The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
124 vulnerabilities with CWE-331
CVE-2026-2336
HIGH
Weak webstax_auth Cookie Authentication Allows Privilege Escalation
CVE-2026-41080
LOW
libexpat <2.7.6 - Hash Flooding
CVSS 2.9
CVE-2026-34236
HIGH
Auth0 PHP SDK Insufficient Entropy in Cookie Encryption
CVSS 8.2
CVE-2026-2878
MEDIUM
Progress Telerik UI for AJAX <2026.1.225 - Info Disclosure
CVSS 5.3
CVE-2026-2541
MEDIUM
Micca KE700 - Info Disclosure
CVE-2026-1814
MEDIUM
Rapid7 Nexpose >=6.4.50 - Info Disclosure
CVE-2026-22698
HIGH
RustCrypto <0.14.0-rc.0 - RCE
CVSS 7.5
CVE-2025-0577
MEDIUM
glibc - Insufficient Entropy
CVSS 4.8
CVE-2025-7432
LOW
Silicon Labs' Series 2 - Info Disclosure
CVE-2025-13399
HIGH
VX800v v1.0 - Info Disclosure
CVSS 8.8
CVE-2025-15387
HIGH
VPN Firewall - Info Disclosure
CVSS 8.8
CVE-2025-67504
CRITICAL
Wbce Cms < 1.6.5 - Privilege Escalation
CVSS 9.1
CVE-2025-66565
CRITICAL
Fiber Utils <2.0.0-rc.3 - Info Disclosure
CVSS 9.8
CVE-2025-14261
HIGH
Litmus - Auth Bypass
CVSS 7.1
CVE-2025-32898
MEDIUM
KDE Connect <2025-04-18 - Info Disclosure
CVSS 4.7
CVE-2025-62774
LOW
Mercku M6a <2.1.0 - Info Disclosure
CVSS 3.1
CVE-2025-59015
MEDIUM
TYPO3 CMS <13.4.17 - Info Disclosure
CVSS 6.5
CVE-2025-54885
MEDIUM
Thinbus Javascript Secure Remote Password <2.0.0 - Info Disclosure
CVE-2025-50122
HIGH
Unknown - Info Disclosure
CVE-2025-6931
LOW
D-Link DCS-6517/7517 <2.02.0 - Insufficient Entropy
CVSS 3.7
CVE-2025-52464
HIGH
Meshtastic <2.6.11 - Info Disclosure
CVSS 8.3
CVE-2025-47781
CRITICAL
Rallly <3.22.1 - Info Disclosure
CVSS 9.8
CVE-2025-2814
MEDIUM
Crypt::CBC <3.05 - Info Disclosure
CVSS 4.0
CVE-2025-1860
HIGH
Data::Entropy <0.008 - Info Disclosure
CVSS 7.7
CVE-2025-27552
MEDIUM
DBIx::Class::EncodedColumn <0.00032 - Info Disclosure
CVSS 4.0
Details
Vulnerabilities
124