VYPR

CWE-330

Use of Insufficiently Random Values

ClassStableLikelihood: High

Description

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-112 · CAPEC-485 · CAPEC-59

CVEs mapped to this weakness (149)

page 5 of 8
  • CVE-2015-2913MedDec 31, 2015
    risk 0.31cvss 5.9epss 0.02

    server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote…

  • CVE-2026-41701MedJun 10, 2026
    risk 0.29cvss 4.4epss 0.00

    Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.

  • CVE-2017-16028MedJun 4, 2018
    risk 0.28cvss 5.3epss 0.01

    react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).

  • CVE-2026-41207MedJun 4, 2026
    risk 0.27cvss 5.3epss 0.00

    The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for…

  • CVE-2026-34511MedApr 3, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling…

  • CVE-2025-12787MedNov 11, 2025
    risk 0.27cvss 5.3epss 0.00

    The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhb_meeting_form_submit_callback" function using insufficiently…

  • CVE-2017-12361MedNov 30, 2017
    risk 0.26cvss 4.0epss 0.00

    A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to…

  • CVE-2026-41838MedJun 9, 2026
    risk 0.24cvss 4.8epss 0.00

    IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through…

  • CVE-2025-15603LowMar 9, 2026
    risk 0.24cvss 3.7epss 0.00

    A security vulnerability has been detected in open-webui up to 0.6.16. Affected is an unknown function of the file backend/start_windows.bat of the component JWT Key Handler. Such manipulation of the argument WEBUI_SECRET_KEY leads to insufficiently random values. It is possible…

  • CVE-2026-2966LowFeb 23, 2026
    risk 0.24cvss 3.7epss 0.00

    A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The…

  • CVE-2025-10671LowSep 18, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token Handler. The manipulation leads to…

  • CVE-2025-6931LowJun 30, 2025
    risk 0.24cvss 3.7epss 0.02

    A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the component Root Password Generation Handler. The manipulation leads to…

  • CVE-2026-7847LowMay 5, 2026
    risk 0.17cvss 2.6epss 0.00

    A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results…

  • CVE-2025-1953LowMar 4, 2025
    risk 0.17cvss 2.6epss 0.00

    A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently…

  • CVE-2019-5420Mar 27, 2019
    risk 0.10cvss epss 0.92

    A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code…

  • CVE-2026-28415Feb 27, 2026
    risk 0.00cvss epss 0.00

    Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the _redirect_to_target() function in Gradio's OAuth flow accepts an unvalidated _target_url query parameter, allowing redirection to arbitrary external URLs. This affects the /logout…

  • CVE-2026-23999Feb 26, 2026
    risk 0.00cvss epss 0.00

    Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could…

  • CVE-2025-68704Jan 13, 2026
    risk 0.00cvss epss 0.00

    Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2.

  • CVE-2025-13353Dec 2, 2025
    risk 0.00cvss epss 0.00

    In gokey versions <0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The…

  • CVE-2025-43866Jun 12, 2025
    risk 0.00cvss epss 0.00

    vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This…