Filtered by vendor Hpe
Subscriptions
Total
257 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-37165 | 1 Hpe | 1 Aruba Instant On | 2026-03-02 | 7.5 High |
| A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets. | ||||
| CVE-2026-23597 | 1 Hpe | 1 Aruba Networking Private 5g Core | 2026-03-02 | 6.5 Medium |
| Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities. | ||||
| CVE-2026-23595 | 1 Hpe | 1 Aruba Networking Private 5g Core | 2026-02-28 | 8.8 High |
| An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configurations, and access or manipulate sensitive data. | ||||
| CVE-2026-23596 | 1 Hpe | 1 Aruba Networking Private 5g Core | 2026-02-28 | 6.5 Medium |
| A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability. | ||||
| CVE-2026-23598 | 1 Hpe | 1 Aruba Networking Private 5g Core | 2026-02-28 | 6.5 Medium |
| Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well as to gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities. | ||||
| CVE-2025-37166 | 1 Hpe | 1 Aruba Instant On | 2026-02-26 | 7.5 High |
| A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this vulnerability to conduct a Denial-of-Service attack on a target network. | ||||
| CVE-2025-37099 | 1 Hpe | 1 Insight Remote Support | 2026-02-26 | 9.8 Critical |
| A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646. | ||||
| CVE-2025-37089 | 1 Hpe | 1 Storeonce System | 2026-02-26 | 9.8 Critical |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | ||||
| CVE-2025-37091 | 1 Hpe | 1 Storeonce System | 2026-02-26 | 7.2 High |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | ||||
| CVE-2025-37092 | 1 Hpe | 1 Storeonce System | 2026-02-26 | 9.8 Critical |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | ||||
| CVE-2025-37093 | 1 Hpe | 1 Storeonce System | 2026-02-26 | 9.8 Critical |
| An authentication bypass vulnerability exists in HPE StoreOnce Software. | ||||
| CVE-2025-37096 | 1 Hpe | 1 Storeonce System | 2026-02-26 | 9.8 Critical |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | ||||
| CVE-2024-51768 | 1 Hpe | 1 Autopass License Server | 2026-02-26 | 8 High |
| An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | ||||
| CVE-2025-37105 | 1 Hpe | 1 Autopass License Server | 2026-02-26 | 7.5 High |
| An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | ||||
| CVE-2025-37146 | 1 Hpe | 1 Arubaos | 2026-02-26 | 7.2 High |
| A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2025-37132 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the underlying operating system. | ||||
| CVE-2025-37133 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2025-37134 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2025-37155 | 1 Hpe | 1 Arubaos-cx | 2026-02-26 | 7.8 High |
| A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system. | ||||
| CVE-2025-37157 | 1 Hpe | 1 Arubaos-cx | 2026-02-26 | 6.7 Medium |
| A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system. | ||||