Hp: Security Vulnerabilities
HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was
remediated with HP System Event Utility version 3.2.16.
CVSS Score
5.2
EPSS Score
0.0
Published
2026-03-03
Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-02-10
Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource.
CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-02-10
In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-12-16
HP System Event Utility and Omen Gaming Hub might allow execution of
certain files outside of their restricted paths. This
potential vulnerability was remediated with HP System
Event Utility version 3.2.12 and Omen Gaming Hub version
1101.2511.101.0.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-12-09
A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability
could potentially allow a local attacker to escalate privileges via a race condition when installing packages.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-03
Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.
CVSS Score
6.9
EPSS Score
0.0
Published
2025-11-13
Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.
CVSS Score
6.9
EPSS Score
0.0
Published
2025-11-13
A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability.
CVSS Score
8.5
EPSS Score
0.0
Published
2025-11-03
HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.
CVSS Score
8.5
EPSS Score
0.0
Published
2025-10-28
Page 1