CWE-330 · Use of Insufficiently Random Values

377 CVEs classified under CWE-330 (Use of Insufficiently Random Values). Browse by severity and year.

Top CVEs for CWE-330
CVESeverityScorePublishedSummary
CVE-2023-22601Critical10.02023-01-12 InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Us…
CVE-2021-40422Critical10.02022-04-14An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network re…
CVE-2026-25072Critical9.82026-03-07XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint…
CVE-2026-27755Critical9.82026-02-27SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authentica…
CVE-2026-27637Critical9.82026-02-25FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's `TokenAuth` middleware uses a predicta…
CVE-2025-64097Critical9.82026-01-22NervesHub is a web service that allows users to manage over-the-air (OTA) firmware updates of devices in the field. A vulnerability present starting in version…
CVE-2025-4607Critical9.82025-05-31The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_r…
CVE-2024-36389Critical9.82024-06-02MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass
CVE-2020-27631Critical9.82023-10-10In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.
CVE-2020-27630Critical9.82023-10-10In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.
CVE-2023-39979Critical9.82023-09-02There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the…
CVE-2023-4344Critical9.82023-08-15Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
CVE-2023-2884Critical9.82023-05-25Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofin…
CVE-2022-46353Critical9.82022-12-13A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HS…
CVE-2022-44938Critical9.82022-12-08Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack.
CVE-2022-36536Critical9.82022-09-16An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privil…
CVE-2022-25752Critical9.82022-04-12A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coa…
CVE-2021-36166Critical9.82022-03-01An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication…
CVE-2022-22922Critical9.82022-02-18TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gai…
CVE-2021-36294Critical9.82022-01-25Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulne…