Skip to main content

CWE-1241

Use of Predictable Algorithm in Random Number Generator

6 CVEs Avg CVSS 6.1 MITRE
0
CRITICAL
2
HIGH
4
MEDIUM
0
LOW
3
POC
0
KEV

Monthly

CVE-2026-6420 PyPI MEDIUM PATCH GHSA This Month

Keylime verifier uses a hardcoded challenge nonce instead of cryptographically random values for TPM quote attestation, allowing local attackers with root access on enrolled machines to capture valid quotes and replay them to bypass detection after system compromise. The vulnerability affects only push-model deployments and requires root privileges on the monitored endpoint; exploitation enables information disclosure and system integrity evasion with CVSS 6.3 severity.

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 9
NVD VulDB GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-13079 MEDIUM This Month

mobile friendly marketing popups. versions up to 4.4.2. contains a security vulnerability (CVSS 5.3).

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-32056 MEDIUM This Month

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. [CVSS 4.0 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2023-4695 HIGH POC This Week

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Pkb Lib
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-3692 PHP MEDIUM POC PATCH This Month

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Yii
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-3689 PHP HIGH POC PATCH This Week

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Yii
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Keylime verifier uses a hardcoded challenge nonce instead of cryptographically random values for TPM quote attestation, allowing local attackers with root access on enrolled machines to capture valid quotes and replay them to bypass detection after system compromise. The vulnerability affects only push-model deployments and requires root privileges on the monitored endpoint; exploitation enables information disclosure and system integrity evasion with CVSS 6.3 severity.

Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 9
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

mobile friendly marketing popups. versions up to 4.4.2. contains a security vulnerability (CVSS 5.3).

WordPress PHP
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. [CVSS 4.0 MEDIUM]

Authentication Bypass
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Pkb Lib
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Yii
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Yii
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy