CVE & CISA-KEV Catalog

362,600 CVEs1,630 actively exploited (KEV)AboutAPI
Active:
  • CVSS 7.1 v4·EPSS 0.1%·No fix yet

    SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing). DPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains code execution capability on the impacted device. * Therefore, the keys loaded on SYMCRYPTO may be more vulnerable to extraction through DPA attacks than intended

    Published 2026-06-25

  • CVSS 7.5 v3·EPSS 0.4%·No fix yet

    Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

    Published 2026-05-21

  • CVSS 7.3 v3·EPSS 0.4%·No fix yet

    Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

    Published 2026-05-15

  • CVSS 7.5 v3·EPSS 0.3%·No fix yet

    Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

    Published 2026-05-15

  • CVSS 9.3 v4·EPSS 0.3%·No fix yet

    Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, the XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG). All inputs to the MD5 hash are time-derived and non-secure. Because the resulting digest relies entirely on the timestamp and the PHP internal LCG state, the effective entropy is severely constrained. This violates the OWASP ASVS v4 requirement of ≥ 64 bits of entropy (V3.2.2) and NIST SP 800-63B standards. By narrowing the LCG window (via server state leaks or general predictability) and leveraging the lack of

    Published 2026-05-15

  • CVSS 4.1 v4·EPSS 0.1%·No fix yet

    * Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. * KSU keys using SYMCRYPTO will be impacted by this vulnerability.

    Published 2026-05-15

  • CVSS 7.5 v3·EPSS 0.8%·Fix available

    `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.

    Published 2026-05-15

  • CVSS 8.7 v4·EPSS 0.3%·No fix yet

    CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.

    Published 2026-05-12

  • CVSS 2.9 v3·EPSS 0.4%·Fix available

    libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

    Published 2026-04-29

  • CVSS -·EPSS 0.2%·No fix yet

    A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.

    Published 2026-04-16

  • CVSS 8.2 v3·EPSS 0.2%·Fix available

    Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. This issue has been patched in version 8.19.0.

    Published 2026-04-01

  • CVSS 5.3 v3·EPSS 0.2%·Fix available

    In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.

    Published 2026-02-25

  • CVSS 4.8 v3·EPSS 0.2%·No fix yet

    An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.

    Published 2026-02-18

  • CVSS -·EPSS 0.2%·No fix yet

    The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code. Successful exploitation simplify an attacker to predict the next valid rolling code, granting unauthorized access to the vehicle.

    Published 2026-02-15

  • CVSS -·EPSS 0.1%·No fix yet

    DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack.

    Published 2026-02-09

  • CVSS -·EPSS 0.1%·No fix yet

    Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword() method. When updating legacy keystore passwords, the application generates a new password with insufficient length (7-12 characters) and a static prefix 'p', resulting in a weak keyspace. An attacker with access to the nsc.ks file can brute-force this password using consumer-grade hardware to decrypt stored credentials.

    Published 2026-02-03

  • CVSS 8.8 v3·EPSS 0.2%·Fix available

    A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.

    Published 2026-01-29

  • CVSS 7.5 v3·EPSS 0.2%·No fix yet

    RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in the SM2 Public Key Encryption (PKE) implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. This reduces the security of the encryption from a 128-bit level to a trivial 16-bit level, allowing a practical attack to recover the nonce k and decrypt any ciphertext given only the public key and ciphertext. This issue has been patched via co

    Published 2026-01-10

  • CVSS 9.8 v3·EPSS 0.6%·No fix yet

    Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization.

    Published 2026-01-06

  • CVSS 8.8 v3·EPSS 0.3%·No fix yet

    VPN Firewall developed by QNO Technology has a Insufficient Entropy vulnerability, allowing unauthenticated remote attackers to obtain any logged-in user session through brute-force attacks and subsequently log into the system.

    Published 2025-12-31

  • CVSS 9.1 v3·EPSS 0.4%·Fix available

    WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.

    Published 2025-12-09

  • CVSS 9.8 v3·EPSS 0.4%·No fix yet

    Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID "00000000-0000-0000-0000-000000000000". The vulnerability occurs through two related but distinct failure paths, both ultimately caused by crypto/rand.Read() failures, compromising the security of all Fiber applications using these functions for security-critical operations. This issue is fixed in version 2.0.0-rc.4.

    Published 2025-12-09

  • CVSS 7.1 v3·EPSS 0.3%·No fix yet

    The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack.

    Published 2025-12-08

  • CVSS 4.7 v3·EPSS 0.1%·Fix available

    The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.

    Published 2025-12-05

  • CVSS 3.1 v3·EPSS 0.2%·No fix yet

    On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps.

    Published 2025-10-22

  • CVSS 9.1 v3·EPSS 0.2%·No fix yet

    Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.

    Published 2025-09-30

  • CVSS 6.5 v3·EPSS 0.2%·Fix available

    A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.

    Published 2025-09-09

  • CVSS -·EPSS 0.4%·No fix yet

    Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime (defaulted to 2048 bits). The client public value is being generated from a private value that is 4 bits below the specification. This reduces the protocol's designed security margin it is now practically exploitable. The servers full sized 2048 bit random number is used to create the shared session key and password proof. This is fixed in version 2.0.1.

    Published 2025-08-07

  • CVSS -·EPSS 0.2%·No fix yet

    A CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts.

    Published 2025-07-11

  • CVSS 3.7 v3·EPSS 1.6%·No fix yet

    A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the component Root Password Generation Handler. The manipulation leads to insufficient entropy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

    Published 2025-06-30

  • CVSS 8.3 v3·EPSS 0.4%·Fix available

    Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some platforms, leading to possible low-entropy key generation. When users with an affected key pair sent Direct Messages, those message could be captured and decrypted by an attacker that has compiled the list of compromised keys. This issue has been patched in version 2.6.11 where key generation is delayed til the first time the LoRa region is set, along with warning users when a compromised key is detected. Version 2.6.12 furthers this patch by automatically wiping known compromised keys when found.

    Published 2025-06-19

  • CVSS 9.8 v3·EPSS 0.5%·No fix yet

    Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the authentication. A token that consists of 6 digits only presents weak entropy however and when coupled with no token brute force protection, makes it possible for an unauthenticated attacker with knowledge of a valid email address to successfully brute force the token within 15 minutes (token expiration time) and take over the account associated with the targeted email address. All users on the Rallly applications are impacted. As long as an attacker knows the user's email address they used to register o

    Published 2025-05-14

  • CVSS 8.1 v3·EPSS 0.4%·No fix yet

    Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

    Published 2025-05-03

  • CVSS 4.0 v3·EPSS 0.2%·Fix available

    Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to use the insecure rand() function.

    Published 2025-04-13

  • CVSS 6.5 v3·EPSS 0.3%·No fix yet

    Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

    Published 2025-04-05

  • CVSS 5.5 v3·EPSS 0.3%·No fix yet

    WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

    Published 2025-04-05

  • CVSS 5.5 v3·EPSS 0.2%·Fix available

    Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

    Published 2025-04-05

  • CVSS 5.5 v3·EPSS 0.3%·No fix yet

    Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

    Published 2025-04-05

  • CVSS 7.7 v3·EPSS 0.2%·Fix available

    Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

    Published 2025-03-28

  • CVSS 4.0 v3·EPSS 0.1%·Fix available

    DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032.

    Published 2025-03-26

  • CVSS 4.0 v3·EPSS 0.1%·Fix available

    DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032.

    Published 2025-03-26

  • CVSS 7.5 v3·EPSS 0.3%·No fix yet

    Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a bruteforce attack. Attackers are able to leverage this vulnerability into creating crafted LLDP packets.

    Published 2025-03-24

  • CVSS 4.2 v3·EPSS 0.2%·No fix yet

    The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack.

    Published 2025-03-17

  • CVSS 8.8 v3·EPSS 0.4%·No fix yet

    Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider. In particular, Windows versions of perl will encounter this issue by default.

    Published 2025-03-11

  • CVSS 7.5 v3·EPSS 0.8%·No fix yet

    Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information.

    Published 2025-01-07

  • CVSS 7.5 v3·EPSS 0.2%·No fix yet

    In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard.

    Published 2024-12-02

  • CVSS 6.8 v3·EPSS 0.6%·No fix yet

    A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to prevent users from authenticating. This vulnerability is due to insufficient entropy in the authentication process. An attacker could exploit this vulnerability by determining the handle of an authenticating user and using it to terminate their authentication session. A successful exploit could allow the attacker to force a user to restart the authentication process, preventing a legitimate user from establishing remote access VPN sessions.

    Published 2024-10-23

  • CVSS 9.8 v3·EPSS 0.9%·Fix available

    The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions. This is not only due to the use of an (insecure) rand() function call but also because of missing initialization via srand(). As a result only the PIDs are effectively used as seed.

    Published 2024-10-15

  • CVSS 8.2 v3·EPSS 0.3%·Fix available

    The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to the end user's primary network. The only requirement of the attack is proximity to the dedicated wireless network.

    Published 2024-10-03

  • CVSS 5.3 v3·EPSS 0.6%·Fix available

    Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an attacker to guess the shared secret and generate valid TOTP codes.

    Published 2024-09-17

Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.