Export limit exceeded: 324377 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (435 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1479 | 1 Lenovo | 2 Legion Space For Legion Go, Legion Space For Legion Pc | 2026-02-26 | 5.3 Medium |
| An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code. | ||||
| CVE-2025-2501 | 1 Lenovo | 2 Pc Manager, Pcmanager | 2026-02-26 | 7.8 High |
| An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | ||||
| CVE-2025-2502 | 1 Lenovo | 2 Pc Manager, Pcmanager | 2026-02-26 | 7.8 High |
| An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | ||||
| CVE-2025-8098 | 1 Lenovo | 2 Pc Manager, Pcmanager | 2026-02-26 | 7.8 High |
| An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. | ||||
| CVE-2025-8486 | 1 Lenovo | 2 Pc Manager, Pcmanager | 2026-02-26 | 7.8 High |
| A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges. | ||||
| CVE-2025-10581 | 1 Lenovo | 2 Pc Manager, Pcmanager | 2026-02-26 | 7.8 High |
| A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges. | ||||
| CVE-2025-10495 | 1 Lenovo | 5 App Store, Browser, Legion Zone and 2 more | 2026-02-26 | 7.5 High |
| A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code. | ||||
| CVE-2026-0421 | 1 Lenovo | 4 Thinkpad L13 Gen 6 2 In 1 Bios, Thinkpad L13 Gen 6 Bios, Thinkpad L14 Gen 6 Bios and 1 more | 2026-02-26 | 6.5 Medium |
| A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode. | ||||
| CVE-2025-13454 | 1 Lenovo | 8 Thinkplus Fu100, Thinkplus Fu100 Firmware, Thinkplus Fu200 and 5 more | 2026-02-25 | 5.5 Medium |
| A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information. | ||||
| CVE-2025-13453 | 1 Lenovo | 8 Thinkplus Fu100, Thinkplus Fu100 Firmware, Thinkplus Fu200 and 5 more | 2026-02-25 | 4.6 Medium |
| A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive. | ||||
| CVE-2025-13455 | 1 Lenovo | 8 Thinkplus Fu100, Thinkplus Fu100 Firmware, Thinkplus Fu200 and 5 more | 2026-02-23 | 7.8 High |
| A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint. | ||||
| CVE-2017-5638 | 7 Apache, Arubanetworks, Hp and 4 more | 13 Struts, Clearpass Policy Manager, Server Automation and 10 more | 2025-10-22 | 9.8 Critical |
| The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. | ||||
| CVE-2025-8061 | 2 Lenovo, Microsoft | 3 Dispatcher, Windows, Windows 11 | 2025-09-22 | 7 High |
| A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default. | ||||
| CVE-2025-9319 | 1 Lenovo | 1 Wallpaper Client | 2025-09-15 | 7.5 High |
| A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions. | ||||
| CVE-2025-9214 | 1 Lenovo | 1 Printer | 2025-09-15 | 5.4 Medium |
| A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service. | ||||
| CVE-2025-8557 | 1 Lenovo | 1 Xclarity Orchestrator | 2025-09-15 | 8.8 High |
| An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator (LXCO) network segment may be able to manipulate the local device to create an alternate communication channel which could allow the attacker, under certain conditions, to directly interact with backend LXCO API services typically inaccessible to users. While access controls may limit the scope of interaction, this could result in unauthorized access to internal functionality or data. This issue is not exploitable from remote networks. | ||||
| CVE-2025-9201 | 1 Lenovo | 2 Browser, Browser Hd | 2025-09-15 | 7.8 High |
| A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges. | ||||
| CVE-2024-2659 | 1 Lenovo | 138 Fan Power Controller, Nextscale N1200 Enclosure, Nextscale N1200 Enclosure Firmware and 135 more | 2025-08-27 | 7.2 High |
| A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function. | ||||
| CVE-2025-6230 | 1 Lenovo | 2 Commercial Vantage, Vantage | 2025-08-19 | 5.3 Medium |
| A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands. | ||||
| CVE-2021-3453 | 1 Lenovo | 42 730s-13iml, 730s-13iml Firmware, Ideacentre Aio 5-24imb05 and 39 more | 2025-07-24 | 6.8 Medium |
| Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage. | ||||