Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Summary
4851	CVE-2025-8821	0.24%	46.5th	6.3	This CVE describes a command injection vulnerability in Linksys range extender firmware that allows
4852	CVE-2025-55147	0.24%	46.5th	8.8	This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in multiple Ivanti security pro
4853	CVE-2022-50589	0.24%	46.5th	9.8	This is a critical SQL injection vulnerability in SuiteCRM's export functionality that allows unauth
4854	CVE-2025-23953	0.24%	46.2th	10.0	This vulnerability allows attackers to upload arbitrary files, including web shells, to web servers
4855	CVE-2025-21516	0.24%	46.2th	8.1	This vulnerability in Oracle Customer Care allows authenticated attackers with low privileges to per
4856	CVE-2025-21506	0.24%	46.2th	8.1	This vulnerability in Oracle Project Foundation allows authenticated attackers with low privileges t
4857	CVE-2024-57579	0.24%	46.2th	9.8	This CVE describes a stack overflow vulnerability in Tenda AC18 routers that allows remote code exec
4858	CVE-2024-40587	0.24%	46.2th	6.7	This CVE describes an OS command injection vulnerability in Fortinet FortiVoice phone systems. Authe
4859	CVE-2024-29970	0.24%	46.2th	9.8	Fortanix Enclave OS has an interface vulnerability that allows attackers to inject signals, leading
4860	CVE-2024-13285	0.24%	46.2th	9.8	This vulnerability in Drupal's wkhtmltopdf module allows remote code execution through improper inpu
4861	CVE-2025-22504	0.24%	46.2th	10.0	This vulnerability allows attackers to upload arbitrary files, including web shells, to servers runn
4862	CVE-2025-22364	0.24%	46.2th	7.5	This vulnerability allows attackers to include local files on the server through improper filename c
4863	CVE-2025-26979	0.24%	46.2th	7.5	This vulnerability allows attackers to include local files on the server through improper filename c
4864	CVE-2025-26615	0.24%	46.2th	10.0	A path traversal vulnerability in WeGIA's examples.php endpoint allows attackers to read the config.
4865	CVE-2025-0821	0.24%	46.2th	6.5	The Bit Assist WordPress plugin contains a time-based SQL injection vulnerability in all versions up
4866	CVE-2021-27017	0.24%	46.3th	6.6	CVE-2021-27017 is a deserialization vulnerability in Puppet Agent that allows attackers to execute a
4867	CVE-2025-25141	0.24%	46.2th	7.5	This vulnerability allows attackers to include local files on the server through improper filename c
4868	CVE-2024-36554	0.24%	46.2th	9.8	This vulnerability in Forever KidsWatch smartwatches allows attackers to remotely extract sensitive
4869	CVE-2025-0859	0.24%	46.2th	6.5	This vulnerability in the BoldGrid Post and Page Builder WordPress plugin allows authenticated attac
4870	CVE-2025-1022	0.24%	46.2th	8.2	This vulnerability in spatie/browsershot allows attackers to bypass file URI scheme validation by om
4871	CVE-2025-29928	0.24%	46.2th	8.0	authentik versions prior to 2024.12.4 and 2025.2.3 have a session management vulnerability when conf
4872	CVE-2025-32993	0.24%	46.2th	6.5	CVE-2025-32993 is a time-based blind SQL injection vulnerability in Vision Helpdesk's forgot passwor
4873	CVE-2025-29831	0.24%	46.2th	7.5	CVE-2025-29831 is a use-after-free vulnerability in Microsoft's Remote Desktop Gateway Service that
4874	CVE-2025-47957	0.24%	46.2th	8.4	This vulnerability is a use-after-free memory corruption flaw in Microsoft Office Word that allows a
4875	CVE-2025-6380	0.24%	46.2th	9.8	This vulnerability in the ONLYOFFICE Docs WordPress plugin allows unauthenticated attackers to escal
4876	CVE-2025-7083	0.24%	46.2th	6.3	This critical vulnerability in Belkin F9K1122 routers allows remote attackers to execute arbitrary o
4877	CVE-2025-57810	0.24%	46.2th	7.5	CVE-2025-57810 is a denial-of-service vulnerability in jsPDF library where user-controlled input to
4878	CVE-2025-10057	0.24%	46.3th	8.8	This vulnerability allows authenticated attackers with Subscriber-level access or higher to execute
4879	CVE-2025-9990	0.24%	46.3th	8.1	The WordPress Helpdesk Integration plugin has a Local File Inclusion vulnerability that allows unaut
4880	CVE-2025-60710	0.24%	46.2th	7.8	This vulnerability allows an authorized attacker to exploit improper link resolution in the Host Pro
4881	CVE-2025-66572	0.24%	46.2th	N/A	Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthentica
4882	CVE-2025-23367	0.24%	46th	6.5	This vulnerability allows users with Monitor or Auditor roles in Wildfly Server to suspend or resume
4883	CVE-2024-13694	0.24%	46th	7.5	This vulnerability allows unauthenticated attackers to access wishlist data they shouldn't have perm
4884	CVE-2025-1355	0.24%	46th	7.3	This critical vulnerability in needyamin Library Card System 1.0 allows attackers to upload arbitrar
4885	CVE-2024-57077	0.24%	46.2th	9.1	CVE-2024-57077 is a prototype pollution vulnerability in utils-extend library version 1.0.8 that all
4886	CVE-2025-2322	0.24%	46th	7.3	This CVE describes a critical vulnerability in a Spring Boot ChatGPT integration component where har
4887	CVE-2025-2320	0.24%	46th	7.3	This CVE describes an improper authorization vulnerability in the springboot-openai-chatgpt project'
4888	CVE-2025-23368	0.24%	46th	8.1	This vulnerability in WildFly Elytron integration allows attackers to perform brute force attacks ag
4889	CVE-2025-30704	0.24%	46th	4.4	A vulnerability in Oracle MySQL Server's Components Services allows high-privileged attackers with n
4890	CVE-2025-3352	0.24%	46th	7.3	This critical SQL injection vulnerability in PHPGurukul Old Age Home Management System 1.0 allows at
4891	CVE-2025-48742	0.24%	46th	5.4	This vulnerability in SIGB PMB installer allows remote attackers to execute arbitrary code on affect
4892	CVE-2025-2605	0.24%	46th	9.9	This OS command injection vulnerability in Honeywell MB-Secure allows attackers to execute arbitrary
4893	CVE-2025-49832	0.24%	46th	6.5	Asterisk has a vulnerability in its STIR/SHAKEN verification module that allows remote attackers to
4894	CVE-2025-43813	0.24%	46th	8.2	This vulnerability in Liferay Portal/DXP allows remote attackers to perform path traversal attacks v
4895	CVE-2025-10589	0.24%	46th	8.8	This CVE describes an OS command injection vulnerability in N-Partner's N-Reporter, N-Cloud, and N-P
4896	CVE-2025-3586	0.24%	46th	7.2	This vulnerability allows authenticated admin users with Instance Administrator role to execute arbi
4897	CVE-2025-65036	0.24%	46.1th	8.3	CVE-2025-65036 is a critical vulnerability in XWiki Remote Macros that allows unauthenticated attack
4898	CVE-2025-0615	0.23%	46th	5.3	This input validation vulnerability in Qualifio's Wheel of Fortune allows attackers to bypass email
4899	CVE-2023-37936	0.23%	46th	9.8	This vulnerability allows attackers to execute arbitrary code or commands on affected FortiSwitch de
4900	CVE-2023-46608	0.23%	45.9th	5.3	This CVE describes a Missing Authorization vulnerability in the WPDO DoLogin Security WordPress plug

← Previous Page 98 of 710 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free