CWE-338 · Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

191 CVEs classified under CWE-338 (Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)). Browse by severity and year.

Top CVEs for CWE-338
CVESeverityScorePublishedSummary
CVE-2026-56141Critical9.82026-06-19In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes…
CVE-2026-3256Critical9.82026-03-28HTTP::Session versions before 0.54 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to gen…
CVE-2025-15604Critical9.82026-03-28Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions. In versions 6.06 through 6.16, the random_string func…
CVE-2025-40926Critical9.82026-03-05Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seede…
CVE-2026-2439Critical9.82026-02-16Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defa…
CVE-2025-15578Critical9.82026-02-16Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP…
CVE-2025-68932Critical9.82025-12-27FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators (mt_rand() and uniqid(…
CVE-2025-66565Critical9.82025-12-09Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (c…
CVE-2025-59390Critical9.82025-11-26Apache Druid’s Kerberos authenticator uses a weak fallback secret when the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration is not expli…
CVE-2025-7394Critical9.82025-07-18In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values re…
CVE-2025-3495Critical9.82025-04-16Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID a…
CVE-2024-40762Critical9.82025-01-09Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predict…
CVE-2023-36993Critical9.82023-07-07The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the pa…
CVE-2023-2884Critical9.82023-05-25Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofin…
CVE-2022-44796Critical9.82022-11-07An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowi…
CVE-2011-4574Critical9.82021-10-27PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high res…
CVE-2021-3538Critical9.82021-06-02A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due…
CVE-2019-14480Critical9.82020-12-16AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalatio…
CVE-2020-28642Critical9.82020-11-16In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct ad…
CVE-2015-9435Critical9.82019-09-26The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.