8
CVEs
0
Critical
3
High
0
KEV
0
PoC
2
Unpatched C/H
37.5%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
3
MEDIUM
5
LOW
0
Monthly CVE Trend
Affected Products (30)
Linux Kernel
8
PHP
4
Virtual Appliance Host
4
Virtual Appliance Application
4
Autopass License Server
3
Command Injection
3
Debian Linux
3
7Kw75A Firmware
2
4Ra85F Firmware
2
7Kw63A Firmware
2
7Kw50A Firmware
2
4Ra89A Firmware
2
Stack Overflow
2
4Ra85A Firmware
2
499M8A Firmware
2
W1Y43A Firmware
2
5Hh73A Firmware
2
Futuresmart 3
2
W1A66A Firmware
2
W1A56A Firmware
2
7Kw76A Firmware
2
4Ra82E Firmware
2
W1Y45A Firmware
2
4Ra87F Firmware
2
W1A47A Firmware
2
499M7A Firmware
2
759V0E Firmware
2
499Q5F Firmware
2
759V1F Firmware
2
4Ra86F Firmware
2
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-37165 | router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor is affected by information exposure (CVSS 7.5). | HIGH | 7.5 | 0.0% | 38 |
No patch
|
| CVE-2025-71101 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-of-bounds array access vulnerabilities. | HIGH | 7.1 | 0.0% | 36 |
|
| CVE-2025-71121 | In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations. | MEDIUM | 5.5 | 0.1% | 28 |
|
| CVE-2026-23131 | The HP BIOS configuration driver in the Linux kernel fails to validate attribute names before kobject registration, causing kernel warnings and potential denial of service when HP BIOS returns empty name strings. A local user with standard privileges can trigger this vulnerability to crash or destabilize the system by supplying malformed BIOS attribute data. No patch is currently available for this medium-severity flaw affecting Linux systems with HP BIOS configuration support. | MEDIUM | 5.5 | 0.0% | 28 |
|
| CVE-2026-1997 | HP OfficeJet Pro printers (D9l18a, D9l20a, D9l21a, D9l63a firmware) are vulnerable to information disclosure through CORS misconfiguration when administrators enable the feature on the Embedded Web Server. An unauthenticated remote attacker can exploit this to access sensitive device resources from untrusted web origins. CORS remains disabled by default as a mitigation, but organizations that have explicitly enabled it should apply patches when available. | MEDIUM | 5.3 | 0.0% | 27 |
No patch
|
| CVE-2025-11761 | A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.5 | 0.0% | – |
No patch
|
| CVE-2025-12784 | Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 6.9 | 0.0% | – |
No patch
|
| CVE-2025-12785 | Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 6.9 | 0.0% | – |
No patch
|