Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-338 (使用具有密码学弱点缺陷的PRNG) — Vulnerability Class 69

69 vulnerabilities classified as CWE-338 (使用具有密码学弱点缺陷的PRNG). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5088 Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts — Apache::API::Password 9.1 -2026-04-15
CVE-2026-25726 Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding) — cloudreve 8.1 High2026-04-03
CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely — PAGI::Middleware::Session::Store::Cookie 7.5AIHighAI2026-03-31
CVE-2025-15618 Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key — Business::OnlinePayment::StoredTransaction 7.5AIHighAI2026-03-31
CVE-2024-57854 Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator — Net::NSCA::Client 9.1 -2026-03-05
CVE-2024-58041 Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions — Smolder 9.1AICriticalAI2026-02-23
CVE-2025-15578 Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely — Maypole 7.5AIHighAI2026-02-16
CVE-2025-40905 WWW::OAuth 1.000 and earlier for Perl uses insecure rand() function for cryptographic functions — WWW::OAuth 7.5AIHighAI2026-02-12
CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure — fiber 9.1AICriticalAI2026-02-09
CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation. — coturn 7.7 High2025-12-30
CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation — FreshRSS 9.8 -2025-12-26
CVE-2025-26379 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Random Number Generator — IQ Panels2, 2+, IQHub, IQPanel 4, PowerG 8.2AIHighAI2025-12-22
CVE-2025-59390 Apache Druid: Kerberos authenticaton chooses a cryptographically unsecure secret if not configured explicitly. — Apache Druid 9.8AICriticalAI2025-11-26
CVE-2025-41731 Jumo: Insufficient entropy in PRNG may lead to root access — variTRON300 7.4 High2025-11-10
CVE-2024-58040 Crypt::RandomEncryption for Perl uses insecure rand() function during encryption — Crypt::RandomEncryption 7.5AIHighAI2025-09-29
CVE-2025-54883 Vision UI's security-kit Contains Cryptographic Weakness — Vision-ui 7.5AIHighAI2025-08-05
CVE-2025-40916 Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha text — Mojolicious::Plugin::CaptchaPNG 5.3AIMediumAI2025-06-16
CVE-2025-40915 Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens — Mojolicious::Plugin::CSRF 8.1AIHighAI2025-06-11
CVE-2024-58135 Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default — Mojolicious 7.5AIHighAI2025-05-03
CVE-2025-46653 formidable 安全特征问题漏洞 — Formidable 3.1 Low2025-04-26
CVE-2025-3495 COMMGR - Insufficient Randomization Authentication Bypass — COMMGR 9.8 Critical2025-04-16
CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions — Crypt::CBC 9.8AICriticalAI2025-04-12
CVE-2024-56370 Net::Xero 0.044 and earlier for Perl uses insecure rand() function for cryptographic functions — Net::Xero 9.1AICriticalAI2025-04-05
CVE-2024-52322 WebService::Xero 0.11 for Perl uses insecure rand() function for cryptographic functions — WebService::Xero 9.1AICriticalAI2025-04-05
CVE-2024-57835 Amon2::Auth::Site::LINE versions through 0.04 for Perl uses insecure rand() function for cryptographic functions — Amon2::Auth::Site::LINE 7.5AIHighAI2025-04-05
CVE-2024-58036 Net::Dropbox::API 1.9 and earlier for Perl uses insecure rand() function for cryptographic functions — Net::Dropbox::API 9.1AICriticalAI2025-04-05
CVE-2024-57868 Web::API 2.8 and earlier for Perl uses insecure rand() function for cryptographic functions — Web::API 9.1AICriticalAI2025-04-05
CVE-2025-1805 Crypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposes — Crypt::Salt 9.1 -2025-04-02
CVE-2025-1860 Data::Entropy for Perl uses insecure rand() function for cryptographic functions — Data::Entropy 7.5 -2025-03-28
CVE-2025-27552 DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm — DBIx::Class::EncodedColumn 7.5AIHighAI2025-03-26

Vulnerabilities classified as CWE-338 (使用具有密码学弱点缺陷的PRNG) represent 69 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.