CWE-330

Use of Insufficiently Random Values

No catalog description on file. The MITRE CWE site has the canonical reference.

CVEs (total)

7

Critical

0

High

1

Medium

6

Low

0

Severity distribution

Recent CVEs

showing 7 of 7

CVE-2020-1472Medium· 5.5KEVEXPLOITEPSS 94%22 h ago
Microsoft Netlogon Privilege Escalation Vulnerability
CVE-2026-50009Medium· 4.823 h ago
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and st
CVE-2026-45673Medium· 6.8EPSS 0%23 h ago
Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
maven
CVE-2026-41838Medium· 4.8EPSS 0%1 d ago
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7
CVE-2026-41701Medium· 4.4EPSS 0%2 d ago
Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2
CVE-2026-41207Medium· 5.3EPSS 0%7 d ago
netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures
maven
CVE-2016-9594High· 6.5EPSS 1%2026-04-25
curl/libcurl: uninitialized random
curl

CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.