CVEs classified under CWE-335, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (39)
CVE-2024-36048 — CVSS 9.8 (critical): QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through…
CVE-2023-4472 — CVSS 9.8 (critical): Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable…
CVE-2019-11495 — CVSS 9.8 (critical): In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to…
CVE-2019-10908 — CVSS 9.8 (critical): In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random…
CVE-2017-11519 — CVSS 9.8 (critical): passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable…
CVE-2024-27632 — CVSS 8.8 (high): An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
CVE-2021-41117 — CVSS 8.7 (high): keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing…
CVE-2024-1579 — CVSS 8.1 (high): Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Secomea GateManager (Webserver modules) allows Session…
CVE-2022-26852 — CVSS 8.1 (high): Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated…
CVE-2016-3735 — CVSS 8.1 (high): Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate…
CVE-2018-12520 — CVSS 8.1 (high): An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program…
CVE-2021-42810 — CVSS 7.8 (high): A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a…
CVE-2026-25835 — CVSS 7.7 (high): Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
CVE-2026-11702 — CVSS 7.5 (high): Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised…
CVE-2026-11625 — CVSS 7.5 (high): Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before…
CVE-2026-41564 — CVSS 7.5 (high): CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA…
CVE-2025-27580 — CVSS 7.5 (high): NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username…
CVE-2025-24783 — CVSS 7.5 (high): ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This…
CVE-2024-9312 — CVSS 7.5 (high): Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names…
CVE-2022-39218 — CVSS 7.5 (high): The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge…
CVE-2019-25061 — CVSS 7.5 (high): The random_password_generator (aka RandomPasswordGenerator) gem through 1.0.0 for Ruby uses Kernel#rand to generate passwords, which, due…
CVE-2020-28597 — CVSS 7.5 (high): A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is…
CVE-2021-27211 — CVSS 7.5 (high): steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data.
CVE-2020-7010 — CVSS 7.5 (high): Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able…
CVE-2020-13784 — CVSS 7.5 (high): D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
CVE-2017-5214 — CVSS 7.5 (high): The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of…
CVE-2016-10180 — CVSS 7.5 (high): An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.
CVE-2018-1426 — CVSS 7.4 (high): IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when…
CVE-2024-55566 — CVSS 6.6 (medium): ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). The impact…
CVE-2023-49343 — CVSS 6.0 (medium): Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is…
CVE-2022-40267 — CVSS 5.9 (medium): Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z…
CVE-2018-12384 — CVSS 5.9 (medium): When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead…
CVE-2025-52578 — CVSS 5.7 (medium): Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM may allow a sophisticated attacker…
CVE-2022-31008 — CVSS 5.5 (medium): RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation…
CVE-2021-34600 — CVSS 5.5 (medium): Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags…
CVE-2026-3503 — CVSS 5.2 (medium): Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers…
CVE-2021-32033 — CVSS 4.6 (medium): Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The…
CVE-2022-42159 — CVSS 4.3 (medium): D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.