CWE-338

Medium likelihood

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Parent: CWE-330 - Use of Insufficiently Random Values

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

158 vulnerabilities with CWE-338
CVE-2024-57854 CRITICAL
Net::NSCA::Client <=0.009002 - Weak RNG
CVSS 9.1
CVE-2025-40931 CRITICAL
Apache::Session::Generate::MD5 <=1.94 - Info Disclosure
CVSS 9.1
CVE-2025-40926 CRITICAL
Plack::Middleware::Session::Simple <=0.04 - Auth Bypass
CVSS 9.8
CVE-2026-3255 MEDIUM
HTTP::Session2 <1.12 - Weak Session ID
CVSS 6.5
CVE-2025-40932 HIGH
Apache::SessionX <=2.01 - Insecure Session ID
CVSS 8.2
CVE-2024-58041 CRITICAL
Smolder <=1.51 - Insecure Randomness
CVSS 9.1
CVE-2026-2439 CRITICAL
Concierge::Sessions 0.8.1-0.8.5 - Auth Bypass
CVSS 9.8
CVE-2025-15578 CRITICAL
Maypole 2.10-2.13 - Auth Bypass
CVSS 9.8
CVE-2025-40905 HIGH
WWW::OAuth <1.000 - Info Disclosure
CVSS 7.3
CVE-2025-66630 CRITICAL
Fiber <2.52.11 - Info Disclosure
CVSS 9.4
CVE-2025-69217 HIGH
coturn <4.7.0-r4 - Info Disclosure
CVSS 7.7
CVE-2025-68932 CRITICAL
FreshRSS <1.28.0 - Info Disclosure
CVSS 9.8
CVE-2025-26379
PowerG <unknown - Info Disclosure
CVE-2025-67504 CRITICAL
Wbce Cms < 1.6.5 - Privilege Escalation
CVSS 9.1
CVE-2025-66565 CRITICAL
Fiber Utils <2.0.0-rc.3 - Info Disclosure
CVSS 9.8
CVE-2025-59390 CRITICAL
Apache Druid < 35.0.0 - Authentication Bypass
CVSS 9.8
CVE-2025-41731 HIGH
Unknown - Info Disclosure
CVSS 7.4
CVE-2024-58040 CRITICAL
Crypt::RandomEncryption 0.01 - Insecure RNG
CVSS 9.1
CVE-2025-40925 CRITICAL
Starch <0.14 - Info Disclosure
CVSS 9.1
CVE-2025-40933 HIGH
Apache::AuthAny::Cookie v0.201 - Info Disclosure
CVSS 7.5
CVE-2025-40920 HIGH
Catalyst::Authentication::Credential::HTTP <1.018 - Info Disclosure
CVSS 8.6
CVE-2025-54883
Vision UI <=1.4.0 - Cryptographic Weakness
CVE-2025-7394 CRITICAL
Wolfssl < 5.8.0 - Information Disclosure
CVSS 9.8
CVE-2025-40924 MEDIUM
Catalyst::Plugin::Session <0.44 - Info Disclosure
CVSS 6.5
CVE-2025-40919 MEDIUM
Authen::DigestMD5 <0.03 - Info Disclosure
CVSS 6.5
Details
Vulnerabilities 158
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits