HP
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any HP product.
RSS Feeds for HP security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in HP products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by HP Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 9 vulnerabilities in HP. Last year, in 2024 HP had 40 security vulnerabilities published. Right now, HP is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 9 | 0.00 |
| 2024 | 40 | 7.99 |
| 2023 | 65 | 8.21 |
| 2022 | 35 | 7.78 |
| 2021 | 14 | 8.07 |
| 2020 | 88 | 8.99 |
| 2019 | 154 | 8.02 |
| 2018 | 76 | 6.63 |
It may take a day or so for new HP vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent HP Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-11761 | Nov 03, 2025 |
HP Client Management Script Library PRIVESC via install script (CVE-2025-11761)A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability. |
|
| CVE-2025-43017 | Oct 28, 2025 |
HP ThinPro 8.1 SP8 System Management App ID Verification VulnerabilityHP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities. |
Thinpro
|
| CVE-2025-10577 | Oct 15, 2025 |
HP Audio Package Sound Research SECOMN64 Driver Privilege EscalationPotential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabilities |
Sound Research
|
| CVE-2025-10576 | Oct 15, 2025 |
HP Audio SECOMN64 Driver Privilege EscalationPotential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabilities. |
Sound Research
|
| CVE-2023-6215 | Oct 07, 2025 |
HP Sure Start BIOS Intel Flash Descriptor Vulnerability (CVE-2023-6215)A potential security vulnerability has been identified in HP Sure Starts protection of the Intel Flash Descriptor in certain HP PC products, which might allow security bypass, arbitrary code execution, loss of integrity or confidentiality, or denial of service. HP is releasing BIOS updates to mitigate the potential vulnerability. |
Sure Start
|
| CVE-2025-10578 | Oct 01, 2025 |
hp SA <9.47.41: Local Priv Esc via File WriteA potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. |
Support Assistant
|
| CVE-2025-10568 | Sep 19, 2025 |
HyperX NGENUITY: arbitrary code exec via softwareHyperX NGENUITY software is potentially vulnerable to arbitrary code execution. HP is releasing updated software to address the potential vulnerability. |
|
| CVE-2025-43023 | Jul 28, 2025 |
HP LIP Weak DSA Signature Key VulnerabilityA potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA). |
|
| CVE-2025-43026 | Jun 05, 2025 |
HP Support Assistant <9.44.18.0: Local PrivEsc via File WriteA potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. |
Support Assistant
|
| CVE-2024-42508 | Oct 18, 2024 |
Auth Info Disclosure CVE-2024-42508This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. |
Oneview
|
| CVE-2024-42500 | Sep 09, 2024 |
HP-UX NFSv4 DoS VulnerabilityHPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services. |
Hp Ux
|
| CVE-2024-7720 | Aug 27, 2024 |
HP Security Manager RCE via OpenSource LibsHP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. |
Security Manager
|
| CVE-2024-41912 | Aug 07, 2024 |
Poly Clariti Manager Firmware <10.10.2.2 Acct Control FlawA vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls. |
Poly Clariti Manager Firmware
|
| CVE-2024-42400 | Aug 06, 2024 |
Unauth DoS in Soft AP Daemon via PAPI Prevents AP FunctionalityMultiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. |
Instantos
|
| CVE-2024-42399 | Aug 06, 2024 |
Soft AP daemon PAPI DoS: Unauthenticated exploitationMultiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. |
Instantos
|
| CVE-2024-42398 | Aug 06, 2024 |
Unauthenticated DoS via Soft AP PAPI ExploitMultiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. |
Instantos
|
| CVE-2024-42395 | Aug 06, 2024 |
CVE-2024-42395: AP Cert Mgmt Service Unauth RCEThere is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. |
Instantos
|
| CVE-2024-42394 | Aug 06, 2024 |
Unauth RCE via Soft AP Daemon ServiceThere are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. |
Instantos
|
| CVE-2024-42393 | Aug 06, 2024 |
Unauthenticated RCE in Soft AP Daemon Service (CVE-2024-42393)There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. |
Instantos
|
| CVE-2024-42397 | Aug 06, 2024 |
Cisco AP Certificate Management Daemon DoS via PAPIMultiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. |
Instantos
|
| CVE-2024-42396 | Aug 06, 2024 |
Unauthenticated DoS in AP Cert Mgmt Daemon via PAPIMultiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. |
Instantos
|
| CVE-2024-41913 | Aug 06, 2024 |
Poly Clariti Manager Firmware <10.10.2.2: Unsanitized User InputA vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input. |
Poly Clariti Manager Firmware
|
| CVE-2024-41911 | Aug 06, 2024 |
Poly Clariti Manager FW <=10.10.2.2 XSS via unescaped input on page renderingA vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation. |
Poly Clariti Manager Firmware
|
| CVE-2024-41910 | Aug 06, 2024 |
Poly Clariti Manager XSS Vulnerable Firmware <=10.10.2.2A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used. |
Poly Clariti Manager Firmware
|
| CVE-2024-22442 | Jul 16, 2024 |
Authentication Bypass via Remote ExploitThe vulnerability could be remotely exploited to bypass authentication. |
3par Service Processor Firmware
|
| CVE-2024-6147 | Jun 20, 2024 |
Poly Plantronics Hub LPE via Symlink Deletion in Spokes Update ServicePoly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Spokes Update Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18271. |
Poly Plantronics Hub
|
| CVE-2024-31481 | May 14, 2024 |
Unauthenticated DoS via PAPI CLI ServiceUnauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service. |
Instantos
|
| CVE-2024-31483 | May 14, 2024 |
CVE-2024-31483: Authenticated Info Leak via CLI PAPI Service allowing OS file readAn authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system. |
Instantos
|
| CVE-2024-31482 | May 14, 2024 |
Unauthenticated DoS via ANSI Escape in PAPI ServiceAn unauthenticated Denial-of-Service (DoS) vulnerability exists in the ANSI escape code service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected Access Point. |
Instantos
|
| CVE-2024-31480 | May 14, 2024 |
Unauthenticated CLI DoS via PAPI ProtocolUnauthenticated Denial of Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service. |
Instantos
|
| CVE-2024-31467 | May 14, 2024 |
ArubaAP CLI Buffer Overflow Enables Unauth RCE via PAPI UDPThere are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. |
Instantos
|
| CVE-2024-31468 | May 14, 2024 |
BF in Aruba Central Comm svc -> unauth RCE via PAPI UDP 8211There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. |
Instantos
|
| CVE-2024-31469 | May 14, 2024 |
Buffer Overflow in Aruba Central Comm Service (PAPI) UDP 8211 -> RCEThere are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. |
Instantos
|
| CVE-2024-31470 | May 14, 2024 |
Aruba AP SAE Buffer Overflow Enables RCE via PAPI UDPThere is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. |
Instantos
|
| CVE-2024-31471 | May 14, 2024 |
CVE-2024-31471 Aruba Central Comm PAPI UDP Command InjectionThere is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. |
Instantos
|
| CVE-2024-31472 | May 14, 2024 |
Aruba Soft AP Daemon: UDP 8211 CoI Exploits PAPI (CVE-2024-31472)There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. |
Instantos
|
| CVE-2024-31473 | May 14, 2024 |
Command injection in Aruba Access Point PAPI UDP 8211 enabling RCEThere is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. |
Instantos
|
| CVE-2024-31474 | May 14, 2024 |
Aruba AP CLI Arbitrary File Deletion via PAPIThere is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point |
Instantos
|
| CVE-2024-31475 | May 14, 2024 |
Aruba Central Comms: Arbitrary File Delete via PAPIThere is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point. |
Instantos
|
| CVE-2024-31476 | May 14, 2024 |
Authenticated CLI Command Injection Resulting in Privileged OS Code ExecutionMultiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. |
Instantos
|
| CVE-2024-31478 | May 14, 2024 |
Soft AP Daemon Unauthenticated DoS via PAPIMultiple unauthenticated Denial-of-Service (DoS) vulnerabilities exists in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilites result in the ability to interrupt the normal operation of the affected Access Point. |
Instantos
|
| CVE-2024-31479 | May 14, 2024 |
Unauthenticated DoS in Central Communications Service via PAPIUnauthenticated Denial of Service (DoS) vulnerabilities exist in the Central Communications service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service. |
Instantos
|
| CVE-2024-31477 | May 14, 2024 |
Unknown Authenticated CLI Command Injection Enabling Privileged OS Cmd ExecMultiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. |
Instantos
|
| CVE-2024-31466 | May 14, 2024 |
Aruba AP PAPI Buffer Overflow RCEThere are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. |
Instantos
|
| CVE-2024-33516 | May 01, 2024 |
ArubaOS Auth Service PAPI DoS via Unauthenticated RequestAn unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the controller. |
Arubaos
|
| CVE-2024-1174 | Mar 01, 2024 |
HP ThinPro OS 8.0 SP 8 mitigates prior version vulnerabilitiesPrevious versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vulnerabilities. HP has released HP ThinPro 8.0 SP 8, which includes updates to mitigate potential vulnerabilities. |
Thinpro
|
| CVE-2023-6573 | Jan 23, 2024 |
HPE OneView: Missing Passphrase During RestoreHPE OneView may have a missing passphrase during restore. |
Oneview
|
| CVE-2023-50275 | Jan 23, 2024 |
HPE OneView clusterService Auth Bypass causing DoSHPE OneView may allow clusterService Authentication Bypass resulting in denial of service. |
Oneview
|
| CVE-2023-50274 | Jan 23, 2024 |
HPE OneView: Local Privilege Escalation via Command InjectionHPE OneView may allow command injection with local privilege escalation. |
Oneview
|
| CVE-2023-45621 | Nov 14, 2023 |
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocolUnauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point. |
Instantos
|