Weaknesses of type CWE-338
125 resultsCVE-2025-68932LOWFreshRSS has weak cryptographic randomness in remember-me token and nonce generationEPSS 0.5%CVE-2023-50059MEDIUMAn issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of GalxEPSS 0.5%CVE-2025-66630CRITICALFiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failureEPSS 0.5%CVE-2024-58135MEDIUMMojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by defaultEPSS 0.5%CVE-2021-3047MEDIUMPAN-OS: Weak Cryptography Used in Web Interface AuthenticationEPSS 0.5%CVE-2026-41564HIGHCryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forkingEPSS 0.4%CVE-2026-6659HIGHCrypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for saltsEPSS 0.4%CVE-2025-67504CRITICALWBCE CMS has Weak Random Number Generator in Password Generation FunctionEPSS 0.4%CVE-2025-21617MEDIUMGuzzle OAuth Subscriber has insufficient nonce entropyEPSS 0.4%CVE-2025-40926CRITICALPlack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurelyEPSS 0.4%CVE-2026-5083MEDIUMAdo::Sessions versions through 0.935 for Perl generates insecure session idsEPSS 0.4%CVE-2026-3255MEDIUMHTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() functionEPSS 0.4%CVE-2025-32754CRITICALIn jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing allEPSS 0.4%CVE-2025-32755CRITICALIn jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all coEPSS 0.4%CVE-2025-1805MEDIUMCrypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposesEPSS 0.4%CVE-2024-58041CRITICALSmolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functionsEPSS 0.4%CVE-2024-57854CRITICALNet::NSCA::Client versions through 0.009002 for Perl uses a poor random number generatorEPSS 0.4%CVE-2018-25107HIGHThe Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand() function, which is not a secure source of randoEPSS 0.4%CVE-2026-5082MEDIUMAmon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session idEPSS 0.4%CVE-2026-2439CRITICALConcierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session idsEPSS 0.4%