Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 4151 | CVE-2025-21249 |
|
51.5th | 6.6 | This Windows Digital Media vulnerability allows attackers to gain elevated privileges on affected sy | |
| 4152 | CVE-2025-21232 |
|
51.5th | 6.6 | This Windows vulnerability allows attackers to gain elevated privileges on affected systems by explo | |
| 4153 | CVE-2025-21229 |
|
51.5th | 6.6 | This Windows Digital Media vulnerability allows attackers to gain elevated privileges on affected sy | |
| 4154 | CVE-2025-21227 |
|
51.5th | 6.6 | This Windows Digital Media Elevation of Privilege vulnerability (CWE-125: Out-of-bounds Read) allows | |
| 4155 | CVE-2025-1072 |
|
51.4th | 6.5 | A denial-of-service vulnerability in GitLab CE/EE allows attackers to crash the service by importing | |
| 4156 | CVE-2025-3060 |
|
51.6th | 6.6 | This vulnerability in Drupal's Flattern theme allows attackers to execute arbitrary code on affected | |
| 4157 | CVE-2025-1768 |
|
51.5th | 6.5 | The Squirrly SEO WordPress plugin contains a blind SQL injection vulnerability in the 'search' param | |
| 4158 | CVE-2025-3070 |
|
51.5th | 6.5 | This vulnerability in Google Chrome extensions allows attackers to escalate privileges by tricking u | |
| 4159 | CVE-2025-9253 |
|
51.4th | 8.8 | A stack-based buffer overflow vulnerability in Linksys range extenders allows remote attackers to ex | |
| 4160 | CVE-2025-59501 |
|
51.6th | 4.8 | This vulnerability allows an authenticated attacker on an adjacent network to spoof their identity i | |
| 4161 | CVE-2025-10488 |
|
51.6th | 8.1 | This vulnerability in the Directorist WordPress plugin allows unauthenticated attackers to move arbi | |
| 4162 | CVE-2025-61592 |
|
51.6th | 8.8 | This vulnerability allows remote code execution when users run Cursor CLI inside a malicious reposit | |
| 4163 | CVE-2025-30201 |
|
51.6th | 7.7 | This vulnerability in Wazuh Agent allows authenticated attackers to force NTLM authentication throug | |
| 4164 | CVE-2021-47747 |
|
51.5th | 8.8 | This vulnerability allows authenticated attackers to execute arbitrary system commands with administ | |
| 4165 | CVE-2024-48854 |
|
51.4th | 5.3 | An off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1, and 7.0 could allow an una | |
| 4166 | CVE-2025-22596 |
|
51.3th | 6.5 | A reflected cross-site scripting (XSS) vulnerability in WeGIA's modulos_visiveis.php endpoint allows | |
| 4167 | CVE-2025-3019 |
|
51.3th | 7.2 | KNIME Business Hub contains cross-site scripting vulnerabilities that allow attackers to execute arb | |
| 4168 | CVE-2025-32079 |
|
51.4th | 6.5 | An improper input validation vulnerability in Wikimedia's GrowthExperiments MediaWiki extension allo | |
| 4169 | CVE-2025-30159 |
|
51.4th | 9.1 | This is a path traversal vulnerability in Kirby CMS that allows attackers to read and execute arbitr | |
| 4170 | CVE-2025-31206 |
|
51.3th | 4.3 | A type confusion vulnerability in Apple's Safari browser and related operating systems could cause u | |
| 4171 | CVE-2025-27818 |
|
51.4th | 8.8 | This CVE describes a Java deserialization vulnerability in Apache Kafka Connect that allows authenti | |
| 4172 | CVE-2025-5910 |
|
51.4th | 8.8 | This critical vulnerability in TOTOLINK EX1200T routers allows remote attackers to execute arbitrary | |
| 4173 | CVE-2025-5908 |
|
51.4th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK EX1200T routers allows remote attackers to exec | |
| 4174 | CVE-2025-11079 |
|
51.3th | 5.3 | Campcodes Farm Management System 1.0 contains an information disclosure vulnerability that allows re | |
| 4175 | CVE-2026-1412 |
|
51.4th | 7.3 | This CVE describes a command injection vulnerability in Sangfor Operation and Maintenance Security M | |
| 4176 | CVE-2021-47770 |
|
51.3th | 8.8 | OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with | |
| 4177 | CVE-2023-25835 |
|
51.4th | 8.4 | A stored XSS vulnerability in Esri Portal for ArcGIS Sites allows authenticated high-privilege attac | |
| 4178 | CVE-2025-22611 |
|
51.3th | 9.9 | This vulnerability in Coolify allows any authenticated user to escalate privileges to any role, incl | |
| 4179 | CVE-2025-21522 |
|
51.2th | 6.5 | A vulnerability in MySQL Server's parser component allows authenticated attackers with network acces | |
| 4180 | CVE-2025-21501 |
|
51.2th | 6.5 | This vulnerability in MySQL Server's optimizer component allows authenticated attackers with low pri | |
| 4181 | CVE-2023-51319 |
|
51.3th | 8.8 | CVE-2023-51319 is a CSV injection vulnerability in PHPJabbers Bus Reservation System v1.1 that allow | |
| 4182 | CVE-2024-54909 |
|
51.3th | 8.1 | This vulnerability in GoldPanKit eva-server v4.1.0 allows attackers to download arbitrary files from | |
| 4183 | CVE-2024-13871 |
|
51.2th | 8.8 | An unauthenticated command injection vulnerability in Bitdefender Box 1 allows network-adjacent atta | |
| 4184 | CVE-2025-28229 |
|
51.3th | 9.8 | This vulnerability allows attackers to bypass authentication mechanisms in Orban OPTIMOD 5950 system | |
| 4185 | CVE-2025-47784 |
|
51.3th | 9.8 | Emlog versions 2.5.13 and prior contain a deserialization vulnerability where a user can craft a mal | |
| 4186 | CVE-2025-15274 |
|
51.3th | 8.8 | A heap-based buffer overflow vulnerability in FontForge's SFD file parser allows remote attackers to | |
| 4187 | CVE-2025-15273 |
|
51.3th | 8.8 | A stack-based buffer overflow vulnerability in FontForge's PFB file parser allows remote attackers t | |
| 4188 | CVE-2025-15272 |
|
51.3th | 8.8 | This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable v | |
| 4189 | CVE-2021-47903 |
|
51.3th | 8.8 | CVE-2021-47903 is an authenticated command injection vulnerability in LiteSpeed Web Server Enterpris | |
| 4190 | CVE-2026-20406 |
|
51.2th | 6.5 | This vulnerability allows remote denial of service attacks against devices with affected MediaTek mo | |
| 4191 | CVE-2025-22916 |
|
51.2th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on RE11S v1.11 devices via a st | |
| 4192 | CVE-2025-22904 |
|
51.2th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on RE11S v1.11 devices by explo | |
| 4193 | CVE-2025-21327 |
|
51.1th | 6.6 | This Windows Digital Media vulnerability allows attackers to elevate privileges on affected systems | |
| 4194 | CVE-2025-21263 |
|
51.1th | 6.6 | This Windows Digital Media vulnerability allows attackers to gain elevated privileges on affected sy | |
| 4195 | CVE-2024-5594 |
|
51.1th | 9.1 | OpenVPN clients before version 2.6.11 are vulnerable to log injection attacks when connecting to mal | |
| 4196 | CVE-2025-22387 |
|
51.1th | 7.5 | This vulnerability in Optimizely Configured Commerce exposes session tokens in URL parameters, allow | |
| 4197 | CVE-2025-31174 |
|
51.1th | 6.8 | A path traversal vulnerability in the DFS module allows attackers to access files outside the intend | |
| 4198 | CVE-2025-3031 |
|
51.1th | 6.5 | This vulnerability allows an attacker to read 32 bits of sensitive data from the stack in JIT-compil | |
| 4199 | CVE-2025-45779 |
|
51.2th | 9.8 | This vulnerability allows remote attackers to execute arbitrary code on Tenda AC10 routers via a buf | |
| 4200 | CVE-2025-45797 |
|
51.1th | 9.8 | This CVE describes a critical buffer overflow vulnerability in TOTOlink A950RG routers. Attackers ca |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free