Weaknesses of type CWE-331
82 resultsCVE-2018-9426MEDIUMIn RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs beingEPSS 0.2%CVE-2026-34236HIGHAuth0 PHP SDK Insufficient Entropy in Cookie EncryptionEPSS 0.2%CVE-2024-58040CRITICALCrypt::RandomEncryption for Perl uses insecure rand() function during encryptionEPSS 0.2%CVE-2024-38270MEDIUMAn insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens genEPSS 0.2%CVE-2026-2336HIGHWeak webstax_auth Cookie Authentication Allows Privilege EscalationEPSS 0.2%CVE-2025-50122HIGHA CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the
password generation algorithm is reveEPSS 0.2%CVE-2026-2541MEDIUMMicca KE700 Brute-force vulnerability due to low entropyEPSS 0.2%CVE-2025-62774LOWOn Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps.EPSS 0.2%CVE-2026-2878MEDIUMInsufficient Entropy Vulnerability in Telerik UI for ASP.NET AJAXEPSS 0.2%CVE-2025-59015MEDIUMInsufficient Entropy in Password GenerationEPSS 0.2%CVE-2024-9055MEDIUMDPA Countermeasures need reseedingEPSS 0.2%CVE-2025-1860HIGHData::Entropy for Perl uses insecure rand() function for cryptographic functionsEPSS 0.2%CVE-2025-2814MEDIUMCrypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functionsEPSS 0.2%CVE-2025-13399HIGHInsecure Encryption in Communication with the Web Interface on TP-Link VX800vEPSS 0.2%CVE-2025-14972MEDIUMInsufficient DPA countermeasure reseedingEPSS 0.1%CVE-2026-1814MEDIUMRapid7 Nexpose Insecure Java Keystore Password GenerationEPSS 0.1%CVE-2025-7432LOWDPA countermeasures not reseeded under certain conditionsEPSS 0.1%CVE-2023-49927MEDIUMAn issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2EPSS 0.1%CVE-2025-32898MEDIUMThe KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KEPSS 0.1%CVE-2025-27551MEDIUMDBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Digest.pmEPSS 0.1%