CWE-338

Medium likelihood

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Parent: CWE-330 - Use of Insufficiently Random Values

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

171 vulnerabilities with CWE-338
CVE-2025-66565 CRITICAL
Fiber Utils <2.0.0-rc.3 - Info Disclosure
CVSS 9.8
CVE-2025-59390 CRITICAL
Apache Druid < 35.0.0 - Authentication Bypass
CVSS 9.8
CVE-2025-41731 HIGH
Jumo variTRON300/500 - Weak Password Generation in Debug Interface
CVSS 7.4
CVE-2025-40925 CRITICAL
Starch <0.14 - Info Disclosure
CVSS 9.1
CVE-2025-40933 HIGH
Apache::AuthAny::Cookie v0.201 - Info Disclosure
CVSS 7.5
CVE-2025-40920 HIGH
Catalyst::Authentication::Credential::HTTP <1.018 - Info Disclosure
CVSS 8.6
CVE-2025-54883 CRITICAL
Vision UI <=1.4.0 - Cryptographic Weakness
CVE-2025-7394 CRITICAL
Wolfssl < 5.8.0 - Information Disclosure
CVSS 9.8
CVE-2025-40924 MEDIUM
Catalyst::Plugin::Session <0.44 - Info Disclosure
CVSS 6.5
CVE-2025-40919 MEDIUM
Authen::DigestMD5 <0.03 - Info Disclosure
CVSS 6.5
CVE-2025-40918 MEDIUM
Authen::SASL::Perl::DIGEST_MD5 <2.1800 - Info Disclosure
CVSS 6.5
CVE-2025-40923 HIGH
Plack-Middleware-Session <0.35 - Info Disclosure
CVSS 7.3
CVE-2025-40916 CRITICAL
Mojolicious::Plugin::CaptchaPNG 1.05 - Info Disclosure
CVSS 9.1
CVE-2025-40915 HIGH
Mojolicious::Plugin::CSRF 1.03 - Info Disclosure
CVSS 7.0
CVE-2025-46653 LOW
Formidable 2.1.0-3.5.2 - Info Disclosure
CVSS 3.1
CVE-2025-3495 CRITICAL
Delta Electronics COMMGR - Code Injection
CVSS 9.8
CVE-2025-2814 MEDIUM
Crypt::CBC <3.05 - Info Disclosure
CVSS 4.0
CVE-2025-32755 CRITICAL
Jenkins/ssh-slave Docker - Privilege Escalation
CVSS 9.1
CVE-2025-32754 CRITICAL
Jenkins/ssh-agent Docker <6.11.1 - Privilege Escalation
CVSS 9.1
CVE-2025-1805 MEDIUM
Crypt::Salt 0.01 - Info Disclosure
CVSS 5.3
CVE-2025-1860 HIGH
Data::Entropy <0.008 - Info Disclosure
CVSS 7.7
CVE-2025-27552 MEDIUM
DBIx::Class::EncodedColumn <0.00032 - Info Disclosure
CVSS 4.0
CVE-2025-27551 MEDIUM
DBIx::Class::EncodedColumn <0.00032 - Info Disclosure
CVSS 4.0
CVE-2025-1796 HIGH
langgenius/dify <0.10.1 - Privilege Escalation
CVSS 8.8
CVE-2025-1828 HIGH
Crypt::Random Perl <1.56 - Info Disclosure
CVSS 8.8
Details
Vulnerabilities 171
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits