CWE-330(Use of Insufficiently Random Values)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
來自 CWE 目錄的擴展上下文(由 MITRE XHTML 渲染)。
| 類型 | 名稱 | 類 | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| technology | — | Not Technology-Specific | Undetermined | — |
下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。
| CVE | 公開時間 | 摘要 |
|---|---|---|
| CVE-2026-46351 | 2026-07-16 | BigBlueButton is an open-source virtual classroom. Prior to 3.0.21, bbb-web generated conference sessionToken values with insufficiently secure randomness in bbb-common-web/src/main/java/org/bigbluebu… |
| CVE-2026-47703 | 2026-07-15 | AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by prod… |
| CVE-2026-14702 | 2026-07-05 | A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-sea… |
| CVE-2026-14570 | 2026-07-04 | Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit … |
| CVE-2026-57082 | 2026-06-30 | Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE (Message Stream Encryption) handshake derives its 160-bit Diffie-Hel… |
| CVE-2026-11374 | 2026-06-23 | In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, le… |
| CVE-2026-50009 | 2026-06-12 | Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the… |
| CVE-2026-45673 | 2026-06-12 | Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating … |
| CVE-2026-41701 | 2026-06-09 | Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0… |
| CVE-2026-41838 | 2026-06-09 | IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versio… |
| CVE-2026-41207 | 2026-06-04 | The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zeros and has no way to disting… |
| CVE-2026-50208 | 2026-06-04 | High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic. |
| CVE-2026-44054 | 2026-05-21 | Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect me… |
| CVE-2026-42155 | 2026-05-15 | Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pri… |
| CVE-2026-41505 | 2026-05-07 | RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() functio… |
| CVE-2026-7847 | 2026-05-05 | A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_route… |
| CVE-2026-40975 | 2026-04-27 | Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values wit… |
| CVE-2026-40496 | 2026-04-20 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + si… |
| CVE-2026-40306 | 2026-04-17 | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect… |
| CVE-2026-33710 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, 10000)). The rand(10000, 10000) call always ret… |
| 日期 | 名稱 | 版本 | 重要性 | 評論 |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Background_Details, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities |
| 2008-11-24 | CWE Content Team | 1.1 | — | updated Relationships, Taxonomy_Mappings |
| 2009-01-12 | CWE Content Team | 1.2 | — | updated Description, Likelihood_of_Exploit, Other_Notes, Potential_Mitigations, Relationships |
| 2009-03-10 | CWE Content Team | 1.3 | — | updated Potential_Mitigations |
| 2009-05-27 | CWE Content Team | 1.4 | — | updated Demonstrative_Examples, Related_Attack_Patterns |
| 2009-12-28 | CWE Content Team | 1.7 | — | updated Applicable_Platforms, Common_Consequences, Description, Observed_Examples, Potential_Mitigations, Time_of_Introduction |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated References, Relationships, Taxonomy_Mappings |
| 2010-04-05 | CWE Content Team | 1.8.1 | — | updated Related_Attack_Patterns |
| 2010-06-21 | CWE Content Team | 1.9 | — | updated Detection_Factors, Potential_Mitigations |
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Demonstrative_Examples |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences, Relationships, Taxonomy_Mappings |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Relationships |
| 2011-09-13 | CWE Content Team | 2.1 | — | updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Demonstrative_Examples, Observed_Examples, References, Relationships |
| 2014-02-18 | CWE Content Team | 2.6 | — | updated Related_Attack_Patterns |
| 2014-06-23 | CWE Content Team | 2.7 | — | updated Related_Attack_Patterns |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Detection_Factors |
| 2015-12-07 | CWE Content Team | 2.9 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Functional_Areas, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings |
| 2018-03-27 | CWE Content Team | 3.1 | — | updated References |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Relationships, Taxonomy_Mappings |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Applicable_Platforms, Description, Relationships |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Maintenance_Notes, Relationships |
| 2021-07-20 | CWE Content Team | 4.5 | — | updated Demonstrative_Examples, Maintenance_Notes, Observed_Examples |
| 2021-10-28 | CWE Content Team | 4.6 | — | updated Relationships |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated Observed_Examples, Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Common_Consequences, Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated References, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes, Relationships |
| 2023-10-26 | CWE Content Team | 4.13 | — | updated Observed_Examples |
| 2024-02-29 | CWE Content Team | 4.14 | — | updated Mapping_Notes |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated Description, Detection_Factors, Diagram, References |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Relationships |
| 2026-04-30 | CWE Content Team | 4.20 | — | updated Potential_Mitigations |