5
CVEs
1
Critical
4
High
0
KEV
0
PoC
2
Unpatched C/H
60.0%
Patch Rate
0.2%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
4
MEDIUM
0
LOW
0
Monthly CVE Trend
Affected Products (30)
System Management Homepage
28
Intelligent Management Center
25
Storage Data Protector
24
Linux Kernel
19
Service Manager
16
Loadrunner
15
Systems Insight Manager
14
W1A80A Firmware
13
W1A77A Firmware
13
W1A78A Firmware
13
W1A76A Firmware
13
W1A81A Firmware
13
W1A79A Firmware
13
W1A82A Firmware
13
W1A75A Firmware
13
Intelligent Management Center For Automated Network Manager
12
Sitescope
12
Pc Bios
11
Laserjet Pro Mfp M428 M429 F W1A30A Firmware
10
Laserjet Pro M453 M454 W1Y46A Firmware
10
Laserjet Pro M453 M454 W1Y40A Firmware
10
Laserjet Pro Mfp M428 M429 F W1A35A Firmware
10
Laserjet Pro M453 M454 W1Y44A Firmware
10
Laserjet Pro M453 M454 W1Y45A Firmware
10
Laserjet Pro Mfp M428 M429 W1A28A Firmware
10
Laserjet Pro M304 M305 W1A48A Firmware
10
Laserjet Pro Mfp M428 M429 W1A33A Firmware
10
Laserjet Pro M304 M305 W1A66A Firmware
10
Laserjet Pro M453 M454 W1Y41A Firmware
10
Laserjet Pro M304 M305 W1A46A Firmware
10
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-14544 | Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter across Red Hat Enterprise Linux 6 through 10, where an integer overflow triggered by specially crafted print data can corrupt memory. This is an incomplete-fix follow-up to CVE-2026-8631, meaning the original patch did not fully close the flaw, and no public exploit has been identified at time of analysis. The Red Hat CVSS of 9.8 reflects a network-reachable, unauthenticated attack path, though realistic exploitation depends on how the CUPS print pipeline is exposed. | CRITICAL | 9.8 | 0.5% | 50 |
No patch
|
| CVE-2026-2891 | Denial of service in HP Poly Voice IP endpoints (CCX, Trio C60, and Edge E series) allows an attacker operating or impersonating a SIP server to render affected devices inoperable by returning malformed data during SIP signaling. The flaw is an uncontrolled-resource-consumption / improper-input-handling issue (CWE-400) that crashes or hangs the phone, disrupting voice service. HP has published advisory hpsbpy04096 and is releasing firmware updates; no public exploit is identified at time of analysis and the issue is not listed in CISA KEV. | HIGH | 8.2 | 0.3% | 41 |
|
| CVE-2026-13753 | Information disclosure in HP Deskjet 2800 Series printers running firmware TBP1CN2612AR or earlier lets an unauthenticated attacker on the network read sensitive configuration - including plaintext Wi‑Fi Direct credentials, device identity, and administrative security state - by sending plain GET requests to administrative API endpoints. The same data is gated behind administrator login in the web UI, so these API endpoints bypass the product's own access-control model. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV. | HIGH | 7.5 | 0.3% | 38 |
No patch
|
| CVE-2026-8864 | Local privilege escalation in the HP Fan Control App lets a low-privileged local user gain SYSTEM/administrator-level execution on affected HP endpoints. The flaw stems from CWE-428 (Unquoted Search Path or Element), a classic Windows weakness where a privileged service or process resolves an executable or library from an attacker-controllable path. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; EPSS data was not provided. | HIGH | 7.3 | 0.1% | 37 |
|
| CVE-2026-7539 | Local privilege escalation and arbitrary code execution in the HP Accessory WMI Provider installer bundled with certain HP Docking Stations allows a low-privileged local user to gain elevated (likely SYSTEM) execution. The root cause is insecure temporary-file/directory permissions used during installation (CWE-379), which an attacker can abuse to introduce or replace executable content that a privileged installer process runs. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; HP has published advisory hpsbhf04129 and is releasing software updates. | HIGH | 7.3 | 0.1% | 37 |
|