Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 4301 | CVE-2025-63462 |
|
50.4th | 7.5 | This CVE describes a stack overflow vulnerability in Totolink A7000R routers via the wifiOff paramet | |
| 4302 | CVE-2025-63460 |
|
50.4th | 7.5 | This vulnerability is a stack overflow in Totolink A7000R routers that allows attackers to cause a D | |
| 4303 | CVE-2025-63468 |
|
50.4th | 7.5 | This CVE describes a stack overflow vulnerability in Totolink LR350 routers via the http_host parame | |
| 4304 | CVE-2025-63466 |
|
50.4th | 7.5 | This vulnerability is a stack overflow in the Totolink LR350 router's password parameter handling th | |
| 4305 | CVE-2025-14728 |
|
50.4th | 6.8 | CVE-2025-14728 is a directory traversal vulnerability in Rapid7 Velociraptor on Linux servers that a | |
| 4306 | CVE-2025-14097 |
|
50.4th | 7.2 | A vulnerability in Radiometer medical device software allows remote code execution and unauthorized | |
| 4307 | CVE-2025-26964 |
|
50.3th | 7.5 | This vulnerability allows attackers to include local files on the server through improper filename c | |
| 4308 | CVE-2024-6483 |
|
50.3th | 5.3 | This vulnerability allows attackers to delete arbitrary files or directories on systems running aimh | |
| 4309 | CVE-2024-13498 |
|
50.4th | 5.3 | The NEX-Forms WordPress plugin up to version 8.8.1 allows unauthenticated attackers to access upload | |
| 4310 | CVE-2025-31945 |
|
50.3th | 5.3 | An unauthenticated attacker can access other users' charger information through an authorization byp | |
| 4311 | CVE-2025-27927 |
|
50.3th | 5.3 | This vulnerability allows unauthenticated attackers to enumerate smart devices by querying an unprot | |
| 4312 | CVE-2025-27575 |
|
50.3th | 5.3 | An unauthenticated attacker can retrieve EV charger version information and firmware upgrade history | |
| 4313 | CVE-2025-31941 |
|
50.3th | 5.3 | This vulnerability allows unauthenticated attackers to enumerate smart devices by knowing a valid us | |
| 4314 | CVE-2025-31357 |
|
50.3th | 5.3 | This vulnerability allows unauthenticated attackers to retrieve a user's plant list by simply knowin | |
| 4315 | CVE-2025-30254 |
|
50.3th | 5.3 | An unauthenticated attacker can retrieve smart meter serial numbers using only the owner's username, | |
| 4316 | CVE-2025-27938 |
|
50.3th | 5.3 | Unauthenticated attackers can access information about smart device collections (rooms) that should | |
| 4317 | CVE-2025-24487 |
|
50.3th | 5.3 | This vulnerability allows unauthenticated attackers to determine which usernames exist in a system b | |
| 4318 | CVE-2025-61687 |
|
50.4th | 8.3 | FlowiseAI version 3.0.7 contains a file upload vulnerability that allows authenticated users to uplo | |
| 4319 | CVE-2024-39754 |
|
50.3th | 10.0 | A critical static login vulnerability in Wavlink AC3000 routers allows unauthenticated remote attack | |
| 4320 | CVE-2024-56323 |
|
50.2th | 9.8 | OpenFGA versions 1.3.8 to 1.8.2 contain an authorization bypass vulnerability when using conditions | |
| 4321 | CVE-2024-27980 |
|
50.2th | 8.1 | This vulnerability in Node.js allows command injection through malicious batch file arguments in chi | |
| 4322 | CVE-2025-25187 |
|
50.3th | 7.8 | This vulnerability in Joplin allows attackers to execute arbitrary code on a user's system by inject | |
| 4323 | CVE-2025-31675 |
|
50.3th | 5.4 | This CVE describes a cross-site scripting (XSS) vulnerability in Drupal core that allows attackers t | |
| 4324 | CVE-2025-30367 |
|
50.2th | 9.8 | A SQL injection vulnerability in WeGIA web management software allows attackers to manipulate databa | |
| 4325 | CVE-2025-27795 |
|
50.3th | 4.3 | This vulnerability in GraphicsMagick's JXL image processing lacks proper dimension limits when readi | |
| 4326 | CVE-2025-27008 |
|
50.2th | 7.5 | This CVE describes a broken access control vulnerability in the Unlimited Timeline WordPress plugin | |
| 4327 | CVE-2025-26953 |
|
50.2th | 7.5 | This CVE describes a Missing Authorization vulnerability in the JetMenu WordPress plugin that allows | |
| 4328 | CVE-2025-26958 |
|
50.2th | 7.5 | This CVE describes a missing authorization vulnerability in the JetBlog WordPress plugin that allows | |
| 4329 | CVE-2025-26942 |
|
50.2th | 7.5 | This CVE describes a missing authorization vulnerability in the JetTricks WordPress plugin that allo | |
| 4330 | CVE-2025-36038 |
|
50.2th | 9.0 | CVE-2025-36038 is a critical deserialization vulnerability in IBM WebSphere Application Server that | |
| 4331 | CVE-2025-34212 |
|
50.2th | 9.8 | This CVE describes a supply chain vulnerability in Vasion Print (formerly PrinterLogic) build pipeli | |
| 4332 | CVE-2025-43342 |
|
50.3th | 9.8 | This vulnerability in Apple's Safari browser and related operating systems allows processing malicio | |
| 4333 | CVE-2025-12867 |
|
50.2th | 7.2 | CVE-2025-12867 is an arbitrary file upload vulnerability in EIP Plus software developed by Hundred P | |
| 4334 | CVE-2025-66454 |
|
50.3th | 6.5 | Arcade MCP versions before 1.5.4 use a hardcoded default worker secret ('dev') that is never validat | |
| 4335 | CVE-2025-24402 |
|
50.2th | 4.3 | A CSRF vulnerability in Jenkins Azure Service Fabric Plugin allows attackers to trick authenticated | |
| 4336 | CVE-2023-37931 |
|
50.1th | 8.8 | This SQL injection vulnerability in FortiVoice Enterprise allows authenticated attackers to execute | |
| 4337 | CVE-2024-12704 |
|
50.2th | 7.5 | A vulnerability in the LangChainLLM class of llama_index v0.12.5 allows denial of service attacks th | |
| 4338 | CVE-2025-24995 |
|
50.2th | 7.8 | CVE-2025-24995 is a heap-based buffer overflow vulnerability in the Kernel Streaming WOW Thunk Servi | |
| 4339 | CVE-2025-24067 |
|
50.2th | 7.8 | A heap-based buffer overflow vulnerability in Microsoft Streaming Service allows authenticated attac | |
| 4340 | CVE-2025-24066 |
|
50.2th | 7.8 | A heap-based buffer overflow vulnerability in Windows Kernel-Mode Drivers allows authenticated attac | |
| 4341 | CVE-2025-24044 |
|
50.2th | 7.8 | This is a use-after-free vulnerability in the Windows Win32 Kernel Subsystem that allows an authenti | |
| 4342 | CVE-2025-26643 |
|
50.1th | 5.4 | This vulnerability in Microsoft Edge allows an unauthorized attacker to perform spoofing attacks ove | |
| 4343 | CVE-2025-26167 |
|
50.2th | 7.5 | CVE-2025-26167 is an arbitrary file read vulnerability in Buffalo LS520D NAS devices running firmwar | |
| 4344 | CVE-2025-44658 |
|
50.2th | 9.8 | This vulnerability allows attackers to upload malicious scripts with non-.php extensions that the Ne | |
| 4345 | CVE-2025-14737 |
|
50.2th | 8.0 | This CVE describes a command injection vulnerability in TP-Link WA850RE range extenders' httpd modul | |
| 4346 | CVE-2025-0306 |
|
50.1th | 7.4 | CVE-2025-0306 is a cryptographic vulnerability in Ruby's implementation that enables the Marvin Atta | |
| 4347 | CVE-2024-45558 |
|
50.1th | 7.5 | This vulnerability in Qualcomm Wi-Fi drivers allows attackers to cause a denial-of-service (DoS) con | |
| 4348 | CVE-2024-52883 |
|
50.1th | 7.5 | A path traversal vulnerability in AudioCodes One Voice Operations Center (OVOC) allows unauthenticat | |
| 4349 | CVE-2025-10953 |
|
50.1th | 8.8 | This is a remote buffer overflow vulnerability in UTT 1200GW and 1250GW routers affecting the formAp | |
| 4350 | CVE-2023-36877 |
|
50.1th | 4.5 | CVE-2023-36877 is a cross-site scripting (XSS) vulnerability in Azure Apache Oozie that allows attac |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free