Hp Security Vulnerabilities (CVEs)
Track 153 security vulnerabilities affecting Hp products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
Microsoft Teams Admin Center may write sensitive data to log files when administrators make device configuration changes. Only users with admin creden...
Dec 16, 2025This vulnerability allows attackers to execute files outside of restricted paths in HP System Event Utility and Omen Gaming Hub software. It affects u...
Dec 9, 2025A local privilege escalation vulnerability exists in HP Image Assistant versions before 5.3.3 due to a race condition during package installation. Thi...
Dec 3, 2025This vulnerability in HP Client Management Script Library allows attackers to escalate privileges during software installation. It affects systems run...
Nov 3, 2025HP ThinPro 8.1's system management application fails to properly verify user identities, allowing attackers to bypass authentication mechanisms. This ...
Oct 28, 2025This vulnerability allows unauthorized users to view files in the file system through a GUI dialog in affected applications. It affects systems runnin...
Oct 28, 2025A vulnerability in Poly Lens Desktop for Windows allows local attackers to modify filesystem permissions, potentially leading to SYSTEM privilege esca...
Sep 9, 2025This vulnerability involves HP Linux Imaging and Printing Software using a weak DSA signing key for code signing, which could allow attackers to forge...
Jul 28, 2025A stored cross-site scripting (XSS) vulnerability in Poly Clariti Manager versions before 10.12.1 allows attackers to inject malicious scripts that ex...
Jul 23, 2025This vulnerability allows attackers to bypass the XSS filter in Poly Clariti Manager, potentially enabling cross-site scripting attacks. Users of Poly...
Jul 23, 2025A reflected cross-site scripting vulnerability in Poly Clariti Manager allows attackers to inject malicious scripts via user input that gets executed ...
Jul 23, 2025A SQL injection vulnerability in Poly Clariti Manager versions before 10.12.1 allows privileged users to execute arbitrary SQL commands. This could le...
Jul 22, 2025A command injection vulnerability in Poly Clariti Manager versions before 10.12.2 allows privileged users to execute arbitrary commands on the system....
Jul 22, 2025CVE-2025-43019 is a local privilege escalation vulnerability in HP Support Assistant that allows authenticated attackers to delete arbitrary files, po...
Jul 8, 2025A buffer overflow vulnerability in HP Universal Print Driver versions 7.4 and older could allow attackers to cause denial of service by crashing the p...
Jul 2, 2025A local privilege escalation vulnerability in HP Support Assistant allows attackers to write arbitrary files, potentially gaining elevated system priv...
Jun 5, 2025This vulnerability allows attackers to cause denial of service on HP LaserJet MFP M232-M237 printers by sending specially crafted IPP requests. Organi...
Mar 14, 2025This vulnerability allows attackers to execute arbitrary code with elevated privileges on affected HP printers by sending malicious PostScript print j...
Feb 14, 2025This vulnerability allows attackers to execute arbitrary code and gain elevated privileges on affected HP printers by sending malicious PostScript pri...
Feb 14, 2025A command injection vulnerability exists in certain Poly video conferencing devices due to improper input sanitization. This flaw could allow authenti...
Nov 5, 2024This vulnerability in certain HP DesignJet printers allows attackers to view SMTP server credentials through credential reflection. Attackers could po...
Oct 15, 2024HP Security Manager contains a critical remote code execution vulnerability (CWE-94: Code Injection) in its open-source libraries. Attackers can execu...
Aug 27, 2024This vulnerability in Poly Clariti Manager firmware allows attackers to bypass access controls due to improper implementation. Attackers could gain un...
Aug 7, 2024Multiple unauthenticated Denial-of-Service vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Attackers can exploit these vul...
Aug 6, 2024Multiple unauthenticated Denial-of-Service vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation allows ...
Aug 6, 2024Multiple unauthenticated Denial-of-Service vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Attackers can...
Aug 6, 2024This vulnerability in the Soft AP Daemon Service allows unauthenticated remote attackers to execute arbitrary commands on affected systems, leading to...
Aug 6, 2024This vulnerability allows cross-site scripting (XSS) attacks against Poly Clariti Manager devices. Attackers can inject malicious scripts into web pag...
Aug 6, 2024This vulnerability in Poly Clariti Manager devices allows attackers to execute arbitrary code by exploiting improper input sanitization. It affects or...
Aug 6, 2024CVE-2024-22442 is an authentication bypass vulnerability in HPE products that allows remote attackers to gain unauthorized access without valid creden...
Jul 16, 2024This vulnerability allows local attackers to escalate privileges on systems running Poly Plantronics Hub by exploiting a symbolic link flaw in the Spo...
Jun 20, 2024This vulnerability allows device administrators to change SMTP server settings without re-entering credentials, potentially exposing original SMTP cre...
May 23, 2024HP LaserJet Pro printers are vulnerable to cross-site scripting (XSS) attacks through their web management interface. This allows attackers to inject ...
May 23, 2024An authenticated sensitive information disclosure vulnerability in the CLI service accessed via PAPI protocol allows attackers to read arbitrary files...
May 14, 2024Unauthenticated attackers can cause Denial of Service (DoS) by exploiting vulnerabilities in the CLI service accessed via the PAPI protocol in Aruba/H...
May 14, 2024This CVE describes authenticated command injection vulnerabilities in HPE Aruba Networking products that allow attackers with CLI access to execute ar...
May 14, 2024Unauthenticated attackers can cause Denial of Service (DoS) in Aruba Central Communications service via PAPI protocol, disrupting normal operations. T...
May 14, 2024This critical vulnerability in Aruba access points allows unauthenticated attackers to execute arbitrary commands with root privileges by sending mali...
May 14, 2024This vulnerability allows attackers to delete arbitrary files on Aruba Access Points through the Central Communications service via PAPI. Successful e...
May 14, 2024CVE-2024-31469 is a critical buffer overflow vulnerability in Aruba's Central Communications service that allows unauthenticated attackers to execute ...
May 14, 2024CVE-2024-31471 is a critical command injection vulnerability in Aruba's Central Communications service that allows unauthenticated attackers to execut...
May 14, 2024This critical vulnerability allows unauthenticated attackers to execute arbitrary code with privileged access on Aruba access points by sending specia...
May 14, 2024CVE-2024-31466 is a critical buffer overflow vulnerability in Aruba's Access Point management protocol (PAPI) that allows unauthenticated attackers to...
May 14, 2024This vulnerability in HP SoftPaq software allows attackers to execute arbitrary code by modifying configuration files after extraction. It affects sys...
May 1, 2024This vulnerability in CCX device firmware allows unauthorized actors to access restricted resources due to improper access controls. It affects device...
Apr 9, 2024HP OfficeJet Pro printers are vulnerable to a Denial of Service attack when receiving a specially crafted eSCL URL GET request. This vulnerability all...
Mar 22, 2024A BIOS vulnerability in certain HP Workstation PCs could allow attackers with physical or local access to execute arbitrary code, escalate privileges,...
Feb 14, 2024This vulnerability in HPE OneView allows authenticated local attackers to execute arbitrary commands with elevated privileges through improper input v...
Jan 23, 2024HP OfficeJet Pro printers are vulnerable to Denial of Service attacks when a SOAP message with a body but no header is sent to TCP port 3911. This vul...
Dec 14, 2023An unauthenticated Denial-of-Service vulnerability in the soft AP daemon accessed via PAPI protocol allows attackers to disrupt affected access points...
Nov 14, 2023Why Monitor Hp Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 153+ known vulnerabilities affecting Hp products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Hp packages in under 60 seconds. No agents required - completely agentless scanning that works across Hp deployments.
Free vulnerability database: Access detailed information about every Hp CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Hp CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
