5
CVEs
1
Critical
1
High
0
KEV
0
PoC
0
Unpatched C/H
60.0%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
1
MEDIUM
2
LOW
0
Monthly CVE Trend
Affected Products (30)
Linux Kernel
8
PHP
4
Virtual Appliance Application
4
Virtual Appliance Host
4
Debian Linux
3
Autopass License Server
3
W1A29A Firmware
2
4Ra86E Firmware
2
W1Y43A Firmware
2
4Ra81E Firmware
2
W1A56A Firmware
2
499N1A Firmware
2
4Ra81Fr Firmware
2
4Ra80A Firmware
2
74T92E Firmware
2
W1A28A Firmware
2
W1A48A Firmware
2
4Ra85V Firmware
2
5Hh52A Firmware
2
499Q6F Firmware
2
W1A66A Firmware
2
499Q6A Firmware
2
499Q3F Firmware
2
4Ra88F Firmware
2
499Q8F Firmware
2
499N5A Firmware
2
499Q3A Firmware
2
7Kw66A Firmware
2
499Q8E Firmware
2
499Q7F Firmware
2
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-8631 | Heap-based integer overflow in the hpcups component of HP Linux Imaging and Printing Software (HPLIP) allows attackers to achieve arbitrary code execution and/or privilege escalation by submitting crafted print data. The CVSS 4.0 base score of 9.3 reflects network-reachable exploitation against the printing subsystem with no authentication or user interaction required, though no public exploit identified at time of analysis and the issue has not been added to CISA KEV. | CRITICAL | 9.3 | 0.0% | 47 |
|
| CVE-2026-8632 | Local privilege escalation in HP Linux Imaging and Printing Software (HPLIP) allows authenticated low-privileged users to execute arbitrary OS commands via command injection, potentially gaining elevated privileges on affected Linux hosts. The CVSS 4.0 score of 8.5 reflects high impact to confidentiality, integrity, and availability with low attack complexity, and no public exploit identified at time of analysis. The vulnerability is reported directly by HP PSIRT under advisory hpsbpi04118. | HIGH | 8.5 | 0.1% | 43 |
|
| CVE-2026-3291 | Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mob | MEDIUM | 6.9 | 0.0% | 35 |
No patch
|
| CVE-2026-6180 | Race condition in PaperCut MF badge-swipe processing from HP multifunction devices allows unauthorized user login when custom badge-ID post-processing scripts transform truncated badge strings into valid credentials of different users. The vulnerability requires specific network conditions (dropped packets, out-of-order sequence counters, failed sequence reset notifications) and custom script configuration, affecting physical device authentication in networked printing environments. No public exploit identified at time of analysis. | MEDIUM | 4.1 | 0.0% | 21 |
|
| CVE-2026-42626 | HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauth | 5.9 | 0.0% | – |
No patch
|