CWE-337
12 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-337page 1 of 1
- CVE-2016-15006LOWCVSS 3.7EG 5.32023-01-02
A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in …
- CVE-2020-28597HIGHCVSS 7.5EG 7.52021-03-03
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset …
- CVE-2022-26852HIGHCVSS 8.1EG 9.82022-04-08
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise.
- CVE-2022-40267MEDIUMCVSS 5.9EG 9.12023-01-20
Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior…
- CVE-2023-49343MEDIUMCVSS 6.0EG 6.02023-12-14
Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers m…
- CVE-2024-22194LOWCVSS 2.2EG 2.22024-01-11
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and …
- CVE-2024-7558HIGHCVSS 8.7EG 8.72024-10-02
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the J…
- CVE-2025-20613LOWCVSS 3.3EG 3.32025-08-12
Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-55069HIGHCVSS 8.3EG 8.32025-09-23
A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-rand…
- CVE-2025-62710MEDIUMCVSS 5.9EG 5.92025-10-22
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.…
- CVE-2025-7770HIGHCVSS 8.7EG 0.02025-08-06
Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When c…
- CVE-2026-25235HIGHCVSS 7.5EG 7.52026-02-03
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without aut…
Map vulnerabilities like CWE-337 to your infrastructure
EchelonGraph correlates every CVE — across CWE-337 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →