CVEs classified under CWE-340, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2025-69286 — CVSS 9.8 (critical): RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation…
CVE-2026-5081 — CVSS 9.1 (critical): Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniq…
CVE-2026-2473: Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on…
CVE-2025-62294 — CVSS 7.5 (high): SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a…
CVE-2024-52299 — CVSS 7.5 (high): macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any…
CVE-2026-9219 — CVSS 6.5 (medium): Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The…
CVE-2025-13044 — CVSS 6.2 (medium): IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a…
CVE-2025-59452 — CVSS 5.8 (medium): The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of…
CVE-2026-42932 — CVSS 5.3 (medium): Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable…
CVE-2025-58424 — CVSS 5.3 (medium): On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message…
CVE-2024-10603 — CVSS 5.3 (medium): Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an…
CVE-2024-12034 — CVSS 5.3 (medium): The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due…
CVE-2024-28957 — CVSS 5.3 (medium): Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote…
CVE-2025-3449 — CVSS 4.2 (medium): A Generation of Predictable Numbers or Identifiers vulnerability in the SDM component of B&R Automation Runtime versions before 6.4 may…
CVE-2026-28810 — CVSS 3.7 (low): Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning…