in Neto CMS allows attackers to inject malicious HTTP headers through
4072	CVE-2025-13810	0.29%	52.2th	5.3	A path traversal vulnerability in jsnjfz WebStack-Guns 1.0 allows remote attackers to read arbitrary
4073	CVE-2025-69766	0.29%	52.2th	9.8	This vulnerability allows remote attackers to execute arbitrary code on Tenda AX3 routers by exploit
4074	CVE-2025-69763	0.29%	52.2th	9.8	This vulnerability allows remote attackers to execute arbitrary code on Tenda AX3 routers by exploit
4075	CVE-2025-69762	0.29%	52.2th	9.8	This vulnerability allows remote attackers to execute arbitrary code on Tenda AX3 routers by exploit
4076	CVE-2024-57581	0.29%	52.1th	9.8	This vulnerability allows remote attackers to execute arbitrary code on Tenda AC18 routers by exploi
4077	CVE-2025-21194	0.29%	52.2th	7.1	This vulnerability allows attackers to bypass security features on Microsoft Surface devices, potent
4078	CVE-2024-10395	0.29%	52.2th	8.6	This vulnerability in Zephyr RTOS's HTTP server allows buffer overflow attacks due to improper input
4079	CVE-2025-3600	0.29%	52.1th	7.5	An unsafe reflection vulnerability in Progress Telerik UI for AJAX allows attackers to cause unhandl
4080	CVE-2025-6158	0.29%	52.1th	8.8	A critical stack-based buffer overflow vulnerability in D-Link DIR-665 routers allows remote attacke
4081	CVE-2025-11490	0.29%	52.2th	6.3	This CVE describes an OS command injection vulnerability in DesktopCommanderMCP up to version 0.2.13
4082	CVE-2025-62354	0.29%	52.1th	9.8	This CVE describes a command injection vulnerability in Cursor that allows unauthorized attackers to
4083	CVE-2025-10484	0.29%	52.2th	9.8	This vulnerability allows unauthenticated attackers to bypass authentication in the Registration & L
4084	CVE-2025-21598	0.29%	52th	7.5	An out-of-bounds read vulnerability in Juniper Junos OS and Junos OS Evolved routing protocol daemon
4085	CVE-2025-59213	0.29%	52.1th	8.8	This SQL injection vulnerability in Microsoft Configuration Manager allows unauthorized attackers on
4086	CVE-2025-32044	0.29%	52.1th	7.5	CVE-2025-32044 is an information disclosure vulnerability in Moodle where unauthenticated attackers
4087	CVE-2025-3146	0.29%	52.1th	7.3	This critical SQL injection vulnerability in PHPGurukul Bus Pass Management System 1.0 allows attack
4088	CVE-2025-32704	0.29%	52.1th	8.4	A buffer over-read vulnerability in Microsoft Office Excel allows attackers to read beyond allocated
4089	CVE-2025-30377	0.29%	52.1th	8.4	This vulnerability is a use-after-free memory corruption flaw in Microsoft Office that allows an att
4090	CVE-2025-24063	0.29%	52.1th	7.8	A heap-based buffer overflow vulnerability in the Windows Kernel allows authenticated attackers to e
4091	CVE-2025-41427	0.29%	52.1th	8.8	This vulnerability allows remote authenticated attackers to execute arbitrary operating system comma
4092	CVE-2025-55145	0.29%	52.1th	8.9	This vulnerability allows authenticated remote attackers to hijack existing HTML5 connections in Iva
4093	CVE-2025-14002	0.29%	52th	8.1	The WPCOM Member WordPress plugin has an authentication bypass vulnerability that allows attackers t
4094	CVE-2025-67089	0.29%	52.1th	8.1	A command injection vulnerability in GL-iNet GL-AXT1800 router firmware allows authenticated attacke
4095	CVE-2022-31749	0.29%	52th	6.5	CVE-2022-31749 is an argument injection vulnerability in WatchGuard Fireware OS that allows authenti
4096	CVE-2025-30772	0.29%	52th	8.8	This vulnerability allows attackers to update arbitrary WordPress options without proper authorizati
4097	CVE-2025-24084	0.29%	52th	8.4	CVE-2025-24084 is an untrusted pointer dereference vulnerability in Windows Subsystem for Linux that
4098	CVE-2025-2470	0.29%	52th	9.8	This vulnerability allows unauthenticated attackers to register WordPress accounts with arbitrary ro
4099	CVE-2025-46273	0.29%	52th	9.8	CVE-2025-46273 is a critical vulnerability in UNI-NMS-Lite network management software where hard-co
4100	CVE-2025-3068	0.29%	52th	8.8	This vulnerability allows attackers to escalate privileges in Google Chrome on Android through a cra

← Previous Page 82 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free