46
CVEs
5
Critical
18
High
0
KEV
5
PoC
14
Unpatched C/H
34.8%
Patch Rate
1.5%
Avg EPSS
Severity Breakdown
CRITICAL
5
HIGH
18
MEDIUM
22
LOW
0
Monthly CVE Trend
Affected Products (30)
Linux Kernel
8
PHP
4
Virtual Appliance Application
4
Virtual Appliance Host
4
Debian Linux
3
Autopass License Server
3
W1A29A Firmware
2
4Ra86E Firmware
2
W1Y43A Firmware
2
4Ra81E Firmware
2
W1A56A Firmware
2
499N1A Firmware
2
4Ra81Fr Firmware
2
4Ra80A Firmware
2
74T92E Firmware
2
W1A28A Firmware
2
W1A48A Firmware
2
4Ra85V Firmware
2
5Hh52A Firmware
2
499Q6F Firmware
2
W1A66A Firmware
2
499Q6A Firmware
2
499Q3F Firmware
2
4Ra88F Firmware
2
499Q8F Firmware
2
499N5A Firmware
2
499Q3A Firmware
2
7Kw66A Firmware
2
499Q8E Firmware
2
499Q7F Firmware
2
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2024-51978 | Certain devices expose serial numbers via HTTP/HTTPS/IPP and SNMP that can be used to generate the default administrator password. An unauthenticated attacker who discovers the serial number can calculate the admin password and gain full administrative control of the device without brute force. | CRITICAL | 9.8 | 48.3% | 117 |
PoC
No patch
|
| CVE-2025-26506 | Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available. | CRITICAL | 9.2 | 6.1% | 52 |
No patch
|
| CVE-2025-26508 | Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available. | HIGH | 8.3 | 6.1% | 48 |
No patch
|
| CVE-2025-1268 | An out-of-bounds write vulnerability exists in the EMF Recode processing functionality of multiple Canon printer drivers, allowing remote attackers to execute arbitrary code or crash the system without authentication. The vulnerability affects a wide range of Canon's Generic Plus and standard printer drivers (PCL6, UFR II, LIPS4, LIPSLX, PS, FAX, CARPS2, and PDF drivers) and has a critical CVSS score of 9.4. With an EPSS score of 0.44% (63rd percentile), the vulnerability shows moderate real-world exploitation likelihood, though no active exploitation or public proof-of-concept has been reported. | CRITICAL | 9.4 | 0.4% | 47 |
No patch
|
| CVE-2026-8631 | Heap-based integer overflow in the hpcups component of HP Linux Imaging and Printing Software (HPLIP) allows attackers to achieve arbitrary code execution and/or privilege escalation by submitting crafted print data. The CVSS 4.0 base score of 9.3 reflects network-reachable exploitation against the printing subsystem with no authentication or user interaction required, though no public exploit identified at time of analysis and the issue has not been added to CISA KEV. | CRITICAL | 9.3 | 0.0% | 47 |
|
| CVE-2026-4682 | Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for D | HIGH | 8.7 | 0.0% | 44 |
No patch
|
| CVE-2026-8632 | Local privilege escalation in HP Linux Imaging and Printing Software (HPLIP) allows authenticated low-privileged users to execute arbitrary OS commands via command injection, potentially gaining elevated privileges on affected Linux hosts. The CVSS 4.0 score of 8.5 reflects high impact to confidentiality, integrity, and availability with low attack complexity, and no public exploit identified at time of analysis. The vulnerability is reported directly by HP PSIRT under advisory hpsbpi04118. | HIGH | 8.5 | 0.1% | 43 |
|
| CVE-2025-1003 | A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.5 | 0.0% | 43 |
No patch
|
| CVE-2024-51768 | CVE-2024-51768 is a remote code execution vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17, stemming from unsafe deserialization in the embedded HSQLDB database library. An authenticated attacker with local network access can execute arbitrary code with the privileges of the APLS service, potentially leading to complete system compromise. The vulnerability has a CVSS score of 8.0 and represents a significant risk to organizations using affected APLS versions, particularly given the authentication requirement is modest (PR:L) and the attack complexity is low. | HIGH | 8.0 | 0.4% | 40 |
|
| CVE-2025-43026 | Local privilege escalation vulnerability in HP Support Assistant versions before 9.44.18.0 that allows a local attacker with limited user privileges to write arbitrary files and escalate to higher privilege levels without user interaction. The vulnerability carries a CVSS score of 7.8 (high severity) and exploits improper file permission handling in the support application; while KEV status and active exploitation data are not provided in the source material, the low attack complexity and local attack vector suggest this is a realistic threat for systems running vulnerable versions. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2024-51982 | CVE-2024-51982 is a denial-of-service vulnerability affecting network-connected printers and multifunction devices that expose the Printer Job Language (PJL) interface on TCP port 9100. An unauthenticated remote attacker can send a malformed PJL command with an invalid FORMLINES variable to crash the device repeatedly, causing service disruption without authentication or user interaction. The CVSS 7.5 score reflects the high availability impact, and while specific KEV/POC data was not provided in the source material, the straightforward nature of the exploit (malformed input causing crash) suggests practical exploitability. | HIGH | 7.5 | 0.6% | 38 |
No patch
|
| CVE-2025-26507 | Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available. | MEDIUM | 6.3 | 6.1% | 38 |
No patch
|
| CVE-2024-51769 | CVE-2024-51769 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated network attackers to access sensitive information without requiring user interaction. The vulnerability has a CVSS 3.1 score of 7.5 with a high confidentiality impact (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor), making it a significant risk for organizations relying on APLS for license management across their HPE infrastructure. | HIGH | 7.5 | 0.1% | 38 |
|
| CVE-2024-51770 | CVE-2024-51770 is an information disclosure vulnerability in HPE AutoPass License Server (APLS) versions prior to 9.17 that allows unauthenticated remote attackers to access sensitive information over the network. The vulnerability has a CVSS score of 7.5 with high confidentiality impact, enabling attackers to extract confidential data without requiring authentication, special privileges, or user interaction. The network-accessible nature of this information disclosure makes it a significant risk for organizations running vulnerable APLS versions. | HIGH | 7.5 | 0.1% | 38 |
|
| CVE-2025-37165 | router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor is affected by information exposure (CVSS 7.5). | HIGH | 7.5 | 0.0% | 38 |
No patch
|