3
CVEs
0
Critical
1
High
0
KEV
0
PoC
1
Unpatched C/H
0.0%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
1
MEDIUM
2
LOW
0
Monthly CVE Trend
Affected Products (6)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-23818 | Open redirect vulnerability in HPE Aruba Networking Private 5G Core On-Prem GUI enables credential harvesting attacks against authenticated users. Remote attackers can craft malicious URLs that redirect victims from the legitimate login flow to attacker-controlled phishing pages designed to capture credentials. With CVSS 8.8 (High) severity and network-reachable attack surface requiring no authentication, this represents significant phishing risk for organizations deploying private 5G infrastructure. No public exploit identified at time of analysis, though exploitation requires minimal technical complexity. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-67913 | Aruba HiSpeed Cache WordPress plugin (before 3.0.3) has missing authorization allowing unauthenticated access to cache management functions with full CIA impact. | MEDIUM | 6.5 | 0.1% | 33 |
No patch
|
| CVE-2026-1924 | Cross-site request forgery in Aruba HiSpeed Cache WordPress plugin up to version 3.0.4 allows unauthenticated attackers to reset all plugin settings to defaults by tricking site administrators into clicking a malicious link, due to missing nonce verification on the ahsc_ajax_reset_options() function. The CVSS score of 4.3 reflects the low-impact integrity violation requiring user interaction, with no known public exploit code or confirmed active exploitation. | MEDIUM | 4.3 | 0.0% | 22 |
No patch
|