Most Exploitable CVEs - EPSS Rankings
CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.
164
EPSS > 50%
156
CISA KEV Listed
35,468
CVEs with EPSS
0.7%
Avg EPSS Score
| Rank | CVE ID | EPSS Score | Percentile | CVSS | Flags | Summary |
|---|---|---|---|---|---|---|
| 4401 | CVE-2024-9229 |
|
49.8th | 7.5 | This vulnerability allows unauthenticated attackers to cause a Denial of Service (DoS) by sending sp | |
| 4402 | CVE-2025-3103 |
|
49.8th | 7.5 | The CLEVER HTML5 Radio Player WordPress plugin contains an arbitrary file read vulnerability that al | |
| 4403 | CVE-2025-29969 |
|
49.7th | 7.5 | A Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in Windows Fundamentals allows aut | |
| 4404 | CVE-2025-55345 |
|
49.8th | 8.8 | This vulnerability in Codex CLI allows attackers to overwrite arbitrary files and potentially achiev | |
| 4405 | CVE-2025-63835 |
|
49.8th | 8.8 | A stack-based buffer overflow vulnerability in Tenda AC18 routers allows remote attackers to crash t | |
| 4406 | CVE-2025-13158 |
|
49.8th | N/A | This CVE describes a prototype pollution vulnerability in apidoc-core that allows remote attackers t | |
| 4407 | CVE-2025-14094 |
|
49.7th | 4.7 | This CVE describes an OS command injection vulnerability in Edimax BR-6478AC V3 routers. Attackers c | |
| 4408 | CVE-2025-57795 |
|
49.7th | 9.9 | Explorance Blue versions before 8.14.13 contain an authenticated remote file download vulnerability | |
| 4409 | CVE-2025-22311 |
|
49.7th | 7.5 | This vulnerability allows attackers to include arbitrary local files via PHP's include/require state | |
| 4410 | CVE-2025-22777 |
|
49.6th | 9.8 | CVE-2025-22777 is a critical PHP object injection vulnerability in the GiveWP WordPress plugin that | |
| 4411 | CVE-2023-51298 |
|
49.7th | 4.7 | PHPJabbers Event Booking Calendar v4.0 has a CSV injection vulnerability that allows attackers to in | |
| 4412 | CVE-2025-21322 |
|
49.7th | 7.8 | Microsoft PC Manager contains an elevation of privilege vulnerability (CWE-59) that allows authentic | |
| 4413 | CVE-2025-27494 |
|
49.7th | 9.1 | This vulnerability allows authenticated remote administrators on SiPass integrated access control sy | |
| 4414 | CVE-2025-27677 |
|
49.6th | 9.8 | This vulnerability in Vasion Print (formerly PrinterLogic) allows unprivileged users to create symbo | |
| 4415 | CVE-2025-27674 |
|
49.6th | 9.8 | CVE-2025-27674 is a critical vulnerability in Vasion Print (formerly PrinterLogic) that involves a h | |
| 4416 | CVE-2025-27655 |
|
49.6th | 9.8 | This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Vasion Print (formerly Prin | |
| 4417 | CVE-2025-27651 |
|
49.6th | 9.8 | This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Vasion Print (formerly Prin | |
| 4418 | CVE-2025-27649 |
|
49.6th | 9.8 | This vulnerability allows attackers to bypass access controls in Vasion Print (formerly PrinterLogic | |
| 4419 | CVE-2025-27645 |
|
49.6th | 9.8 | This vulnerability in Vasion Print (formerly PrinterLogic) allows attackers to install malicious ext | |
| 4420 | CVE-2025-27642 |
|
49.7th | 9.8 | This vulnerability allows unauthenticated attackers to edit driver packages in Vasion Print (formerl | |
| 4421 | CVE-2025-27638 |
|
49.6th | 9.8 | CVE-2025-27638 is a hardcoded password vulnerability in Vasion Print (formerly PrinterLogic) that al | |
| 4422 | CVE-2024-8700 |
|
49.6th | 7.5 | CVE-2024-8700 is an authorization bypass vulnerability in the Event Calendar WordPress plugin that a | |
| 4423 | CVE-2025-4356 |
|
49.7th | 8.8 | A critical stack-based buffer overflow vulnerability in Tenda DAP-1520 routers allows remote attacke | |
| 4424 | CVE-2025-4179 |
|
49.7th | 7.3 | The Flynax Bridge WordPress plugin has a privilege escalation vulnerability that allows unauthentica | |
| 4425 | CVE-2024-53945 |
|
49.7th | 8.8 | This vulnerability allows authenticated attackers to execute arbitrary operating system commands wit | |
| 4426 | CVE-2025-66571 |
|
49.7th | N/A | This vulnerability allows remote, unauthenticated attackers to inject arbitrary PHP objects into UNA | |
| 4427 | CVE-2025-20033 |
|
49.6th | 4.3 | This vulnerability in Mattermost allows attackers to create denial-of-service conditions by exploiti | |
| 4428 | CVE-2023-51334 |
|
49.4th | 5.3 | This vulnerability allows attackers to send excessive password reset emails to legitimate users by e | |
| 4429 | CVE-2017-6537 |
|
49.6th | 6.1 | This is a stored Cross-Site Scripting (XSS) vulnerability in webpagetest 3.0 that allows attackers t | |
| 4430 | CVE-2017-6396 |
|
49.6th | 6.1 | CVE-2017-6396 is a cross-site scripting (XSS) vulnerability in WebPageTest 3.0 that allows attackers | |
| 4431 | CVE-2025-29448 |
|
49.6th | 7.5 | An unauthenticated booking logic flaw in Easy!Appointments v1.5.1 allows attackers to create appoint | |
| 4432 | CVE-2025-5912 |
|
49.6th | 8.8 | A critical stack-based buffer overflow vulnerability in D-Link DIR-632 router firmware allows remote | |
| 4433 | CVE-2025-9001 |
|
49.6th | 5.3 | A stack-based buffer overflow vulnerability exists in LemonOS's HTTP client component. Attackers can | |
| 4434 | CVE-2025-10412 |
|
49.6th | 9.8 | This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress servers r | |
| 4435 | CVE-2025-66034 |
|
49.6th | 6.3 | This vulnerability in fontTools allows arbitrary file write leading to remote code execution when pr | |
| 4436 | CVE-2025-41693 |
|
49.6th | 4.3 | A low-privileged remote attacker can exploit SSH functionality to execute commands after authenticat | |
| 4437 | CVE-2026-21265 |
|
49.6th | 6.4 | This CVE describes a Windows Secure Boot certificate expiration issue where Microsoft's UEFI certifi | |
| 4438 | CVE-2025-63658 |
|
49.6th | 7.5 | A stack overflow vulnerability in Monkey web server's mk_http_index_lookup function allows attackers | |
| 4439 | CVE-2025-22619 |
|
49.4th | 6.1 | A reflected cross-site scripting (XSS) vulnerability in WeGIA's editar_permissoes.php endpoint allow | |
| 4440 | CVE-2025-22617 |
|
49.4th | 6.1 | This CVE describes a reflected cross-site scripting (XSS) vulnerability in WeGIA's editar_socio.php | |
| 4441 | CVE-2025-22615 |
|
49.4th | 6.1 | This CVE describes a Reflected Cross-Site Scripting (XSS) vulnerability in WeGIA's Cadastro_Atendido | |
| 4442 | CVE-2024-10829 |
|
49.4th | 7.5 | This vulnerability allows unauthenticated attackers to send specially crafted multipart/form-data re | |
| 4443 | CVE-2025-25684 |
|
49.4th | 7.5 | This path traversal vulnerability in GL-INet Beryl AX GL-MT3000 routers allows attackers to download | |
| 4444 | CVE-2020-9295 |
|
49.4th | 4.7 | This vulnerability affects Fortinet's antivirus engine in FortiOS and FortiClient, causing delayed d | |
| 4445 | CVE-2024-54448 |
|
49.4th | 7.2 | This vulnerability allows authenticated attackers with administrator privileges or explicit Automati | |
| 4446 | CVE-2025-27669 |
|
49.4th | 7.5 | This vulnerability in Vasion Print (formerly PrinterLogic) allows remote attackers to perform networ | |
| 4447 | CVE-2025-3993 |
|
49.4th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK N150RT routers allows remote attackers to execu | |
| 4448 | CVE-2025-3991 |
|
49.4th | 8.8 | This critical buffer overflow vulnerability in TOTOLINK N150RT routers allows remote attackers to ex | |
| 4449 | CVE-2025-3989 |
|
49.4th | 8.8 | A critical buffer overflow vulnerability in TOTOLINK N150RT routers allows remote attackers to execu | |
| 4450 | CVE-2025-21577 |
|
49.4th | 6.5 | This vulnerability in MySQL Server's InnoDB component allows authenticated attackers with low privil |
What is EPSS?
The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.
Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.
Prioritize by Exploit Risk
Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.
Start Monitoring Free