Filtered by vendor Hp
Subscribe
Total
2513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39298 | 1 Hp | 374 260 G3 Desktop Mini Pc, 260 G3 Desktop Mini Pc Firmware, Elite Dragonfly and 371 more | 2026-02-24 | 7.2 HIGH | 8.8 HIGH |
|
A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.
|
|||||
| CVE-2025-3508 | 1 Hp | 146 1vd83a, 1vd83a Firmware, 1vd84a and 143 more | 2026-02-24 | N/A | 6.5 MEDIUM |
|
Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information.
|
|||||
| CVE-2025-1697 | 1 Hp | 1 Touchpoint Analytics Service | 2026-02-24 | N/A | 7.8 HIGH |
|
A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to mitigate this potential vulnerability.
|
|||||
| CVE-2025-1004 | 1 Hp | 20 4pa41a, 4pa41a Firmware, 4pa42a and 17 more | 2026-02-24 | N/A | 5.3 MEDIUM |
|
Certain HP LaserJet Pro printers may potentially
experience a denial of service when a user sends a raw JPEG file to the printer
via IPP (Internet Printing Protocol).
|
|||||
| CVE-2024-5749 | 1 Hp | 30 1jl02b, 1jl02b Firmware, F9a29a and 27 more | 2026-02-24 | N/A | 7.5 HIGH |
|
Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.
|
|||||
| CVE-2024-9423 | 1 Hp | 204 1y7d4a, 1y7d4a Firmware, 2a129a and 201 more | 2026-02-24 | N/A | 5.3 MEDIUM |
|
Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a “JPEG Unsupported” message which may not clear, potentially blocking queued print jobs.
|
|||||
| CVE-2026-1996 | 1 Hp | 34 D9l18a, D9l18a Firmware, J6x76a and 31 more | 2026-02-24 | N/A | 5.3 MEDIUM |
|
Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection.
|
|||||
| CVE-2025-43018 | 1 Hp | 34 W1a28a, W1a28a Firmware, W1a29a and 31 more | 2026-02-24 | N/A | 5.3 MEDIUM |
|
Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book.
|
|||||
| CVE-2024-0407 | 1 Hp | 428 17f27aw, 19gsaw, 1ps54a and 425 more | 2026-02-20 | N/A | 6.5 MEDIUM |
|
Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store.
|
|||||
| CVE-2023-4063 | 1 Hp | 84 1kr42a, 1kr42a Firmware, 1kr45a and 81 more | 2026-02-20 | N/A | 5.3 MEDIUM |
|
Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request.
|
|||||
| CVE-2024-2209 | 1 Hp | 56 26k67a, 26k67a Firmware, 26k67b and 53 more | 2026-02-20 | N/A | 6.3 MEDIUM |
|
A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution.
|
|||||
| CVE-2024-3281 | 1 Hp | 6 Poly Ccx 350, Poly Ccx 400, Poly Ccx 500 and 3 more | 2026-02-20 | N/A | 8.8 HIGH |
|
A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor.
|
|||||
| CVE-2025-12784 | 1 Hp | 124 7kw48a, 7kw48a Firmware, 7kw49a and 121 more | 2026-02-13 | N/A | 4.9 MEDIUM |
|
Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.
|
|||||
| CVE-2025-12785 | 1 Hp | 124 7kw48a, 7kw48a Firmware, 7kw49a and 121 more | 2026-02-13 | N/A | 7.5 HIGH |
|
Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.
|
|||||
| CVE-2022-37020 | 1 Hp | 52 Elite Slice, Elite Slice Firmware, Elite Slice For Meeting Rooms and 49 more | 2026-02-13 | N/A | 6.8 MEDIUM |
|
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.
|
|||||
| CVE-2026-1997 | 1 Hp | 82 D9l18a, D9l18a Firmware, D9l20a and 79 more | 2026-02-12 | N/A | 5.3 MEDIUM |
|
Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource.
CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.
|
|||||
| CVE-2022-27540 | 1 Hp | 706 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 703 more | 2026-01-30 | N/A | 7.8 HIGH |
|
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.
|
|||||
| CVE-2025-43024 | 1 Hp | 1 Thinpro | 2026-01-29 | N/A | 7.5 HIGH |
|
A GUI dialog of an application allows to view what files are in the file system without proper authorization.
|
|||||
| CVE-2024-9419 | 1 Hp | 1 Smart Universal Printing Driver | 2026-01-26 | N/A | 7.8 HIGH |
|
Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC.
|
|||||
| CVE-2024-2301 | 1 Hp | 28 Cz172a, Cz172a Firmware, Cz173a and 25 more | 2026-01-26 | N/A | 7.6 HIGH |
|
Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device.
|
|||||
| CVE-2024-5143 | 1 Hp | 16 W1a75a, W1a75a Firmware, W1a76a and 13 more | 2026-01-26 | N/A | 6.8 MEDIUM |
|
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed.
|
|||||
| CVE-2024-27460 | 1 Hp | 1 Poly Plantronics Hub | 2026-01-21 | N/A | 6.7 MEDIUM |
|
A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.
|
|||||
| CVE-2025-43017 | 1 Hp | 1 Thinpro | 2026-01-21 | N/A | 9.8 CRITICAL |
|
HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.
|
|||||
| CVE-2025-11761 | 1 Hp | 1 Client Management Script Library | 2026-01-21 | N/A | 7.8 HIGH |
|
A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability.
|
|||||
| CVE-2025-11531 | 1 Hp | 2 Omen Gaming Hub, System Event Utility | 2026-01-21 | N/A | 8.8 HIGH |
|
HP System Event Utility and Omen Gaming Hub might allow execution of
certain files outside of their restricted paths. This
potential vulnerability was remediated with HP System
Event Utility version 3.2.12 and Omen Gaming Hub version
1101.2511.101.0.
|
|||||
| CVE-2025-43025 | 1 Hp | 1 Universal Print Driver | 2026-01-20 | N/A | 7.5 HIGH |
|
HP Universal Print Driver is potentially vulnerable to denial of service due to buffer overflow in versions of UPD 7.4 or older (e.g., v7.3.x, v7.2.x, v7.1.x, etc.).
|
|||||
| CVE-2025-43019 | 1 Hp | 1 Support Assistant | 2026-01-20 | N/A | 7.8 HIGH |
|
A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion.
|
|||||
| CVE-2025-10578 | 1 Hp | 1 Support Assistant | 2026-01-16 | N/A | 7.8 HIGH |
|
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
|
|||||
| CVE-2025-43491 | 2 Hp, Microsoft | 2 Poly Lens Desktop, Windows | 2026-01-16 | N/A | 9.8 CRITICAL |
|
A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted.
|
|||||
| CVE-2025-2268 | 1 Hp | 108 1y7d4a, 1y7d4a Firmware, 2a129a and 105 more | 2026-01-16 | N/A | 7.5 HIGH |
|
The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).
|
|||||
| CVE-2025-43023 | 1 Hp | 1 Linux Imaging And Printing | 2026-01-16 | N/A | 9.1 CRITICAL |
|
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).
|
|||||
| CVE-2025-26507 | 1 Hp | 403 115p9aw, 115q0aw, 17f27aw and 400 more | 2026-01-15 | N/A | 9.8 CRITICAL |
|
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
|
|||||
| CVE-2025-26506 | 1 Hp | 190 499m6a, 499m6a Firmware, 499m7a and 187 more | 2026-01-15 | N/A | 9.8 CRITICAL |
|
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
|
|||||
| CVE-2025-26508 | 1 Hp | 593 115p9aw, 115q0aw, 17f27aw and 590 more | 2026-01-15 | N/A | 9.8 CRITICAL |
|
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
|
|||||
| CVE-2024-1869 | 1 Hp | 4 Cq891c, Cq891c Firmware, Cq893c and 1 more | 2026-01-15 | N/A | 7.5 HIGH |
|
Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220.
|
|||||
| CVE-2024-28893 | 1 Hp | 1 Softpaqs | 2026-01-14 | N/A | 7.7 HIGH |
|
Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs).
|
|||||
| CVE-2022-37019 | 1 Hp | 52 Elite Slice, Elite Slice Firmware, Elite Slice For Meeting Rooms and 49 more | 2026-01-14 | N/A | 6.8 MEDIUM |
|
Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.
|
|||||
| CVE-2025-43026 | 1 Hp | 1 Support Assistant | 2026-01-13 | N/A | 7.8 HIGH |
|
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
|
|||||
| CVE-2022-48220 | 1 Hp | 54 Elite Mini 600 G9, Elite Mini 600 G9 Firmware, Elite Mini 800 G9 and 51 more | 2026-01-09 | N/A | 6.4 MEDIUM |
|
Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.
|
|||||
| CVE-2022-48219 | 1 Hp | 54 Elite Mini 600 G9, Elite Mini 600 G9 Firmware, Elite Mini 800 G9 and 51 more | 2026-01-09 | N/A | 6.4 MEDIUM |
|
Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.
|
|||||