Filtered by vendor Hpe
Subscriptions
Total
302 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-37111 | 1 Hpe | 1 Telco Network Function Virtual Orchestrator | 2026-04-15 | 6 Medium |
| A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information. | ||||
| CVE-2025-37109 | 1 Hpe | 1 Telco Service Activator | 2026-04-15 | 3.5 Low |
| Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product | ||||
| CVE-2025-37148 | 1 Hpe | 1 Arubaos | 2026-04-15 | 6.5 Medium |
| A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual intervention to restore functionality. | ||||
| CVE-2026-23818 | 1 Hpe | 2 Aruba Networking Private 5g Core, Private 5g Core | 2026-04-14 | 8.8 High |
| A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page. | ||||
| CVE-2026-23813 | 1 Hpe | 1 Arubaos-cx | 2026-03-30 | 9.8 Critical |
| A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password. | ||||
| CVE-2026-23814 | 1 Hpe | 1 Arubaos-cx | 2026-03-20 | 8.8 High |
| A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior. | ||||
| CVE-2026-23815 | 1 Hpe | 1 Arubaos-cx | 2026-03-20 | 7.2 High |
| A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful exploitation could allow an attacker to execute unauthorized commands. | ||||
| CVE-2026-23816 | 1 Hpe | 1 Arubaos-cx | 2026-03-20 | 7.2 High |
| A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2025-37184 | 2 Arubanetworks, Hpe | 2 Edgeconnect Sd-wan Orchestrator, Edgeconnect Sd-wan Orchestrator | 2026-03-03 | 9.8 Critical |
| A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacker to bypass multi-factor authentication requirements. Successful exploitation could allow an attacker to create an admin user account without the necessary multi-factor authentication, thereby compromising the integrity of secured access to the system. | ||||
| CVE-2025-37099 | 1 Hpe | 1 Insight Remote Support | 2026-02-26 | 9.8 Critical |
| A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646. | ||||
| CVE-2025-37089 | 1 Hpe | 1 Storeonce System | 2026-02-26 | 9.8 Critical |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | ||||
| CVE-2025-37091 | 1 Hpe | 1 Storeonce System | 2026-02-26 | 7.2 High |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | ||||
| CVE-2025-37092 | 1 Hpe | 1 Storeonce System | 2026-02-26 | 9.8 Critical |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | ||||
| CVE-2025-37093 | 1 Hpe | 1 Storeonce System | 2026-02-26 | 9.8 Critical |
| An authentication bypass vulnerability exists in HPE StoreOnce Software. | ||||
| CVE-2025-37096 | 1 Hpe | 1 Storeonce System | 2026-02-26 | 9.8 Critical |
| A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | ||||
| CVE-2024-51768 | 1 Hpe | 1 Autopass License Server | 2026-02-26 | 8 High |
| An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | ||||
| CVE-2025-37105 | 1 Hpe | 1 Autopass License Server | 2026-02-26 | 7.5 High |
| An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | ||||
| CVE-2025-37132 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the underlying operating system. | ||||
| CVE-2025-37133 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2025-37134 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2026-02-26 | 7.2 High |
| An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | ||||