CWE-331 · Insufficient Entropy
132 CVEs classified under CWE-331 (Insufficient Entropy). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-36925 | Critical | 9.8 | 2026-01-06 | Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authenticat… |
CVE-2025-66565 | Critical | 9.8 | 2025-12-09 | Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (c… |
CVE-2025-47781 | Critical | 9.8 | 2025-05-14 | Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a… |
CVE-2024-47945 | Critical | 9.8 | 2024-10-15 | The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with onl… |
CVE-2024-25730 | Critical | 9.8 | 2024-02-23 | Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insuff… |
CVE-2023-49599 | Critical | 9.8 | 2024-01-10 | An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HT… |
CVE-2023-4344 | Critical | 9.8 | 2023-08-15 | Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection |
CVE-2022-34294 | Critical | 9.8 | 2022-08-15 | totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to preve… |
CVE-2021-41615 | Critical | 9.8 | 2022-08-08 | websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which d… |
CVE-2021-36294 | Critical | 9.8 | 2022-01-25 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulne… |
CVE-2021-22727 | Critical | 9.8 | 2021-07-21 | A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV… |
CVE-2021-33027 | Critical | 9.8 | 2021-07-19 | Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. |
CVE-2020-10285 | Critical | 9.8 | 2020-07-15 | The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to… |
CVE-2020-12735 | Critical | 9.8 | 2020-05-08 | reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover. |
CVE-2013-2260 | Critical | 9.8 | 2019-11-04 | Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness |
CVE-2018-1000620 | Critical | 9.8 | 2018-07-09 | Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is m… |
CVE-2008-2108 | Critical | 9.8 | 2008-05-07 | The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zer… |
CVE-2024-36400 | Critical | 9.4 | 2024-06-04 | nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the `nano_i… |
CVE-2025-67504 | Critical | 9.1 | 2025-12-09 | WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not c… |
CVE-2024-58040 | Critical | 9.1 | 2025-09-30 | Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption. |