Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-330

CWE-330

High likelihood

Use of Insufficiently Random Values

Parent: CWE-693 - Protection Mechanism Failure

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

375 vulnerabilities with CWE-330

CVE-2026-50009 MEDIUM

Netty QUIC stateless reset token material exposed through header-visible connection IDs

CVE-2026-45673 MEDIUM

Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port

CVE-2026-41701 MEDIUM

In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues

CVE-2026-41838 MEDIUM

Spring Framework Predictable Session ID in WebSocket Module

CVE-2026-41207 MEDIUM

netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

CVE-2026-50208 CRITICAL

Acer Connect M6E 5G Portable WiFi Router - Permissive TrustAllCerts TLS Verification

CVE-2026-44054 MEDIUM

Netatalk 2.0.0-4.4.2 - Authenticated Denial of Service via Predictable AFP Session Tokens

CVE-2026-42155 CRITICAL

Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

CVE-2026-41505 HIGH

RELATE: Predictable Token Generation in auth.py and exam.py

CVE-2026-7847 LOW

chatchat-space Langchain-Chatchat Uploaded File openai_routes.py _get_file_id random values

CVE-2026-40975 MEDIUM

Spring Boot <4.0.6 - Weak PRNG for Secrets

CVE-2026-40496 CRITICAL

FreeScout has Predictable Attachment Token that Allows Unauthenticated Private File Download via Brute Force

CVE-2026-40306 MEDIUM

DNN has same HostGUID for all new installs

CVE-2026-33710 HIGH

Chamilo LMS has Weak REST API Key Generation (Predictable)

CVE-2026-34511 MEDIUM

OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter

CVE-2026-25072 CRITICAL

XikeStor SKS8310-8X <1.04.B07 - Auth Bypass

CVE-2026-20101 HIGH

Cisco Secure Firewall ASA/FTD - DoS

CVE-2026-28415 MEDIUM

Gradio < 6.6.0 - Open Redirect via Unvalidated _target_url Parameter

CVE-2026-27755 CRITICAL

SODOLA SL902-SWTGW124AS <200.1.20 - Auth Bypass

CVE-2026-23999 MEDIUM

Fleet <4.80.1 - Predictable PIN Generation

CVE-2026-27637 CRITICAL

FreeScout < 1.8.206 - Predictable Token Authentication Bypass via MD5 Token

CVE-2026-27515 CRITICAL

Binardat 10G08-0800GSM <V300SP10260209 - Auth Bypass

CVE-2026-2966 LOW

Cesanta Mongoose <=7.20 - DNS Transaction ID Weakness

CVE-2026-21444 MEDIUM

libtpms 0.10.0-0.10.1 - Use of Insufficiently Random Values in IV Generation

CVE-2025-15603 LOW

open-webui <=0.6.16 - Insufficient Randomness

Page 1 of 15 Next

Details

Vulnerabilities 375

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy