cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-25039,https://securityvulnerability.io/vulnerability/CVE-2025-25039,Command Injection Vulnerability in HPE Aruba Networking Product,"A vulnerability exists in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) that enables remote authenticated users to execute arbitrary commands on the underlying host system. Successful exploitation of this flaw allows attackers to perform unwanted actions as a lower privileged user, potentially compromising the system and its data.",HP (HP),HP Aruba Networking Clearpass Policy Manager,4.7,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T18:13:23.132Z,0
CVE-2025-23060,https://securityvulnerability.io/vulnerability/CVE-2025-23060,Sensitive Data Exposure in HPE Aruba Networking ClearPass Policy Manager,"The HPE Aruba Networking ClearPass Policy Manager has a vulnerability that may allow sensitive unencrypted information to be exposed in specific scenarios. This security flaw could enable an attacker to launch a man-in-the-middle attack, which poses a risk of unauthorized access to network resources and facilitates data tampering activities, compromising overall network integrity.",HP (HP),HP Aruba Networking Clearpass Policy Manager,6.6,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T18:11:41.371Z,0
CVE-2025-23059,https://securityvulnerability.io/vulnerability/CVE-2025-23059,Sensitive Data Exposure in HPE Aruba Networking ClearPass Policy Manager,"A vulnerability exists in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager, allowing authenticated remote attackers with high privileges to access directories containing sensitive information. Successful exploitation of this vulnerability could lead to the unauthorized retrieval of sensitive data, potentially compromising the system's integrity and security.",HP (HP),HP Aruba Networking Clearpass Policy Manager,6.8,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T18:10:21.793Z,0
CVE-2025-23058,https://securityvulnerability.io/vulnerability/CVE-2025-23058,Privilege Escalation Vulnerability in ClearPass Policy Manager by HPE,"A critical vulnerability in the ClearPass Policy Manager web-based management interface permits low-privileged authenticated users to exploit unauthorized access. This allows such users to execute functions typically restricted to administrators, including the ability to alter settings and access sensitive data. The successful exploitation of this vulnerability could lead to an escalation of privileges, compromising the security of the system.",HP (HP),HP Aruba Networking Clearpass Policy Manager,8.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-04T18:07:56.711Z,0
CVE-2025-1003,https://securityvulnerability.io/vulnerability/CVE-2025-1003,Authentication Bypass in HP Anyware Agent for Linux,"A potential vulnerability in HP Anyware Agent for Linux could allow unauthorized users to bypass authentication mechanisms, leading to potential privilege escalation. HP has acknowledged this issue and is in the process of releasing a software update to address this vulnerability. Users are advised to stay updated and apply the patches as soon as they are made available to safeguard their systems.","HP, Inc.",HP Anyware Linux Agent,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-04T00:15:00.000Z,0
CVE-2025-23053,https://securityvulnerability.io/vulnerability/CVE-2025-23053,Privilege Escalation in HPE Aruba Networking Fabric Composer,"A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer allows an authenticated low privilege operator user to alter certain system settings. This flaw can lead to privilege escalation, enabling unauthorized control over the affected system's configurations.",HP (HP),HP Aruba Networking Fabric Composer (afc),6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T17:21:45.987Z,0
CVE-2025-23054,https://securityvulnerability.io/vulnerability/CVE-2025-23054,Vulnerability in HPE Aruba Networking Fabric Composer Management Interface,"A security flaw exists in the web-based management interface of HPE Aruba Networking Fabric Composer that could enable authenticated low-privilege users to execute operations beyond their authorized capabilities. If exploited, this vulnerability may allow an attacker to manipulate user-generated files, which could lead to unauthorized modifications in critical system configurations, impacting overall network integrity and security.",HP (HP),HP Aruba Networking Fabric Composer (afc),6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T17:17:17.694Z,0
CVE-2025-23057,https://securityvulnerability.io/vulnerability/CVE-2025-23057,Stored Cross-Site Scripting Vulnerability in HPE Aruba Networking Fabric Composer,"A vulnerability exists in the web management interface of HPE Aruba Networking Fabric Composer that could allow an authenticated remote attacker to execute a stored cross-site scripting (XSS) attack. If exploited, this flaw permits a malicious actor to run arbitrary script code in the web browser of an affected user, potentially compromising session integrity and user data.",HP (HP),HP Aruba Networking Fabric Composer (afc),5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T17:12:23.359Z,0
CVE-2025-23056,https://securityvulnerability.io/vulnerability/CVE-2025-23056,Stored Cross-Site Scripting Vulnerability in HPE Aruba Networking Fabric Composer,"A vulnerability exists within the web management interface of HPE Aruba Networking Fabric Composer that allows an authenticated remote attacker to perform a stored cross-site scripting (XSS) attack. This security flaw enables the attacker to execute arbitrary script code in the web browsers of users accessing the compromised interface, potentially leading to unauthorized data access and manipulation.",HP (HP),HP Aruba Networking Fabric Composer (afc),5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T17:11:58.146Z,0
CVE-2025-23055,https://securityvulnerability.io/vulnerability/CVE-2025-23055,Stored Cross-Site Scripting Vulnerability in HPE Aruba Networking Fabric Composer,"A vulnerability exists in the web management interface of HPE Aruba Networking Fabric Composer that enables an authenticated remote attacker to execute stored cross-site scripting (XSS) attacks. By exploiting this issue, a threat actor can execute arbitrary JavaScript code in the web browsers of users who access the compromised interface, potentially leading to unauthorized actions being performed on behalf of the victim.",HP (HP),HP Aruba Networking Fabric Composer (afc),5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-28T17:11:38.749Z,0
CVE-2025-23052,https://securityvulnerability.io/vulnerability/CVE-2025-23052,Authenticated Command Injection Vulnerability in HPE Network Management Service,"An authenticated command injection vulnerability exists within the command line interface of HPE's network management service. When exploited, this flaw could enable an attacker to run arbitrary commands in the context of a privileged user on the host operating system. This risk emphasizes the importance of securing command interfaces and implementing robust authentication measures to prevent unauthorized access.",HP (HP),HP Aruba Networking Aos,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:16:00.000Z,0
CVE-2025-23051,https://securityvulnerability.io/vulnerability/CVE-2025-23051,Parameter Injection Vulnerability in AOS-8 and AOS-10 Operating Systems by HPE,"An authenticated parameter injection vulnerability within the web-based management interface of HPE's AOS-8 and AOS-10 operating systems poses significant security risks. If exploited, an authenticated user could perform parameter injection attacks to overwrite arbitrary system files, potentially compromising the integrity of the system and leading to unauthorized access or loss of data.",HP (HP),HP Aruba Networking Aos,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T18:16:00.000Z,60
CVE-2024-54010,https://securityvulnerability.io/vulnerability/CVE-2024-54010,Firewall Vulnerability in HPE Aruba Networking CX 10000 Series Switches,"A vulnerability exists within the firewall component of HPE Aruba Networking CX 10000 Series Switches that could enable an unauthenticated adjacent attacker to execute a packet forwarding attack against ICMP and UDP protocols. Successful exploitation allows attackers to bypass security policies, leading to the potential for unauthorized data exposure, especially in switch configurations that permit packet routing at layer 3. Configurations barring network traffic routing remain unaffected.",HP (HP),Aos-cx,3.4,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-08T21:15:00.000Z,0
CVE-2024-54009,https://securityvulnerability.io/vulnerability/CVE-2024-54009,Remote Authentication Bypass Vulnerability in HPE Alletra Storage Systems,"CVE-2024-54009 is a high-risk remote authentication bypass vulnerability found in the HPE Alletra Storage MP B10000. This flaw allows an attacker to remotely exploit the system, potentially enabling unauthorized access and the disclosure of sensitive information. Organizations using versions of the HPE Alletra Storage MP B10000 prior to 10.4.5 are urged to apply available security updates to mitigate this critical risk. For detailed information on how to safeguard your systems, refer to the official HPE support documentation.",HP,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T23:15:00.000Z,0
CVE-2020-6923,https://securityvulnerability.io/vulnerability/CVE-2020-6923,Memory Buffer Overflow Vulnerability in HP Linux Imaging and Printing Software,"CVE-2020-6923 is a critical memory buffer overflow vulnerability affecting the HP Linux Imaging and Printing (HPLIP) software. This flaw can lead to unauthorized code execution and compromise the integrity of the affected system. It is essential for users and organizations employing HPLIP software versions up to 3.20.3 to review their security settings and apply necessary updates. Given the nature of buffer overflow vulnerabilities, successful exploitation could allow attackers to execute arbitrary code, potentially leading to significant security risks. For detailed guidance on mitigation and updates, refer to HP's official support documentation.",HP,HP Linux Imaging And Printing Software,5.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T18:16:32.364Z,0
CVE-2024-51771,https://securityvulnerability.io/vulnerability/CVE-2024-51771,HPE ClearPass Policy Manager Vulnerability Allows Remote Code Execution,A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system.,HP,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-03T20:15:00.000Z,0
CVE-2024-11856,https://securityvulnerability.io/vulnerability/CVE-2024-11856,Unauthorized Data Modification Vulnerability in HPE IceWall Products,A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification.,HP,HP Icewall,3.7,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-02T02:43:51.554Z,0
CVE-2024-53676,https://securityvulnerability.io/vulnerability/CVE-2024-53676,Remote Code Execution Vulnerability Affects HPE Insight Remote Support,"A directory traversal vulnerability exists within Hewlett Packard Enterprise Insight Remote Support software that could be exploited by an attacker to gain unauthorized access to the system. This flaw allows an adversary to craft a malicious input, potentially leading to the execution of arbitrary code on the affected system. Proper configuration and ongoing security updates are crucial for mitigating the risks associated with this vulnerability.",HP,HP Insight Remote Support,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-11-27T01:15:00.000Z,0
CVE-2024-53674,https://securityvulnerability.io/vulnerability/CVE-2024-53674,HPE Insight Remote Support XML External Entity Injection Vulnerability,"An XML external entity injection (XXE) vulnerability exists in HPE Insight Remote Support, potentially allowing remote users to exploit this weakness and disclose sensitive information under specific circumstances. This flaw emphasizes the importance of secure XML parsing configurations and highlights the risks associated with improperly validated XML input. Organizations using HPE Insight Remote Support should assess their environment for potential exposure and apply relevant security patches or mitigations as necessary.",HP,HP Insight Remote Support,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-11-26T22:15:00.000Z,0
CVE-2024-53675,https://securityvulnerability.io/vulnerability/CVE-2024-53675,HPE Insight Remote Support XML External Entity Injection Vulnerability,"An XML external entity injection (XXE) vulnerability exists in HPE Insight Remote Support, which may allow remote attackers to exploit this weakness to disclose sensitive information under certain conditions. Implementing adequate input validation and configuring secure settings can mitigate risks associated with this vulnerability.",HP,HP Insight Remote Support,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-11-26T22:15:00.000Z,0
CVE-2024-53673,https://securityvulnerability.io/vulnerability/CVE-2024-53673,Unauthenticated Java Deserialization Vulnerability in HPE Remote Insight Support,"A vulnerability exists in HPE Remote Insight Support, characterized by improper handling of Java object deserialization. This flaw enables unauthenticated attackers to potentially execute arbitrary code within the affected systems. Exploitation of this vulnerability could lead to severe consequences, including system compromise and unauthorized access to sensitive data. Organizations using HPE Remote Insight Support are strongly advised to assess their security posture and implement appropriate mitigations to safeguard against potential attacks.",HP,Insight Remote Support,9.8,CRITICAL,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-11-26T22:15:00.000Z,0
CVE-2024-11622,https://securityvulnerability.io/vulnerability/CVE-2024-11622,HPE Insight Remote Support Exposes XML External Entity Injection Vulnerability,"An XML external entity injection (XXE) vulnerability exists within the HPE Insight Remote Support software, which can be exploited by remote users to gain unauthorized access to sensitive information. This vulnerability arises when the application processes XML inputs without adequate validation, potentially allowing attackers to craft malicious XML data. By exploiting this weakness, attackers may target system configurations or sensitive data stored within the server, leading to potential information disclosure. Security best practices recommend immediate evaluation and patching of the affected software versions to mitigate risks associated with this vulnerability.",HP,HP Insight Remote Support,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-11-26T21:31:11.004Z,0
CVE-2024-51766,https://securityvulnerability.io/vulnerability/CVE-2024-51766,"HPE NonStop DISK UTIL, Local Denial of Service vulnerability",A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versions of L-series and J-series.,HP,HP Nonstop Disk Util,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T12:15:00.000Z,0
CVE-2024-51765,https://securityvulnerability.io/vulnerability/CVE-2024-51765,HPE Cray DVS Vulnerability,"A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.",HP,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T22:15:00.000Z,0
CVE-2024-51764,https://securityvulnerability.io/vulnerability/CVE-2024-51764,HPE Data Management Framework Suite Vulnerability May Allow Unauthorized Access,"A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.",HP,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-15T22:15:00.000Z,0