CWE-335 · Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
18 CVEs classified under CWE-335 (Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-11519 | Critical | 9.8 | 2017-07-21 | passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator s… |
CVE-2021-41117 | High | 8.7 | 2021-10-11 | keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other librarie… |
CVE-2024-1579 | High | 8.1 | 2024-04-29 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Secomea GateManager (Webserver modules) allows Session Hijacking.This issue… |
CVE-2026-25835 | High | 7.7 | 2026-04-01 | Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). |
CVE-2026-41564 | High | 7.5 | 2026-04-23 | CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC… |
CVE-2025-27580 | High | 7.5 | 2025-04-23 | NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7… |
CVE-2022-39218 | High | 7.5 | 2022-09-20 | The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In ver… |
CVE-2017-5214 | High | 7.5 | 2017-05-17 | The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This m… |
CVE-2016-10180 | High | 7.5 | 2017-01-30 | An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding. |
CVE-2024-55566 | Medium | 6.6 | 2024-12-09 | ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). The impact can be overwriting fi… |
CVE-2025-52578 | Medium | 5.7 | 2025-11-18 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access… |
CVE-2021-34600 | Medium | 5.5 | 2022-01-20 | Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authori… |
CVE-2018-14647 | Medium | 5.3 | 2018-09-25 | Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks a… |
CVE-2026-3503 | Medium | 5.2 | 2026-03-19 | Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attack… |
CVE-2025-24783 | | 2025-01-27 | ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Co… | |
CVE-2023-4472 | | 2024-02-01 | Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead… | |
CVE-2016-3735 | | 2022-01-28 | Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset toke… | |
CVE-2020-7010 | | 2020-06-03 | Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the… |