Login Sign Up

CWE-330: CWE-330

62
Total CVEs
21
Critical
25
High
7.9
Avg CVSS

Yearly Trend

2026
6
2025
12
2024
9
2023
15
2022
10

Top Affected Vendors

1 Google 2
2 Dell 2
3 Tp Link 2
4 Debian 1
5 Elwsc 1
6 Sungrowpower 1
7 Oracle 1
8 Wowonder 1
9 Openautomationsoftware 1
10 Cloudflare 1

All CWE-330 CVEs (62)

CVE-2026-27637
9.8

FreeScout's authentication system uses a predictable, static token that never expires. If an attacker obtains the Laravel APP_KEY (commonly exposed), ...

Feb 25, 2026
CVE-2025-64097
9.8

This vulnerability in NervesHub allows attackers to brute-force user API tokens due to their predictable format, potentially granting unauthorized acc...

Jan 22, 2026
CVE-2025-4607
9.8

The PSW Front-end Login & Registration WordPress plugin has a critical privilege escalation vulnerability that allows unauthenticated attackers to res...

May 31, 2025
CVE-2024-36389
9.8

MileSight DeviceHub uses insufficiently random values for authentication, potentially allowing attackers to bypass authentication mechanisms. This aff...

Jun 2, 2024
CVE-2020-27630
9.8

CVE-2020-27630 is a vulnerability in Silicon Labs uC/TCP-IP 3.6.0 where TCP Initial Sequence Numbers (ISNs) are generated with insufficient randomness...

Oct 10, 2023
CVE-2023-2884
9.8

This vulnerability in CBOT Chatbot uses a weak pseudo-random number generator (PRNG) that allows attackers to recreate cryptographic keys. This enable...

May 25, 2023
CVE-2022-25752
9.8

This vulnerability affects Siemens SCALANCE industrial network switches. It allows unauthenticated remote attackers to brute-force session IDs and hij...

Apr 12, 2022
CVE-2021-36166
9.8

This vulnerability allows remote attackers to efficiently guess administrative authentication tokens in FortiMail systems by observing certain system ...

Mar 1, 2022
CVE-2022-22922
9.8

This vulnerability in TP-Link TL-WA850RE Wi-Fi range extenders allows attackers to gain administrative access by exploiting predictable session keys. ...

Feb 18, 2022
CVE-2021-41694
9.8

This vulnerability allows unauthenticated attackers to change any user's password in Premiumdatingscript 4.2.7.7 due to improper access controls in th...

Dec 9, 2021
CVE-2021-38606
9.8

CVE-2021-38606 is a vulnerability in reNgine (a reconnaissance framework) where predictable directory names allow attackers to access sensitive files....

Aug 12, 2021
CVE-2021-27200
9.8

CVE-2021-27200 is a critical authentication bypass vulnerability in WoWonder's password recovery system. Attackers can predict password reset codes ba...

Jun 11, 2021
CVE-2020-35926
9.8

This vulnerability in the nanorand Rust crate causes random number generators to return all zero values due to integer truncation. This affects any Ru...

Dec 31, 2020
CVE-2020-7548
9.8

This vulnerability allows unauthorized users to bypass authentication and gain access to Schneider Electric Smartlink, PowerTag, and Wiser Series Gate...

Dec 1, 2020
CVE-2020-27743
9.8

CVE-2020-27743 is a vulnerability in libtac within pam_tacplus where insufficient randomness checking for session IDs could allow attackers to predict...

Oct 26, 2020
CVE-2020-27633
9.1

CVE-2020-27633 is a vulnerability in FNET 4.6.3 where TCP Initial Sequence Numbers (ISNs) are generated with insufficient randomness, allowing attacke...

Oct 10, 2023
CVE-2020-27635
9.1

CVE-2020-27635 is a vulnerability in PicoTCP 1.7.0 where TCP Initial Sequence Numbers (ISNs) are generated with insufficient randomness, allowing atta...

Oct 10, 2023
CVE-2022-43501
9.1

This vulnerability in the KASAGO TCP/IP stack allows attackers to predict TCP Initial Sequence Numbers (ISNs) due to insufficient randomness. Attacker...

Feb 10, 2023
CVE-2022-26851
9.1

Dell PowerScale OneFS versions 8.2.2 through 9.3.x contain a predictable file name vulnerability that allows unprivileged network attackers to potenti...

Apr 8, 2022
CVE-2022-26320
9.1

This vulnerability allows attackers to efficiently calculate private RSA keys from public TLS certificates by exploiting weak RSA key generation in th...

Mar 14, 2022
CVE-2022-23408
9.1

This vulnerability in wolfSSL allows attackers to decrypt TLS/DTLS traffic when using AES-CBC or DES3 without AEAD protection. It affects systems usin...

Jan 18, 2022
CVE-2022-43636
8.8

This vulnerability allows attackers on the same network to bypass authentication on TP-Link TL-WR940N routers by exploiting predictable session sequen...

Mar 29, 2023
CVE-2023-22746
8.6

This vulnerability allows attackers to forge authentication requests against CKAN instances using default Docker images. It affects users who deployed...

Feb 3, 2023
CVE-2022-31034
8.3

CVE-2022-31034 is a vulnerability in Argo CD's OAuth2/OIDC login flows where insufficiently random values in parameters could allow attackers to poten...

Jun 27, 2022
CVE-2024-25943
7.6

This CVE describes a session hijacking vulnerability in iDRAC9's IPMI interface that allows remote attackers to take over authenticated sessions. Succ...

Jun 29, 2024
CVE-2024-48928
7.5

Piwigo versions 14.x have a weak secret key generation vulnerability during installation. Attackers can brute-force the secret key in about one hour, ...

Feb 24, 2026
CVE-2025-68704
7.5

Jervis versions before 2.2 use java.util.Random() for timing attack mitigation, which is not cryptographically secure. This vulnerability could allow ...

Jan 13, 2026
CVE-2025-13470
7.5

A regression in RNP v0.18.0 causes public-key encrypted session keys to always be all-zero bytes, allowing anyone to decrypt data encrypted with publi...

Nov 21, 2025
CVE-2024-47188
7.5

CVE-2024-47188 is a denial-of-service vulnerability in Suricata's thash implementation where missing random seed initialization allows attackers to pr...

Oct 16, 2024
CVE-2024-41708
7.5

A vulnerability in AdaCore's Ada Web Server (AWS) 20.0 allows attackers to escalate privileges and hijack sessions due to insufficient randomness in t...

Sep 25, 2024
CVE-2020-27213
7.5

This vulnerability in Ethernut Nut/OS allows attackers to predict TCP Initial Sequence Numbers (ISNs) due to insufficient randomness in generation. Th...

Oct 10, 2023
CVE-2023-29332
7.5

This vulnerability in Microsoft Azure Kubernetes Service allows authenticated users to escalate privileges within Kubernetes clusters. Attackers could...

Sep 12, 2023
CVE-2023-41879
7.5

This vulnerability allows unauthenticated attackers to view guest orders in Magento LTS by brute-forcing a 6-character hexadecimal 'protect_code' valu...

Sep 11, 2023
CVE-2023-34353
7.5

This authentication bypass vulnerability in Open Automation Software OAS Platform allows attackers to decrypt sensitive information by sniffing networ...

Sep 5, 2023
CVE-2023-26451
7.5

This vulnerability allows attackers to predict authorization tokens in OX App Suite's oAuth Authorization Service, enabling them to intercept and hija...

Aug 2, 2023
CVE-2023-30797
7.5

This vulnerability in Netflix Lemur allows attackers to guess default credentials due to insufficient randomness in generation. Attackers could gain u...

Apr 19, 2023
CVE-2022-28355
7.5

CVE-2022-28355 is a vulnerability in Scala.js where the randomUUID function generates predictable UUID values instead of cryptographically secure rand...

Apr 2, 2022
CVE-2021-24998
7.5

The Simple JWT Login WordPress plugin before version 3.3.0 uses PHP's str_shuffle function to generate passwords for new user accounts, which creates ...

Dec 27, 2021
CVE-2021-45487
7.5

This vulnerability in NetBSD's IPv4 ID generation algorithm uses predictable values instead of cryptographically secure random numbers. This allows at...

Dec 25, 2021
CVE-2021-0466
7.5

This vulnerability in Android's ClientModeImpl.java allows a proximal attacker to track a device via a unique identifier, leading to remote informatio...

Jun 11, 2021
CVE-2020-13860
7.5

This vulnerability allows attackers to predict the one-time password for the undocumented 'mofidev' system account on affected Mofi routers. Attackers...

Feb 1, 2021
CVE-2022-39216
7.4

CVE-2022-39216 is a vulnerability in Combodo iTop where password reset tokens are generated without sufficient randomness, allowing attackers to predi...

Mar 14, 2023
CVE-2022-26071
7.4

This vulnerability in F5 BIG-IP's Traffic Management Microkernel allows attackers to bypass UDP source port randomization, enabling them to scan open ...

May 5, 2022
CVE-2021-20322
7.4

This Linux kernel vulnerability allows remote attackers to bypass UDP source port randomization by exploiting flaws in ICMP error processing. Attacker...

Feb 18, 2022
CVE-2024-21460
7.1

This vulnerability in Qualcomm chipsets allows information disclosure when Address Space Layout Randomization (ASLR) fails to properly randomize memor...

Jul 1, 2024
CVE-2023-1385
7.1

This vulnerability allows attackers to brute-force PIN codes offline due to improper JPAKE implementation where random values are initialized to known...

May 3, 2023
CVE-2025-22150
6.8

This vulnerability in Undici's multipart/form-data boundary generation allows attackers to predict and tamper with requests when an application sends ...

Jan 21, 2025
CVE-2024-20331
6.8

This vulnerability in Cisco ASA and FTD software allows unauthenticated remote attackers to disrupt VPN authentication sessions by exploiting insuffic...

Oct 23, 2024
CVE-2025-15574
6.5

This vulnerability allows attackers who obtain SolaX device registration numbers to connect to the SolaX Cloud MQTT server and impersonate legitimate ...

Feb 12, 2026
CVE-2025-11723
6.5

This vulnerability allows unauthenticated attackers to generate valid authentication tokens for WordPress sites using the Simply Schedule Appointments...

Jan 6, 2026

About CWE-330 (CWE-330)

Our database tracks 62 CVEs classified as CWE-330, with 21 rated critical and 25 rated high severity. The average CVSS score for CWE-330 vulnerabilities is 7.9.

External reference: View CWE-330 on MITRE CWE →

Monitor CWE-330 Vulnerabilities

Get alerted when new CWE-330 CVEs affect your infrastructure.

Start Monitoring Free