CWE-338

Medium likelihood

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Parent: CWE-330 - Use of Insufficiently Random Values

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

184 vulnerabilities with CWE-338

CVE-2025-40916 CRITICAL

Mojolicious::Plugin::CaptchaPNG 1.05 - Info Disclosure

CVSS 9.1

CVE-2025-40915 HIGH

Mojolicious::Plugin::CSRF 1.03 - Info Disclosure

CVSS 7.0

CVE-2025-46653 LOW

Formidable 2.1.0-3.5.2 - Info Disclosure

CVSS 3.1

CVE-2025-3495 CRITICAL

Delta Electronics COMMGR - Code Injection

CVSS 9.8

CVE-2025-2814 MEDIUM

Crypt::CBC 1.21-3.05 - Weak Cryptographic IV Generation via rand() Fallback

CVSS 4.0

CVE-2025-32755 CRITICAL

Jenkins/ssh-slave Docker - Privilege Escalation

CVSS 9.1

CVE-2025-32754 CRITICAL

Jenkins/ssh-agent Docker <6.11.1 - Privilege Escalation

CVSS 9.1

CVE-2025-1805 MEDIUM

Crypt::Salt 0.01 - Use of Cryptographically Weak PRNG via rand()

CVSS 5.3

CVE-2025-1860 HIGH

Data::Entropy <0.008 - Info Disclosure

CVSS 7.7

CVE-2025-27552 MEDIUM

DBIx::Class::EncodedColumn <0.00032 - Info Disclosure

CVSS 4.0

CVE-2025-27551 MEDIUM

DBIx::Class::EncodedColumn <0.00032 - Info Disclosure

CVSS 4.0

CVE-2025-1796 HIGH

langgenius/dify <0.10.1 - Privilege Escalation

CVSS 8.8

CVE-2025-1828 HIGH

Crypt::Random Perl <1.56 - Info Disclosure

CVSS 8.8

CVE-2025-21617 MEDIUM

Guzzle OAuth Subscriber < 0.8.1 - Use of Cryptographically Weak PRNG in Nonce Generation

CVE-2025-22376 MEDIUM

Net::OAuth::Client <0.29 - Info Disclosure

CVSS 5.3

CVE-2024-57854 CRITICAL

Net::NSCA::Client <=0.009002 - Weak RNG

CVSS 9.1

CVE-2024-58041 CRITICAL

Smolder <=1.51 - Insecure Randomness

CVSS 9.1

CVE-2024-58040 CRITICAL

Crypt::RandomEncryption 0.01 - Insecure RNG

CVSS 9.1

CVE-2024-58135 MEDIUM

Mojolicious <7.28 - Info Disclosure

CVSS 5.3

CVE-2024-56370 MEDIUM

Net::Xero <= 0.44 - Insufficient Entropy via rand() Function

CVSS 6.5

CVE-2024-52322 MEDIUM

WebService::Xero <0.11 - Info Disclosure

CVSS 5.5

CVE-2024-58036 MEDIUM

Net::Dropbox::API <1.9 - Info Disclosure

CVSS 5.5

CVE-2024-57868 MEDIUM

Web::API < 2.8 - Insufficient Entropy via rand() Function

CVSS 5.5

CVE-2024-57835 MEDIUM

Amon2::Auth::Site::LINE - Info Disclosure

CVSS 5.5

CVE-2024-40762 CRITICAL

SonicOS < 7.1.1-7058, 7.1.2-7019, 8.0.0-8035 - Authentication Bypass via Weak PRNG in SSLVPN Token Generator

CVSS 9.8

Details

Vulnerabilities 184

Exploit Likelihood Medium

Links