Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-330 (使用不充分的随机数) — Vulnerability Class 110

110 vulnerabilities classified as CWE-330 (使用不充分的随机数). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-4607 PSW Front-end Login & Registration <= 1.12 - Insufficiently Random Values to Unauthenticated Account Takeover/Privilege Escalation via customer_registration Function — PSW Front-end Login & Registration 9.8 Critical2025-05-31
CVE-2025-5136 Tmall Demo Payment Identifier pay random values — Demo 3.7 Low2025-05-24
CVE-2025-1953 vLLM AIBrix Prefix Caching hash.go random values — AIBrix 2.6 Low2025-03-04
CVE-2024-10604 Identifiable Header Values In Fuchsia Leading To Tracking of The User — Fuchsia 7.5 -2025-01-30
CVE-2025-22150 Undici Uses Insufficiently Random Values — undici 6.8 Medium2025-01-21
CVE-2024-12432 WPC Shop as a Customer for WooCommerce <= 1.2.8 - Authentication Bypass Due to Insufficiently Unique Key — WPC Shop as a Customer for WooCommerce 8.1 High2024-12-18
CVE-2024-52615 Avahi: avahi wide-area dns uses constant source port 5.3 Medium2024-11-21
CVE-2024-20331 Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Authentication DoS Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 6.8 Medium2024-10-23
CVE-2024-47188 Suricata http/byte-ranges: missing hashtable random seed leads to potential DoS — suricata 7.5 High2024-10-16
CVE-2024-47187 Suricata datasets: missing hashtable random seed leads to potential DoS — suricata 7.5 High2024-10-16
CVE-2024-6348 Predictable seed generation after ECU reset — Altima 6.1AIMediumAI2024-08-19
CVE-2024-42475 OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG — oauth 6.5 Medium2024-08-15
CVE-2024-42165 Arbitrary User Activation — FIWARE Keyrock 6.3 Medium2024-08-12
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values — projectsend 3.7 Low2024-08-11
CVE-2024-21460 Use of Insufficiently Random Values in Core — Snapdragon 7.1 High2024-07-01
CVE-2024-25943 Dell iDRAC9 安全漏洞 — Integrated Dell Remote Access Controller 9 7.6 High2024-06-29
CVE-2024-5868 WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness — WooCommerce - Social Login 6.5 Medium2024-06-15
CVE-2024-35292 多款Siemens产品 安全特征问题漏洞 — SIMATIC S7-200 SMART CPU CR40 8.2 High2024-06-11
CVE-2024-5149 BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) 6.5 Medium2024-06-05
CVE-2024-36389 MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values — DeviceHub 9.8 Critical2024-06-02
CVE-2024-4185 Customer Email Verification for WooCommerce <= 2.7.4 - Email Verification and Authentication Bypass due to Insufficient Randomness — Customer Email Verification for WooCommerce 8.1 High2024-04-30
CVE-2023-6799 WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness — WP Reset 5.9 Medium2024-04-09
CVE-2024-28013 NEC Corporation Aterm 安全漏洞 — WG1800HP4 8.1AIHighAI2024-03-28
CVE-2024-21495 caddy-security 安全漏洞 — github.com/greenpau/caddy-security 6.5 Medium2024-02-17
CVE-2024-0761 File Manager <= 7.2.1 - Sensitive Information Exposure via Backup Filenames — File Manager 8.1 High2024-02-05
CVE-2023-46740 Insecure random string generator used for sensitive data — cubefs 6.5 Medium2024-01-03
CVE-2023-4462 Poly VVX 601 Web Configuration Application random values — Trio 8300 3.7 Low2023-12-29
CVE-2023-6376 Henschen & Associates court document management software cache uses predictable file names — court document management software 5.3 Medium2023-11-30
CVE-2023-29332 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability — Azure Kubernetes Service 7.5 High2023-09-12
CVE-2023-41879 Magento LTS's guest order "protect code" can be brute-forced too easily — magento-lts 7.5 High2023-09-11

Vulnerabilities classified as CWE-330 (使用不充分的随机数) represent 110 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.