cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-23058,https://securityvulnerability.io/vulnerability/CVE-2025-23058,Privilege Escalation Vulnerability in ClearPass Policy Manager by HPE,"A critical vulnerability in the ClearPass Policy Manager web-based management interface permits low-privileged authenticated users to exploit unauthorized access. This allows such users to execute functions typically restricted to administrators, including the ability to alter settings and access sensitive data. The successful exploitation of this vulnerability could lead to an escalation of privileges, compromising the security of the system.",HP (HP),HP Aruba Networking Clearpass Policy Manager,8.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-04T18:07:56.711Z,0
CVE-2025-1003,https://securityvulnerability.io/vulnerability/CVE-2025-1003,Authentication Bypass in HP Anyware Agent for Linux,"A potential vulnerability in HP Anyware Agent for Linux could allow unauthorized users to bypass authentication mechanisms, leading to potential privilege escalation. HP has acknowledged this issue and is in the process of releasing a software update to address this vulnerability. Users are advised to stay updated and apply the patches as soon as they are made available to safeguard their systems.","HP, Inc.",HP Anyware Linux Agent,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-04T00:15:00.000Z,0
CVE-2025-23051,https://securityvulnerability.io/vulnerability/CVE-2025-23051,Parameter Injection Vulnerability in AOS-8 and AOS-10 Operating Systems by HPE,"An authenticated parameter injection vulnerability within the web-based management interface of HPE's AOS-8 and AOS-10 operating systems poses significant security risks. If exploited, an authenticated user could perform parameter injection attacks to overwrite arbitrary system files, potentially compromising the integrity of the system and leading to unauthorized access or loss of data.",HP (HP),HP Aruba Networking Aos,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:16:00.000Z,60
CVE-2025-23052,https://securityvulnerability.io/vulnerability/CVE-2025-23052,Authenticated Command Injection Vulnerability in HPE Network Management Service,"An authenticated command injection vulnerability exists within the command line interface of HPE's network management service. When exploited, this flaw could enable an attacker to run arbitrary commands in the context of a privileged user on the host operating system. This risk emphasizes the importance of securing command interfaces and implementing robust authentication measures to prevent unauthorized access.",HP (HP),HP Aruba Networking Aos,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:16:00.000Z,0
CVE-2024-53676,https://securityvulnerability.io/vulnerability/CVE-2024-53676,Remote Code Execution Vulnerability Affects HPE Insight Remote Support,"A directory traversal vulnerability exists within Hewlett Packard Enterprise Insight Remote Support software that could be exploited by an attacker to gain unauthorized access to the system. This flaw allows an adversary to craft a malicious input, potentially leading to the execution of arbitrary code on the affected system. Proper configuration and ongoing security updates are crucial for mitigating the risks associated with this vulnerability.",HP,HP Insight Remote Support,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-11-27T01:15:00.000Z,0
CVE-2024-53673,https://securityvulnerability.io/vulnerability/CVE-2024-53673,Unauthenticated Java Deserialization Vulnerability in HPE Remote Insight Support,"A vulnerability exists in HPE Remote Insight Support, characterized by improper handling of Java object deserialization. This flaw enables unauthenticated attackers to potentially execute arbitrary code within the affected systems. Exploitation of this vulnerability could lead to severe consequences, including system compromise and unauthorized access to sensitive data. Organizations using HPE Remote Insight Support are strongly advised to assess their security posture and implement appropriate mitigations to safeguard against potential attacks.",HP,Insight Remote Support,9.8,CRITICAL,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-11-26T22:15:00.000Z,0
CVE-2024-53675,https://securityvulnerability.io/vulnerability/CVE-2024-53675,HPE Insight Remote Support XML External Entity Injection Vulnerability,"An XML external entity injection (XXE) vulnerability exists in HPE Insight Remote Support, which may allow remote attackers to exploit this weakness to disclose sensitive information under certain conditions. Implementing adequate input validation and configuring secure settings can mitigate risks associated with this vulnerability.",HP,HP Insight Remote Support,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-11-26T22:15:00.000Z,0
CVE-2024-53674,https://securityvulnerability.io/vulnerability/CVE-2024-53674,HPE Insight Remote Support XML External Entity Injection Vulnerability,"An XML external entity injection (XXE) vulnerability exists in HPE Insight Remote Support, potentially allowing remote users to exploit this weakness and disclose sensitive information under specific circumstances. This flaw emphasizes the importance of secure XML parsing configurations and highlights the risks associated with improperly validated XML input. Organizations using HPE Insight Remote Support should assess their environment for potential exposure and apply relevant security patches or mitigations as necessary.",HP,HP Insight Remote Support,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-11-26T22:15:00.000Z,0
CVE-2024-11622,https://securityvulnerability.io/vulnerability/CVE-2024-11622,HPE Insight Remote Support Exposes XML External Entity Injection Vulnerability,"An XML external entity injection (XXE) vulnerability exists within the HPE Insight Remote Support software, which can be exploited by remote users to gain unauthorized access to sensitive information. This vulnerability arises when the application processes XML inputs without adequate validation, potentially allowing attackers to craft malicious XML data. By exploiting this weakness, attackers may target system configurations or sensitive data stored within the server, leading to potential information disclosure. Security best practices recommend immediate evaluation and patching of the affected software versions to mitigate risks associated with this vulnerability.",HP,HP Insight Remote Support,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-11-26T21:31:11.004Z,0
CVE-2024-47462,https://securityvulnerability.io/vulnerability/CVE-2024-47462,Arbitrary File Creation Vulnerability Could Lead to Remote Command Execution,"An arbitrary file creation vulnerability has been identified in the command line interface of HPE Instant AOS-8 and AOS-10. This vulnerability enables authenticated remote attackers to create arbitrary files on the system, which poses a significant risk as it may lead to unauthorized remote command execution on the underlying operating system. It is crucial for organizations using these products to assess their environments for potential exploitation paths and apply necessary mitigations.",HP,"HP Aruba Networking Access Points, Instant Aos-8, And Aos-10",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T23:15:00.000Z,0
CVE-2024-47463,https://securityvulnerability.io/vulnerability/CVE-2024-47463,Arbitrary File Creation Vulnerability Could Lead to Remote Command Execution,"An arbitrary file creation vulnerability has been identified in the command line interface of Instant AOS-8 and AOS-10. This flaw allows an authenticated remote attacker to create arbitrary files on the system. If exploited, this could lead to the execution of arbitrary commands on the underlying operating system, posing a serious security risk. Organizations using these versions need to assess their systems and apply any relevant updates or mitigations as outlined by HPE to safeguard against potential exploitation.",HP,"HP Aruba Networking Access Points, Instant Aos-8, And Aos-10",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T23:15:00.000Z,0
CVE-2024-47461,https://securityvulnerability.io/vulnerability/CVE-2024-47461,Authenticated Command Injection Vulnerability,"An authenticated command injection vulnerability exists within the command line interface of HPE Instant AOS-8 and AOS-10 products. This security issue enables attackers to execute arbitrary commands with privileged user rights on the underlying operating system. Successful exploitation poses significant risks, including the total compromise of the host operating system. Organizations utilizing affected Instant AOS products must take immediate action to mitigate potential risks associated with this vulnerability.",HP,"HP Aruba Networking Access Points, Instant Aos-8, And Aos-10",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T22:54:12.794Z,0
CVE-2024-47460,https://securityvulnerability.io/vulnerability/CVE-2024-47460,Unauthenticated Remote Code Execution Vulnerability in PAPI,"A command injection vulnerability has been identified in the CLI service associated with Aruba's Access Point management protocol, specifically affecting communications through the PAPI UDP port (8211). An attacker can exploit this vulnerability by sending specially crafted packets, leading to the potential execution of arbitrary code with elevated privileges on the underlying operating system. This vulnerability raises significant security concerns as it allows unauthorized access and control over affected Aruba Access Points, making it imperative for organizations to assess their systems and apply necessary security measures.",HP,"HP Aruba Networking Access Points, Instant Aos-8, And Aos-10",9,CRITICAL,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-11-05T22:46:26.066Z,0
CVE-2024-42509,https://securityvulnerability.io/vulnerability/CVE-2024-42509,Unauthenticated Remote Code Execution Vulnerability in PAPI Due to Command Injection,"The CVE-2024-42509 vulnerability is an unauthenticated remote code execution flaw in the PAPI protocol used by Aruba Access Points from Hewlett Packard Enterprise (HPE). Exploiting this vulnerability allows attackers to execute arbitrary code as privileged users on the underlying operating system, posing a significant risk to affected devices. HPE has released security updates to address this and other critical vulnerabilities in their Access Points, urging users to enable cluster security and block access to specific UDP ports to mitigate the risk. Although these vulnerabilities have not been reported as exploited in the wild, they are attractive targets for threat actors, and there is a potential for exploitation of unpatched systems in the near future.",HP,"HP Aruba Networking Access Points, Instant Aos-8, And Aos-10",9.8,CRITICAL,0.0004299999854993075,false,,true,false,true,2024-11-11T09:57:13.000Z,,false,false,,2024-11-05T22:34:31.648Z,0
CVE-2024-9579,https://securityvulnerability.io/vulnerability/CVE-2024-9579,Poly Video Conferencing Devices Vulnerable to Firmware Flaw,A vulnerability affecting various Poly video conferencing devices has been identified due to improper sanitization of user input within the firmware. This flaw presents a potential pathway for exploitation through a sophisticated layered attack strategy. It is crucial for users of these affected products to remain vigilant and implement security protocols to mitigate risks associated with potential exploitation of this vulnerability.,"HP, Inc.",Certain Poly Video Conference Devices,7.5,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-11-05T16:22:01.465Z,0
CVE-2024-42507,https://securityvulnerability.io/vulnerability/CVE-2024-42507,Unauthenticated Remote Code Execution Vulnerability in PAPI CLI Service,"The vulnerability arises from command injection flaws present in the Command Line Interface (CLI) service associated with Aruba's Access Point management protocol (PAPI). By exploiting these vulnerabilities, an attacker can send specially crafted packets to the UDP port 8211, leading to unauthorized remote code execution. This allows the attacker to run arbitrary code with elevated privileges on the underlying operating system. Organizations using affected Aruba Access Points should take immediate action to assess their security posture and apply any necessary updates or mitigations.",HP,Aruba Os,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-25T01:15:00.000Z,0
CVE-2024-42505,https://securityvulnerability.io/vulnerability/CVE-2024-42505,Unauthenticated Remote Code Execution through Command Injection Vulnerabilities,"The vulnerability presents command injection risks within Aruba's Command Line Interface (CLI) service, which could allow unauthorized remote code execution. Attackers may exploit this vulnerability by sending specially crafted packets to the Protocol for Access Point Management Interface (PAPI) over UDP port 8211. Successful exploitation permits execution of arbitrary code with elevated privileges on the operating system, posing significant security risks to affected Aruba Access Points. Organizations utilizing vulnerable products should assess their exposure and apply recommended mitigations to secure their network infrastructure.",HP,Aruba Os,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-25T01:15:00.000Z,0
CVE-2024-42506,https://securityvulnerability.io/vulnerability/CVE-2024-42506,Unauthenticated Remote Code Execution Vulnerability in Aruba's Access Point Management Protocol,"The vulnerability presents a command injection issue within the CLI services utilized by Aruba's Access Point management protocol (PAPI). This allows for unauthenticated attackers to send malicious packets to the UDP port 8211, potentially resulting in remote code execution. Such exploitation enables unauthorized execution of arbitrary commands as a privileged user on the affected operating systems, posing significant security risks to network infrastructure relying on Aruba access points.",HP,Aruba Os,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-25T01:15:00.000Z,0
CVE-2024-5760,https://securityvulnerability.io/vulnerability/CVE-2024-5760,Potential Vulnerability in Samsung Universal Print Driver Could Lead to Reverse Shell Creation,"The Samsung Universal Print Driver for Windows has a vulnerability that could allow attackers to escalate privileges on systems running an affected version. This flaw enables the creation of a reverse shell, which can be exploited by malicious users to gain unauthorized access to the underlying system. The vulnerability specifically affects versions of the printer driver released or manufactured prior to 2018, posing a significant risk to organizations still utilizing these outdated components.",HP,Samsung Universal Print Driver,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-11T15:18:31.777Z,0
CVE-2024-7720,https://securityvulnerability.io/vulnerability/CVE-2024-7720,HP Security Manager Vulnerable to Remote Code Execution,"HP Security Manager is potentially vulnerable to remote code execution due to a flaw in its implementation of open-source libraries. This vulnerability could allow attackers to execute arbitrary code on vulnerable systems, which may lead to unauthorized access or other malicious activities. Users and system administrators are advised to review their deployments and apply necessary security measures to mitigate any risks associated with this vulnerability.",HP,HP Security Manager,9.8,CRITICAL,0.0009299999801442027,false,,false,false,false,,,false,false,,2024-08-27T17:28:11.272Z,0
CVE-2024-41912,https://securityvulnerability.io/vulnerability/CVE-2024-41912,Firmware Flaw in Poly Clariti Manager Devices Leaves Access Controls Vulnerable,"A significant vulnerability has been identified in the firmware of Poly Clariti Manager devices, particularly affecting builds up to version 10.10.2.2. This flaw arises from an inadequate implementation of access controls, potentially allowing unauthorized access to sensitive system functions. Such vulnerabilities can compromise the integrity and confidentiality of device management, presenting risks to organizations relying on the software for secure communications.",HP,Poly Clariti Manager,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-07T19:54:47.266Z,0
CVE-2024-42395,https://securityvulnerability.io/vulnerability/CVE-2024-42395,Remote Code Execution Vulnerability in HPE AP Certificate Management Service,"A vulnerability exists in the HPE AP Certificate Management Service that enables unauthenticated remote code execution (RCE) attacks. If exploited, this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system, potentially leading to a full system compromise. This could jeopardize sensitive data and disrupt normal operations, making it essential for users of the affected service to implement necessary mitigations and updates to safeguard their systems.",HP,"Instantos,Arubaos",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-06T19:15:00.000Z,0
CVE-2024-42394,https://securityvulnerability.io/vulnerability/CVE-2024-42394,Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol,"The Soft AP Daemon Service from Hewlett Packard Enterprise contains vulnerabilities that can be exploited by a threat actor to perform unauthenticated remote code execution (RCE) attacks. If successfully exploited, this vulnerability allows an attacker to execute arbitrary commands on the underlying operating system, which could lead to a complete system compromise. It is crucial for organizations using this service to assess their vulnerability management strategies and implement necessary patches to guard against potential exploits.",HP,HP Aruba Networking Instantos And Aruba Access Points Running Arubaos 10,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-06T19:15:00.000Z,0
CVE-2024-42393,https://securityvulnerability.io/vulnerability/CVE-2024-42393,Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol,"The Soft AP Daemon Service developed by Hewlett Packard Enterprise has a vulnerability that permits remote code execution without authentication. This flaw could allow an attacker to run arbitrary commands on the host operating system, posing a severe risk to the integrity and availability of the system. Exploitation of this vulnerability can lead to complete compromise of affected systems, making it essential for users to apply security patches and mitigations as soon as they are available. Comprehensive monitoring and proactive security measures are recommended to safeguard against potential exploitation.",HP,HP Aruba Networking Instantos And Aruba Access Points Running Arubaos 10,9.8,CRITICAL,0.0009299999801442027,false,,false,false,false,,,false,false,,2024-08-06T19:15:00.000Z,0
CVE-2024-41913,https://securityvulnerability.io/vulnerability/CVE-2024-41913,Firmware Vulnerability in Poly Clariti Manager Devices,"A flaw has been identified in the firmware of Poly Clariti Manager, specifically affecting builds up to version 10.10.2.2. This vulnerability arises due to inadequate sanitization of user input, potentially allowing attackers to exploit this weakness. Successful exploitation may lead to unauthorized actions, affecting the overall security posture of systems utilizing this firmware. Organizations using Poly Clariti Manager should assess their systems and take appropriate measures to mitigate any risks associated with this vulnerability.",HP,Poly Clariti Manager,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-08-06T13:57:29.551Z,0