Login Sign Up

CWE-331: CWE-331

38
Total CVEs
11
Critical
17
High
7.9
Avg CVSS

Yearly Trend

2026
4
2025
13
2024
9
2023
4
2022
4

Top Affected Vendors

1 Dell 3
2 Broadcom 2
3 Timlegge 1
4 Schneider Electric 1
5 Eufy 1
6 Google 1
7 Tinfoilsecurity 1
8 Viz 1
9 Thalesgroup 1
10 Typo3 1

All CWE-331 CVEs (38)

CVE-2025-47781
9.8

CVE-2025-47781 allows unauthenticated attackers to brute-force 6-digit authentication tokens in Rallly's email-based login system. With knowledge of a...

May 14, 2025
CVE-2024-25730
9.8

This vulnerability allows attackers to easily guess the default pre-shared keys (PSKs) on Hitron CODA-4582 and CODA-4589 cable modem/router devices du...

Feb 23, 2024
CVE-2023-49599
9.8

This vulnerability allows attackers to forge password recovery codes for admin users in WWBN AVideo by exploiting weak salt generation. Attackers can ...

Jan 10, 2024
CVE-2023-4344
9.8

This vulnerability in Broadcom RAID Controller web interface allows attackers to predict SSL/TLS session keys due to insufficient randomness when esta...

Aug 15, 2023
CVE-2021-36294
9.8

CVE-2021-36294 is an authentication bypass vulnerability in Dell VNX2 OE for File versions 8.1.21.266 and earlier. A remote attacker can forge a cooki...

Jan 25, 2022
CVE-2021-22727
9.8

This vulnerability allows attackers to gain unauthorized access to Schneider Electric EVlink charging station web servers due to insufficient entropy ...

Jul 21, 2021
CVE-2021-33027
9.8

Sylabs Singularity Enterprise through version 1.6.2 uses insufficient entropy when generating nonces, making them predictable. This allows attackers t...

Jul 19, 2021
CVE-2024-36400
9.4

The nano-id Rust crate incorrectly generates IDs with reduced character sets in base62 and base58 functions, significantly lowering entropy. This make...

Jun 4, 2024
CVE-2025-67504
9.1

WBCE CMS versions 1.6.4 and below use PHP's non-cryptographically secure rand() function to generate passwords, making them predictable. Attackers can...

Dec 9, 2025
CVE-2024-58040
9.1

CVE-2024-58040 is a critical vulnerability in Crypt::RandomEncryption for Perl version 0.01 that uses the insecure rand() function for cryptographic o...

Sep 30, 2025
CVE-2024-3411
9.1

This vulnerability allows attackers to hijack IPMI authenticated sessions by exploiting insufficient randomness in session IDs or BMC random numbers. ...

Apr 30, 2024
CVE-2025-15387
8.8

QNO Technology VPN Firewall devices have an insufficient entropy vulnerability that allows unauthenticated remote attackers to brute-force logged-in u...

Dec 31, 2025
CVE-2025-1828
8.8

The Crypt::Random Perl package versions 1.05 through 1.55 may use the non-cryptographically secure rand() function for cryptographic operations when p...

Mar 11, 2025
CVE-2025-52464
8.3

This vulnerability in Meshtastic firmware allows attackers to decrypt direct messages when they have compiled a list of compromised cryptographic keys...

Jun 19, 2025
CVE-2023-37822
8.2

This vulnerability allows attackers within wireless range of a Eufy Homebase 2 device to brute-force the WPA2-PSK password within seconds due to flawe...

Oct 3, 2024
CVE-2023-3325
8.1

The CMS Commander WordPress plugin up to version 2.287 contains an authorization bypass vulnerability due to insufficient cryptographic signature vali...

Jun 20, 2023
CVE-2024-6508
8.0

This CVE describes an OAuth2 CSRF vulnerability in the OpenShift Console where insufficient entropy in state parameters allows attackers to log into a...

Aug 21, 2024
CVE-2025-1860
7.7

CVE-2025-1860 is a cryptographic weakness in Data::Entropy Perl module versions 0.007 and earlier, where the default entropy source uses Perl's non-cr...

Mar 28, 2025
CVE-2018-9426
7.5

CVE-2018-9426 is a cryptographic vulnerability in Android's RSA key pair generator that could produce weak RSA keys. This allows attackers to potentia...

Dec 2, 2024
CVE-2024-25407
7.5

SteVe v3.6.0 uses predictable transaction IDs when processing StartTransaction requests, allowing attackers to predict and terminate other users' char...

Feb 13, 2024
CVE-2023-31176
7.5

An insufficient entropy vulnerability in Schweitzer Engineering Laboratories SEL-451 devices allows unauthenticated remote attackers to brute-force se...

Nov 30, 2023
CVE-2022-33738
7.5

OpenVPN Access Server versions before 2.11 use a weak random generator to create user session tokens for the web portal. This vulnerability allows att...

Jul 6, 2022
CVE-2022-33756
7.5

CVE-2022-33756 is an entropy weakness vulnerability in CA Automic Automation Engine that could allow remote attackers to potentially access sensitive ...

Jun 16, 2022
CVE-2021-36320
7.5

Dell Networking X-Series switches with firmware versions before 3.0.1.8 contain an authentication bypass vulnerability. Remote attackers can forge ses...

Nov 20, 2021
CVE-2021-42138
7.2

CVE-2021-42138 is an entropy weakness vulnerability in SafeNet Agent for Windows Logon that allows a local user to decrypt and access encrypted creden...

Dec 20, 2021
CVE-2025-14261
7.1

CVE-2025-14261 is an authentication bypass vulnerability in Litmus platform where JWT tokens are signed with an extremely weak 6-byte secret, making t...

Dec 8, 2025
CVE-2022-43755
7.1

CVE-2022-43755 is an insufficient entropy vulnerability in SUSE Rancher that allows attackers who have previously obtained a cattle-token to continue ...

Feb 7, 2023
CVE-2020-29505
7.1

CVE-2020-29505 is a key management vulnerability in Dell BSAFE cryptographic libraries that could allow attackers to compromise cryptographic operatio...

Jul 11, 2022
CVE-2025-59015
6.5

This vulnerability in TYPO3 CMS's password generation component uses a predictable three-character prefix, reducing randomness and making brute-force ...

Sep 9, 2025
CVE-2024-56370
6.5

Net::Xero 0.044 and earlier for Perl uses non-cryptographically secure random number generation via Perl's rand() function through the Data::Random li...

Apr 5, 2025
CVE-2024-58036
5.5

Net::Dropbox::API 1.9 and earlier for Perl uses non-cryptographically secure random number generation via Perl's rand() function through the Data::Ran...

Apr 5, 2025
CVE-2024-8796
5.3

Devise-Two-Factor versions 2.2.0 through 5.x generate TOTP shared secrets with insufficient entropy (120 bits instead of required 128 bits), making tw...

Sep 17, 2024
CVE-2024-9055
4.2

Silicon Labs Series 2 devices have insufficient DPA countermeasures that fail to periodically reseed cryptographic operations, potentially allowing at...

Mar 17, 2025
CVE-2025-27551
4.0

DBIx::Class::EncodedColumn uses the non-cryptographically secure rand() function to generate salts for password hashes, potentially allowing attackers...

Mar 26, 2025
CVE-2025-7432
N/A

This vulnerability in Silicon Labs Series 2 devices allows attackers to perform Differential Power Analysis (DPA) attacks to extract cryptographic key...

Feb 9, 2026
CVE-2026-1814
N/A

A security vulnerability exists in Rapid7 Nexpose, though specific details are currently limited. The vulnerability is related to CWE-331 (Insufficien...

Feb 3, 2026
CVE-2025-13399
N/A

A vulnerability in the TP-Link VX800v v1.0 web interface allows attackers on the same network to brute-force weak AES encryption keys and decrypt inte...

Jan 29, 2026
CVE-2026-22698
N/A

A critical vulnerability in RustCrypto's SM2 Public Key Encryption implementation generates ephemeral nonces with only 32 bits of entropy instead of t...

Jan 10, 2026

About CWE-331 (CWE-331)

Our database tracks 38 CVEs classified as CWE-331, with 11 rated critical and 17 rated high severity. The average CVSS score for CWE-331 vulnerabilities is 7.9.

External reference: View CWE-331 on MITRE CWE →

Monitor CWE-331 Vulnerabilities

Get alerted when new CWE-331 CVEs affect your infrastructure.

Start Monitoring Free