Aggregates CVE and security vulnerability intelligence across all HP-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting, vendor risk input validation, vendor risk path handling, and vendor risk csrf and related problems; some flaws may lead to vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-8632 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection. | [email protected] | 8.5 | 0.01% | 2026-05-20 | 2026-05-21 |
| CVE-2026-8631 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data. | [email protected] | 9.3 | 0.02% | 2026-05-20 | 2026-05-21 |
| CVE-2026-3291 | Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities. | [email protected] | 6.9 | 0.01% | 2026-05-06 | 2026-05-11 |
| CVE-2026-2915 | HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16. | [email protected] | 5.2 | 0.01% | 2026-03-03 | 2026-03-09 |
| CVE-2026-1997 | Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device. | [email protected] | 6.9 | 0.01% | 2026-02-10 | 2026-02-12 |
| CVE-2026-1996 | Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection. | [email protected] | 6.9 | 0.06% | 2026-02-10 | 2026-02-24 |
| CVE-2025-14432 | In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI. | [email protected] | 8.1 | 0.03% | 2025-12-16 | 2025-12-18 |
| CVE-2025-11531 | HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0. | [email protected] | 4.8 | 0.05% | 2025-12-09 | 2026-01-21 |
| CVE-2025-13492 | A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability could potentially allow a local attacker to escalate privileges via a race condition when installing packages. | [email protected] | 5.4 | 0.01% | 2025-12-03 | 2025-12-05 |
| CVE-2025-12785 | Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. | [email protected] | 6.9 | 0.04% | 2025-11-13 | 2026-02-13 |
| CVE-2025-12784 | Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. | [email protected] | 6.9 | 0.04% | 2025-11-13 | 2026-02-13 |
| CVE-2025-11761 | A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability. | [email protected] | 8.5 | 0.01% | 2025-11-03 | 2026-01-21 |
| CVE-2025-43017 | HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities. | [email protected] | 8.5 | 0.05% | 2025-10-28 | 2026-01-21 |
| CVE-2025-43024 | A GUI dialog of an application allows to view what files are in the file system without proper authorization. | [email protected] | 5.1 | 0.01% | 2025-10-28 | 2026-01-29 |
| CVE-2025-10578 | A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. | [email protected] | 5.8 | 0.01% | 2025-10-01 | 2026-01-16 |
| CVE-2025-43491 | A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted. | [email protected] | 7.3 | 0.04% | 2025-09-09 | 2026-01-16 |
| CVE-2025-43018 | Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book. | [email protected] | 6.9 | 0.21% | 2025-07-30 | 2026-02-24 |
| CVE-2025-43023 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA). | [email protected] | 5.9 | 0.12% | 2025-07-28 | 2026-01-16 |
| CVE-2025-3508 | Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information. | [email protected] | 6.0 | 0.06% | 2025-07-25 | 2026-02-24 |
| CVE-2025-43489 | A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update. | [email protected] | 2.0 | 0.34% | 2025-07-23 | 2025-10-02 |