CWE-330
Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
We have discovered 293 live websites that are affected by CWE-330.
CVEs
- Count - 6
CWE References
Website Distribution by Country
Number of websites using CWE-330 United States | 71 websites |
 Germany | 60 websites |
 France | 43 websites |
 Netherlands | 12 websites |
 Hungary | 9 websites |
 Switzerland | 8 websites |
 GB | 8 websites |
 Poland | 7 websites |
 Austria | 6 websites |
 Australia | 5 websites |
Website Distribution by TLD
Number of websites using CWE-330| .com | 92 websites |
| .de | 36 websites |
| .net | 22 websites |
| .org | 21 websites |
| .fr | 15 websites |
| .nl | 11 websites |
| .eu | 8 websites |
| .at | 7 websites |
| .ch | 6 websites |
| .co.uk | 4 websites |
Newest CVEs
List of the most recent CVEs that are part of CWE-330| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Apr, 2026 | CVE-2026-33710 | Chamilo LMS has Weak REST API Key Generation (Predictable) | 9 |
| Feb, 2026 | CVE-2024-48928 | Piwigo's secret key can be brute forced | 220 |
| Nov, 2025 | CVE-2025-12787 | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation | 52 |
| Dec, 2024 | CVE-2024-12432 | WPC Shop as a Customer for WooCommerce <= 1.2.8 - Authentication Bypass Due to Insufficiently Unique Key | 4 |
| Jun, 2024 | CVE-2024-5149 | BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness | 3 |
| Mar, 2023 | CVE-2022-39216 | Combodo iTop's weak password reset token leads to account takeover | 5 |
The most widespread CVEs
List of the most common CVEs that are part of CWE-330| Discovered | CVE | Description | Websites |
|---|---|---|---|
| Feb, 2026 | CVE-2024-48928 | Piwigo's secret key can be brute forced | 220 |
| Nov, 2025 | CVE-2025-12787 | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation | 52 |
| Apr, 2026 | CVE-2026-33710 | Chamilo LMS has Weak REST API Key Generation (Predictable) | 9 |
| Mar, 2023 | CVE-2022-39216 | Combodo iTop's weak password reset token leads to account takeover | 5 |
| Dec, 2024 | CVE-2024-12432 | WPC Shop as a Customer for WooCommerce <= 1.2.8 - Authentication Bypass Due to Insufficiently Unique Key | 4 |
| Jun, 2024 | CVE-2024-5149 | BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness | 3 |
Websites affected by CWE-330
Top websites that are affected by CWE-330. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.de | Germany | ***,*** | |
| *********.com | United States | *,***,*** | |
| ******.*********.com | Germany | *,***,*** | |
| *******.**.**.ke |  Kenya | *,***,*** | |
| **.******.gt | United States | *,***,*** | |
| **********.******.eu | France | *,***,*** | |
| **********.fr | France | *,***,*** | |
| ***********.com | France | *,***,*** | |
| *****.******.su |  Russia | *,***,*** | |
| **************.at | Germany | *,***,*** |