Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-330 (使用不充分的随机数) — Vulnerability Class 110

110 vulnerabilities classified as CWE-330 (使用不充分的随机数). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40496 FreeScout has Predictable Attachment Token that Allows Unauthenticated Private File Download via Brute Force — freescout 8.2AIHighAI2026-04-21
CVE-2026-40306 DNN has same HostGUID for all new installs — Dnn.Platform 5.4AIMediumAI2026-04-17
CVE-2026-33710 Chamilo LMS has Weak REST API Key Generation (Predictable) — chamilo-lms 7.5 High2026-04-10
CVE-2026-34511 OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter — OpenClaw 5.3 Medium2026-04-03
CVE-2025-15603 open-webui JWT Key start_windows.bat random values — open-webui 3.7 Low2026-03-09
CVE-2026-25072 XikeStor SKS8310-8X Predictable Session Identifiers — XikeStor SKS8310-8X 9.1 -2026-03-07
CVE-2026-20101 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure FTD Software 安全特征问题漏洞 — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 8.6 High2026-03-04
CVE-2026-27755 SODOLA SL902-SWTGW124AS <= 200.1.20 Predictable Session ID — SODOLA SL902-SWTGW124AS 9.8 Critical2026-02-27
CVE-2026-23999 Fleet: Device lock PIN can be predicted if lock time is known — fleet 5.7AIMediumAI2026-02-26
CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover — freescout 9.8 Critical2026-02-25
CVE-2024-48928 Piwigo's secret key can be brute forced — Piwigo 7.5 -2026-02-24
CVE-2026-27515 Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers — 10G08-0800GSM Network Switch 9.1 Critical2026-02-24
CVE-2026-2966 Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values — Mongoose 3.7 Low2026-02-23
CVE-2025-15574 Insecure Credential Generation for Solax Power Pocket WiFi models MQTT Cloud Connection — Pocket WiFi 3.0 9.8AICriticalAI2026-02-12
CVE-2025-64097 NervesHub has Insufficient Token Entropy that Allows Authentication Bypass via Brute Force — nerves_hub_web 8.1AIHighAI2026-01-22
CVE-2025-68704 Jervis has a Weak Random for Timing Attack Mitigation — jervis 7.5AIHighAI2026-01-13
CVE-2025-11723 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure — Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 6.5 Medium2026-01-06
CVE-2025-11707 Login Lockdown & Protection <= 2.14 - IP Block Bypass — Login Lockdown & Protection 5.3 Medium2025-12-13
CVE-2025-13955 Predictable Default Wi-Fi Password in EZCast Pro II Dongle — EZCast Pro II 8.1AIHighAI2025-12-10
CVE-2025-66511 Nextcloud Calendar app used predictable proposal participant tokens — security-advisories 4.8 Medium2025-12-05
CVE-2025-13353 gokey allows secret recovery from a seed file without the master password — gokey 9.1AICriticalAI2025-12-02
CVE-2025-59371 ASUS Router 安全漏洞 — Router 8.8AIHighAI2025-11-25
CVE-2025-13470 RNP 0.18.0 Vulnerable PKESK session keys — RNP 7.5 High2025-11-21
CVE-2025-12787 Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation — Hydra Booking — Appointment Scheduling & Booking Calendar 5.3 Medium2025-11-11
CVE-2025-6515 Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers — oatpp-mcp 6.8 Medium2025-10-20
CVE-2025-10745 Banhammer – Monitor Site Traffic, Block Bad Users and Bots <= 3.4.8 - Unauthenticated Protection Mechanism Bypass — Banhammer – Monitor Site Traffic, Block Bad Users and Bots 5.3 Medium2025-09-26
CVE-2025-10671 youth-is-as-pale-as-poetry e-learning JWT Token JwtUtils.java encryptSecret random values — e-learning 3.7 Low2025-09-18
CVE-2025-7783 Usage of unsafe random function in form-data for choosing boundary 8.2 -2025-07-18
CVE-2025-43866 Vantage6 Server JWT secret not cryptographically secure — vantage6 6.5AIMediumAI2025-06-12
CVE-2025-49198 Poor quality of randomness in authorization tokens — SICK Media Server 3.1 Low2025-06-12

Vulnerabilities classified as CWE-330 (使用不充分的随机数) represent 110 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.