Most Exploitable CVEs - EPSS Rankings

CVEs ranked by EPSS (Exploit Prediction Scoring System) probability. Higher scores mean a greater likelihood of exploitation in the wild within the next 30 days.

164

EPSS > 50%

156

CISA KEV Listed

35,468

CVEs with EPSS

0.7%

Avg EPSS Score

All Critical High Medium Low

Rank	CVE ID	EPSS Score	Percentile	CVSS	Flags	Summary
1	CVE-2024-23334	93.48%	99.8th	5.9		This CVE describes a directory traversal vulnerability in aiohttp when using static routes with 'fol
2	CVE-2025-4427	90.76%	99.6th	5.3	KEV	An authentication bypass vulnerability in Ivanti Endpoint Manager Mobile's API allows attackers to a
3	CVE-2025-30208	88.12%	99.5th	5.3		This CVE describes a path traversal vulnerability in Vite development servers where attackers can by
4	CVE-2025-57788	85.31%	99.3th	6.5		This vulnerability allows unauthenticated attackers to execute API calls without credentials in Comm
5	CVE-2024-55457	77.89%	99th	6.5		MasterSAM Star Gate 11 has a directory traversal vulnerability in the /adama/adama/downloadService e
6	CVE-2025-49706	70.35%	98.6th	6.5	KEV	CVE-2025-49706 is an improper authentication vulnerability in Microsoft SharePoint that allows unaut
7	CVE-2025-52367	70.01%	98.6th	5.4		A stored cross-site scripting (XSS) vulnerability in PivotX CMS v3.0.0 RC 3 allows remote attackers
8	CVE-2025-2292	68.8%	98.6th	6.5		Xorcom CompletePBX versions through 5.2.35 contain an authenticated path traversal vulnerability in
9	CVE-2025-31125	65.97%	98.5th	5.3	KEV	Vite development servers configured to expose content to the network can leak sensitive file content
10	CVE-2025-26465	64.39%	98.4th	6.8		This OpenSSH vulnerability allows machine-in-the-middle attacks when VerifyHostKeyDNS is enabled. At
11	CVE-2025-24071	57.65%	98.1th	6.5		This vulnerability in Windows File Explorer allows unauthorized attackers to access sensitive inform
12	CVE-2025-27218	57.65%	98.1th	5.3		CVE-2025-27218 is an insecure deserialization vulnerability in Sitecore Experience Manager (XM) and
13	CVE-2021-39935	50.52%	97.8th	6.8	KEV	This vulnerability allows unauthorized external users to perform Server Side Request Forgery (SSRF)
14	CVE-2024-11396	47.48%	97.6th	5.3		The Event Monster WordPress plugin creates publicly accessible CSV files containing visitor personal
15	CVE-2024-13609	45.64%	97.5th	5.9		The 1 Click WordPress Migration Plugin exposes sensitive user data including usernames and password
16	CVE-2025-25062	42.84%	97.4th	4.4		A stored cross-site scripting (XSS) vulnerability in Backdrop CMS allows attackers to inject malicio
17	CVE-2024-12008	37.77%	97.1th	5.3		The W3 Total Cache WordPress plugin exposes debug log files publicly when debug mode is enabled, all
18	CVE-2024-50967	37.15%	97.1th	6.5		CVE-2024-50967 is an unauthenticated access control vulnerability in Becon DATAGerry's REST API that
19	CVE-2024-57487	36.53%	97th	6.5		This vulnerability allows unauthenticated attackers to upload malicious PHP files through the car re
20	CVE-2025-1015	30.6%	96.6th	5.4		This vulnerability allows attackers to embed malicious links in Thunderbird address book fields. Whe
21	CVE-2025-52284	27.31%	96.3th	6.5		This CVE describes an unauthenticated command injection vulnerability in Totolink X6000R routers. At
22	CVE-2025-27915	26.52%	96.2th	5.4	KEV	This stored XSS vulnerability in Zimbra Collaboration allows attackers to inject malicious JavaScrip
23	CVE-2024-55963	25.23%	96.1th	6.5		This vulnerability allows any authenticated user without admin permissions to trigger the restart AP
24	CVE-2024-7097	22.1%	95.7th	4.3		This vulnerability allows attackers to create unauthorized user accounts in WSO2 products regardless
25	CVE-2025-55183	22.07%	95.6th	5.3		An information leak vulnerability in React Server Components allows attackers to retrieve source cod
26	CVE-2025-27410	21.64%	95.6th	6.5		CVE-2025-27410 is a path traversal vulnerability in PwnDoc's backup restore functionality that allow
27	CVE-2025-1035	21.15%	95.5th	5.7		This path traversal vulnerability in Komtera Technologies KLog Server allows attackers to manipulate
28	CVE-2025-35939	20.81%	95.5th	5.3	KEV	CVE-2025-35939 is a session file injection vulnerability in Craft CMS where unauthenticated users ca
29	CVE-2025-24011	19.27%	95.2th	5.3		This vulnerability in Umbraco CMS allows attackers to determine whether specific user accounts exist
30	CVE-2024-53615	17.96%	95th	6.5		This CVE describes a command injection vulnerability in Karl Ward's files.gallery video thumbnail re
31	CVE-2025-60683	15.02%	94.4th	6.5		This CVE describes a command injection vulnerability in ToToLink A720R router firmware that allows a
32	CVE-2025-22828	14.88%	94.4th	4.3		Apache CloudStack versions from 4.16.0 have an access validation flaw that allows authenticated user
33	CVE-2024-57514	13.6%	94.1th	4.8		This XSS vulnerability in TP-Link Archer A20 v3 routers allows attackers to inject malicious JavaScr
34	CVE-2025-50154	11.89%	93.6th	6.5		This vulnerability in Windows File Explorer allows unauthorized attackers to perform network spoofin
35	CVE-2025-26493	11.44%	93.4th	4.6		Multiple DOM-based cross-site scripting (XSS) vulnerabilities exist in JetBrains TeamCity's Code Ins
36	CVE-2025-24054	11.25%	93.3th	6.5	KEV	This vulnerability in Windows NTLM allows an attacker to manipulate file paths or names externally,
37	CVE-2024-57784	11.17%	93.3th	5.5		This vulnerability allows attackers to perform directory traversal attacks through the /php/script_u
38	CVE-2025-28367	10%	92.9th	6.5		CVE-2025-28367 is a directory traversal vulnerability in mojoPortal's BetterImageGallery API Control
39	CVE-2025-61489	9.92%	92.8th	6.5		A command injection vulnerability in sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary
40	CVE-2025-60687	9.6%	92.7th	6.5		An unauthenticated command injection vulnerability in ToToLink LR1200GB routers allows attackers to
41	CVE-2024-54764	9.47%	92.6th	6.5		An unauthenticated access control vulnerability in ipTIME A2004 routers allows attackers to access s
42	CVE-2025-28145	9.17%	92.5th	6.5		This CVE describes a command injection vulnerability in Edimax AC1200 routers that allows attackers
43	CVE-2025-28143	9.17%	92.5th	6.5		This CVE describes a command injection vulnerability in Edimax AC1200 routers that allows authentica
44	CVE-2025-56799	8.93%	92.4th	6.5		The Reolink desktop application version 8.18.12 contains a command injection vulnerability in its sc
45	CVE-2026-20805	8.2%	92th	5.5	KEV	This vulnerability in Desktop Windows Manager allows an authorized attacker with local access to dis
46	CVE-2025-63749	7.77%	91.8th	6.5		CVE-2025-63749 is a command injection vulnerability in pnetlab 5.3.11 that allows attackers to execu
47	CVE-2025-5605	7.68%	91.7th	4.3		An authentication bypass vulnerability in WSO2 Management Console allows attackers with console acce
48	CVE-2025-24459	7.27%	91.4th	4.6		This vulnerability allows reflected cross-site scripting (XSS) attacks on the Vault Connection page
49	CVE-2025-57639	6.59%	91th	6.5		This CVE describes an OS command injection vulnerability in Tenda AC9 routers where an attacker can
50	CVE-2025-54251	6.45%	90.8th	4.3		Adobe Experience Manager versions 6.5.23.0 and earlier contain an XML injection vulnerability that a

Page 1 of 331 Next →

What is EPSS?

The Exploit Prediction Scoring System (EPSS) is a data-driven model developed by FIRST.org that estimates the probability a CVE will be exploited in the wild within the next 30 days. Unlike CVSS which measures severity, EPSS measures likelihood of exploitation — making it ideal for prioritizing which vulnerabilities to patch first.

Why EPSS matters: With thousands of CVEs published monthly, not all vulnerabilities are equally dangerous. EPSS helps security teams focus on the CVEs most likely to be actively exploited, rather than patching solely by CVSS score. A critical CVSS 9.8 vulnerability with 0.1% EPSS may be less urgent than a high CVSS 7.5 with 90% EPSS.

Prioritize by Exploit Risk

Scan your servers and see which vulnerabilities have the highest EPSS scores. Focus on what attackers are actually targeting.

Start Monitoring Free