Filtered by vendor Hp
Subscribe
Total
2517 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1996 | 1 Hp | 34 D9l18a, D9l18a Firmware, J6x76a and 31 more | 2026-02-24 | N/A | 5.3 MEDIUM |
| Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection. | |||||
| CVE-2025-43018 | 1 Hp | 34 W1a28a, W1a28a Firmware, W1a29a and 31 more | 2026-02-24 | N/A | 5.3 MEDIUM |
| Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book. | |||||
| CVE-2024-0407 | 1 Hp | 428 17f27aw, 19gsaw, 1ps54a and 425 more | 2026-02-20 | N/A | 6.5 MEDIUM |
| Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store. | |||||
| CVE-2023-4063 | 1 Hp | 84 1kr42a, 1kr42a Firmware, 1kr45a and 81 more | 2026-02-20 | N/A | 5.3 MEDIUM |
| Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request. | |||||
| CVE-2024-2209 | 1 Hp | 56 26k67a, 26k67a Firmware, 26k67b and 53 more | 2026-02-20 | N/A | 6.3 MEDIUM |
| A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution. | |||||
| CVE-2024-3281 | 1 Hp | 6 Poly Ccx 350, Poly Ccx 400, Poly Ccx 500 and 3 more | 2026-02-20 | N/A | 8.8 HIGH |
| A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor. | |||||
| CVE-2025-12784 | 1 Hp | 124 7kw48a, 7kw48a Firmware, 7kw49a and 121 more | 2026-02-13 | N/A | 4.9 MEDIUM |
| Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. | |||||
| CVE-2025-12785 | 1 Hp | 124 7kw48a, 7kw48a Firmware, 7kw49a and 121 more | 2026-02-13 | N/A | 7.5 HIGH |
| Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. | |||||
| CVE-2022-37020 | 1 Hp | 52 Elite Slice, Elite Slice Firmware, Elite Slice For Meeting Rooms and 49 more | 2026-02-13 | N/A | 6.8 MEDIUM |
| Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities. | |||||
| CVE-2026-1997 | 1 Hp | 82 D9l18a, D9l18a Firmware, D9l20a and 79 more | 2026-02-12 | N/A | 5.3 MEDIUM |
| Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device. | |||||
| CVE-2022-27540 | 1 Hp | 706 Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc, Dragonfly Folio 13.5 Inch G3 2-in-1 Notebook Pc Firmware, Elite Dragonfly and 703 more | 2026-01-30 | N/A | 7.8 HIGH |
| A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. | |||||
| CVE-2025-43024 | 1 Hp | 1 Thinpro | 2026-01-29 | N/A | 7.5 HIGH |
| A GUI dialog of an application allows to view what files are in the file system without proper authorization. | |||||
| CVE-2024-9419 | 1 Hp | 1 Smart Universal Printing Driver | 2026-01-26 | N/A | 7.8 HIGH |
| Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC. | |||||
| CVE-2024-2301 | 1 Hp | 28 Cz172a, Cz172a Firmware, Cz173a and 25 more | 2026-01-26 | N/A | 7.6 HIGH |
| Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. | |||||
| CVE-2024-5143 | 1 Hp | 16 W1a75a, W1a75a Firmware, W1a76a and 13 more | 2026-01-26 | N/A | 6.8 MEDIUM |
| A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed. | |||||
| CVE-2024-27460 | 1 Hp | 1 Poly Plantronics Hub | 2026-01-21 | N/A | 6.7 MEDIUM |
| A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below. | |||||
| CVE-2025-43017 | 1 Hp | 1 Thinpro | 2026-01-21 | N/A | 9.8 CRITICAL |
| HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities. | |||||
| CVE-2025-11761 | 1 Hp | 1 Client Management Script Library | 2026-01-21 | N/A | 7.8 HIGH |
| A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability. | |||||
| CVE-2025-11531 | 1 Hp | 2 Omen Gaming Hub, System Event Utility | 2026-01-21 | N/A | 8.8 HIGH |
| HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0. | |||||
| CVE-2025-43025 | 1 Hp | 1 Universal Print Driver | 2026-01-20 | N/A | 7.5 HIGH |
| HP Universal Print Driver is potentially vulnerable to denial of service due to buffer overflow in versions of UPD 7.4 or older (e.g., v7.3.x, v7.2.x, v7.1.x, etc.). | |||||