ReportizFlow
Filtered by vendor Lenovo
Subscriptions
Total
472 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13154 | 1 Lenovo | 1 Vantage | 2026-04-15 | 5.5 Medium |
| An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges. | ||||
| CVE-2024-45101 | 1 Lenovo | 1 Xclarity Administrator | 2026-04-15 | 6.8 Medium |
| A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL. | ||||
| CVE-2024-33581 | 1 Lenovo | 1 Pcmanager | 2026-04-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2023-5912 | 1 Lenovo | 1 Notebook | 2026-04-15 | 6.7 Medium |
| A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables. | ||||
| CVE-2024-4762 | 1 Lenovo | 2 Accessories And Display Manager, Display Control Center | 2026-04-15 | 7.8 High |
| An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges. | ||||
| CVE-2024-4763 | 1 Lenovo | 2 Accessories And Display Manager, Display Control Center | 2026-04-15 | 7.8 High |
| An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to kernel. | ||||
| CVE-2024-4550 | 1 Lenovo | 5 Thinkstation P360 Workstation Firmware, Thinksystem St50 Firmware, Thinksystem St50 V2 Firmware and 2 more | 2026-04-15 | 6.7 Medium |
| A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code. | ||||
| CVE-2024-27911 | 1 Lenovo | 6 Lingxlang G262dn Firmware, Lingxlang G336dn Firmware, Lingxlang Gm265dn Firmware and 3 more | 2026-04-15 | 7.5 High |
| A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password. | ||||
| CVE-2024-27912 | 1 Lenovo | 6 Lingxlang G262dn Firmware, Lingxlang G336dn Firmware, Lingxlang Gm265dn Firmware and 3 more | 2026-04-15 | 7.5 High |
| A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets. | ||||
| CVE-2024-6001 | 1 Lenovo | 1 Accessories And Display Manager | 2026-04-15 | 8.1 High |
| An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevated privileges. | ||||
| CVE-2024-2175 | 1 Lenovo | 2 Accessories And Display Manager, Display Control Center | 2026-04-15 | 7.8 High |
| An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges. | ||||
| CVE-2024-12673 | 1 Lenovo | 1 Vantage | 2026-04-15 | 7.8 High |
| An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1) | ||||
| CVE-2026-1715 | 1 Lenovo | 2 Baiying, Vantage | 2026-03-25 | 7.1 High |
| An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges. | ||||
| CVE-2026-1716 | 1 Lenovo | 2 Baiying, Vantage | 2026-03-25 | 7.1 High |
| An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges. | ||||
| CVE-2026-1717 | 1 Lenovo | 2 Baiying, Vantage | 2026-03-25 | 5.5 Medium |
| An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges. | ||||
| CVE-2026-1068 | 1 Lenovo | 1 Filez | 2026-03-20 | 5.3 Medium |
| An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application. | ||||
| CVE-2026-2368 | 1 Lenovo | 1 Filez | 2026-03-20 | 7.1 High |
| An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code. | ||||
| CVE-2026-0940 | 1 Lenovo | 8 Thinkpad P14s Gen 5 Bios, Thinkpad P15v Gen 3 Bios, Thinkpad P16v Gen 1 Bios and 5 more | 2026-03-20 | 6.7 Medium |
| A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code. | ||||
| CVE-2026-1652 | 1 Lenovo | 1 Smart Connect | 2026-03-20 | 6.1 Medium |
| A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to corrupt memory and cause a Windows blue screen error. | ||||
| CVE-2026-1653 | 1 Lenovo | 1 Smart Connect | 2026-03-20 | 5.5 Medium |
| A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Windows blue screen error. | ||||