Weaknesses of type CWE-341
12 resultsCVE-2019-6563—Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, whEPSS 1.7%CVE-2020-1731CRITICALA flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random adminEPSS 1.3%CVE-2018-17917—All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potentiEPSS 1.3%CVE-2020-5365MEDIUMDell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundEPSS 1.0%CVE-2024-10141MEDIUMjsbroks COCO Annotator Session predictable stateEPSS 0.8%CVE-2021-4277LOWfredsmith utils Filename screenshot_sync predictable stateEPSS 0.5%CVE-2025-48461MEDIUMWeak Session Cookie EntropyEPSS 0.4%CVE-2025-40780HIGHCache poisoning due to weak PRNGEPSS 0.4%CVE-2026-42365HIGHGeoVision LPC2011/LPC2211 Web Interface guessable session cookie vulnerabilityEPSS 0.3%CVE-2023-49259HIGHBruteforcing authentication cookie for a given userEPSS 0.3%CVE-2025-42925MEDIUMPredictable Object Identifier vulnerability in SAP NetWeaver AS Java (IIOP Service)EPSS 0.2%CVE-2026-36609HIGHMercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static authentication nonce that does not change between requests froEPSS 0.2%