CVE-2026-2915
HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was
remediated with HP System Event Utility version 3.2.16.
CVE-2026-1997
Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource.
CORS is disabled by default on Pro‑class devices an…
CVE-2026-1996
Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection.
CVE-2025-14432
In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is l…
CVE-2025-11531
HP System Event Utility and Omen Gaming Hub might allow execution of
certain files outside of their restricted paths. This
potential vulnerability was remediated with HP System
Event Utility version 3.2.12 and Omen Gaming H…
CVE-2025-13492
A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability
could potentially allow a local attacker to escalate privileges via a race condition when installing…
CVE-2025-12785
Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.
CVE-2025-12784
Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.
CVE-2025-11761
A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potentia…
CVE-2025-43017
HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.
CVE-2025-43024
A GUI dialog of an application allows to view what files are in the file system without proper authorization.
CVE-2025-10578
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
CVE-2025-43491
A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted.
CVE-2025-43018
Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book.
CVE-2025-43023
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA).
CVE-2025-3508
Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information.
CVE-2025-43489
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software updat…
CVE-2025-43488
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting untrusted characters. HP has addressed th…
CVE-2025-43487
A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the late…
CVE-2025-43486
A potential stored cross-site scripting vulnerability has been
identified in the Poly Clariti Manager for versions prior to 10.12.1. The
website allows user input to be stored and rendered without proper
sanitization. HP has addressed the i…