Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-331

CWE-331

Insufficient Entropy

Parent: CWE-330 - Use of Insufficiently Random Values

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

131 vulnerabilities with CWE-331

CVE-2026-46473 HIGH

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand

CVE-2026-8700 HIGH

Crypt::DSA versions before 1.20 for Perl generate seeds using rand

CVE-2026-46474 HIGH

Trog::TOTP versions before 1.006 for Perl generate secrets using rand

CVE-2026-42155 CRITICAL

Magento LTS: Weak API Session ID — Predictable MD5 of Time-Derived Inputs

CVE-2026-4827 HIGH

Schneider Electric Easergy MiCOM C264 - Insufficient Entropy Vulnerability on Multiple Products

CVE-2026-7210 HIGH

The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

CVE-2026-2336 HIGH

Weak webstax_auth Cookie Authentication Allows Privilege Escalation

CVE-2026-41080 LOW

libexpat < 2.8.0 - Hash Flooding via Insufficient Entropy

CVE-2026-34236 HIGH

Auth0 PHP SDK Insufficient Entropy in Cookie Encryption

CVE-2026-2878 MEDIUM

Progress Telerik UI for AJAX <2026.1.225 - Info Disclosure

CVE-2026-2541 MEDIUM

Micca Car Alarm System KE700 - Insufficient Entropy in Rolling Code Authentication

CVE-2026-1814 MEDIUM

Rapid7 Nexpose >=6.4.50 - Info Disclosure

CVE-2026-22698 HIGH

RustCrypto sm2 < 0.14.0-rc.0 - Low-Entropy Nonce Ciphertext Decryption

CVE-2025-14972 MEDIUM

Simplicity SDK - Insufficient Entropy in SYMCRYPTO DPA Countermeasures

CVE-2025-0577 MEDIUM

Red Hat Enterprise Linux - Insufficient Entropy in glibc Randomness Functions

CVE-2025-7432 LOW

Silicon Labs' Series 2 - Info Disclosure

CVE-2025-13399 HIGH

TP-Link VX800v Firmware < 800.0.11 - Unauthenticated Weak AES Key Brute Force in Web Interface

CVE-2025-15387 HIGH

QNO Technology VPN Firewall - Unauthenticated Session Hijacking via Insufficient Entropy

CVE-2025-67504 CRITICAL

WBCE CMS < 1.6.5 - Weak Password Generation via Insecure rand() Usage

CVE-2025-66565 CRITICAL

Fiber Utils <2.0.0-rc.3 - Info Disclosure

CVE-2025-14261 HIGH

Litmus < 3.23.0 - Insufficient JWT Secret Entropy

CVE-2025-32898 MEDIUM

KDE Connect <2025-04-18 - Info Disclosure

CVE-2025-62774 LOW

Mercku M6a <2.1.0 - Info Disclosure

CVE-2025-59015 MEDIUM

TYPO3 CMS <13.4.17 - Info Disclosure

CVE-2025-54885 MEDIUM

Thinbus Javascript Secure Remote Password <2.0.0 - Info Disclosure

Page 1 of 6 Next

Details

Vulnerabilities 131

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy