Search Results (480 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-6511 1 Lenovo 1 Smart Connect 2026-07-16 5.5 Medium
During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system.
CVE-2026-9046 1 Lenovo 2 App Store, Legion Zone 2026-07-16 7 High
A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code.
CVE-2026-13103 1 Lenovo 1 App Store 2026-07-16 7.3 High
A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code.
CVE-2026-13104 1 Lenovo 1 App Store 2026-07-16 7.3 High
A potential vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code with elevated privileges.
CVE-2026-14371 1 Lenovo 1 Xclarity Integrator For Microsoft Windows Admin Center 2026-07-16 N/A
The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands.
CVE-2026-10587 1 Lenovo 57 Ideapad 5 15aba7 Bios, Ideapad Pro 5 16agp11 Bios, Ideapad Pro 5 16asp10 Bios and 54 more 2026-07-16 6 Medium
A potential out-of-bounds write vulnerability could allow a local privileged attacker to modify power management settings in System Management Mode.
CVE-2026-10588 1 Lenovo 57 Ideapad 5 15aba7 Bios, Ideapad Pro 5 16agp11 Bios, Ideapad Pro 5 16asp10 Bios and 54 more 2026-07-16 4.4 Medium
A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory.
CVE-2026-10590 1 Lenovo 57 Ideapad 5 15aba7 Bios, Ideapad Pro 5 16agp11 Bios, Ideapad Pro 5 16asp10 Bios and 54 more 2026-07-16 4.4 Medium
A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler.
CVE-2026-9045 1 Lenovo 2 Accessories And Display Manager, Accessories And Display Manager For Enterprise 2026-06-11 7.8 High
During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.
CVE-2025-10237 1 Lenovo 188 L13 (type 20r3, 20r4) Laptops (thinkpad) Bios, L13 2-in-1 Gen 6 (type 21r7, 21r8) Laptops (thinkpad) Bios, L13 2-in-1 Gen 6 Type 21r7 21r8 Laptops Thinkpad Bios and 185 more 2026-06-11 6.7 Medium
During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions.
CVE-2025-10238 1 Lenovo 213 E14 Gen 4 (type 21e3, 21e4) Laptops (thinkpad) Bios, E14 Gen 4 Type 21e3 21e4 Laptops Thinkpad Bios, E14 Gen 5 (type 21jr, 21js) Laptop (thinkpad) Bios and 210 more 2026-06-11 6.7 Medium
During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode (SMM).
CVE-2026-6090 1 Lenovo 1 Smart Connect 2026-06-10 7 High
A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.
CVE-2026-8637 1 Lenovo 1 Lanschool Classic 2026-06-10 7.8 High
A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges.
CVE-2026-7516 1 Lenovo 1 Application 2026-06-10 4.3 Medium
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents.
CVE-2022-0354 1 Lenovo 1 System Update 2026-06-02 7.3 High
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.
CVE-2026-6282 1 Lenovo 10 Home Storage Hub T20, Home Storage Hub X20, Personal Cloud A1 and 7 more 2026-05-13 8.1 High
A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to other users on the same device.
CVE-2026-6281 1 Lenovo 10 Home Storage Hub T20, Home Storage Hub X20, Personal Cloud A1 and 7 more 2026-05-13 8.8 High
A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.
CVE-2009-0655 1 Lenovo 1 Veriface 2026-04-23 N/A
Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.
CVE-2007-2928 1 Lenovo 2 Access Support, Automated Solutions 2026-04-23 N/A
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.
CVE-2008-4589 1 Lenovo 1 Resuce And Recovery 2026-04-23 N/A
Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name.