Skip to main content

CWE-337

Predictable Seed in Pseudo-Random Number Generator (PRNG)

8 CVEs Avg CVSS 7.5 MITRE
1
CRITICAL
6
HIGH
0
MEDIUM
1
LOW
2
POC
0
KEV

Monthly

CVE-2026-26018 Go HIGH POC PATCH This Week

Coredns versions up to 1.14.2 contains a vulnerability that allows attackers to crash the DNS server by sending specially crafted DNS queries (CVSS 7.5).

Denial Of Service Coredns
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25235 HIGH This Week

Pearweb versions up to 1.33.0 contains a vulnerability that allows attackers to guess verification tokens and potentially verify election account requests witho (CVSS 7.5).

PHP Pearweb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-55069 HIGH This Month

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-20613 LOW Monitor

Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel
NVD
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-7770 HIGH This Month

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-7558 Go HIGH POC PATCH This Week

JUJU_CONTEXT_ID is a predictable authentication secret. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kubernetes Juju
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2023-49343 HIGH This Week

Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Budgie Extras
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-26852 CRITICAL Act Now

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
9.8
EPSS
1.2%
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Coredns versions up to 1.14.2 contains a vulnerability that allows attackers to crash the DNS server by sending specially crafted DNS queries (CVSS 7.5).

Denial Of Service Coredns
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Pearweb versions up to 1.33.0 contains a vulnerability that allows attackers to guess verification tokens and potentially verify election account requests witho (CVSS 7.5).

PHP Pearweb
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Month

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 2.0
LOW Monitor

Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel
NVD
EPSS 0% CVSS 8.7
HIGH This Month

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
EPSS 1% CVSS 8.0
HIGH POC PATCH This Week

JUJU_CONTEXT_ID is a predictable authentication secret. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kubernetes Juju
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Budgie Extras
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy