Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-9045

Summary
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At-10 Jun, 2026 | 14:09
Updated At-10 Jun, 2026 | 16:07
Rejected At-
Credits

During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:lenovo
Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At:10 Jun, 2026 | 14:09
Updated At:10 Jun, 2026 | 16:07
Rejected At:
▼CVE Numbering Authority (CNA)

During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.

Affected Products
Vendor
Lenovo Group LimitedLenovo
Product
Accessories and Display Manager for Enterprise
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • From 0 before 1.0.9 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306: Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306: Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update Lenovo Accessories and Display Manager for Enterprise for Windows to version 1.0.9 or later.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-213623
vendor-advisory
https://support.lenovo.com/us/en/downloads/ds568567
product
patch
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-213623
Resource:
vendor-advisory
Hyperlink: https://support.lenovo.com/us/en/downloads/ds568567
Resource:
product
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@lenovo.com
Published At:10 Jun, 2026 | 15:16
Updated At:10 Jun, 2026 | 19:43

During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.5HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-306Secondarypsirt@lenovo.com
CWE ID: CWE-306
Type: Secondary
Source: psirt@lenovo.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.lenovo.com/us/en/downloads/ds568567psirt@lenovo.com
N/A
https://support.lenovo.com/us/en/product_security/LEN-213623psirt@lenovo.com
N/A
Hyperlink: https://support.lenovo.com/us/en/downloads/ds568567
Source: psirt@lenovo.com
Resource: N/A
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-213623
Source: psirt@lenovo.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

130Records found
CVE-2024-2175
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Accessories and Display ManagerDisplay Control Centerdisplay_control_centeraccessories_and_display_manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2026-8637
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-Not Assigned
Published-10 Jun, 2026 | 14:09
Updated-10 Jun, 2026 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-LanSchool Classic
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-2502
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.06% / 18.65%
||
7 Day CHG~0.00%
Published-30 May, 2025 | 19:14
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPC Manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-2501
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.07% / 20.48%
||
7 Day CHG~0.00%
Published-30 May, 2025 | 19:14
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPC Manager
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-12673
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.07% / 22.13%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 20:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1)

Action-Not Available
Vendor-Lenovo Group Limited
Product-Vantage
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2023-6043
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.42%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:08
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-vantageVantage
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-5080
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 12.28%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:06
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.

Action-Not Available
Vendor-Lenovo Group Limited
Product-tab_m8_hd_tb8505x_firmwaretab_m8_hd_tb8505fstab_p11_pro_gen_2_tb132fu_firmwaretab_m10_plus_gen_3_tb125futab_m8_hd_tb8505fs_firmwaretab_m8_hd_tb8505ftab_m8_hd_tb8505xstab_m8_hd_tb8505xs_firmwaretab_p11_pro_gen_2_tb132futab_m8_hd_tb8505xtab_m8_hd_tb8505f_firmwaretab_m10_plus_gen_3_tb125fu_firmwareTablet
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2023-4632
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.56%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 21:58
Updated-03 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateLenovo System Update
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-4706
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.05%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 21:59
Updated-02 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-preload_directory1Lenovo Preload Directory
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-4030
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.4||HIGH
EPSS-0.08% / 23.71%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 16:48
Updated-08 Oct, 2024 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t14_gen_2thinkpad_p14s_gen_2thinkpad_p15s_gen_2thinkpad_t15_gen_2_firmwarethinkpad_p14s_gen_2_firmwarethinkpad_t15_gen_2thinkpad_p15s_gen_2_firmwarethinkpad_t14_gen_2_firmwareThinkPadthinkpad
CWE ID-CWE-636
Not Failing Securely ('Failing Open')
CVE-2023-3112
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.80%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 20:31
Updated-12 Sep, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-ellipticlabsLenovo Group Limited
Product-virtual_lock_sensorai_virtual_presence_sensorthinkpad_t14_gen_3AI Virtual Presence SensorElliptic Labs Virtual Lock Sensorthinkpad_t14_gen_3
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-3078
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 14.12%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 16:47
Updated-08 Oct, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-universal_device_clientUniversal Device Client (UDC)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-1577
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.56%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 20:29
Updated-01 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Driver Managerdrivers_management
CWE ID-CWE-20
Improper Input Validation
CVE-2022-48181
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.66%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 21:01
Updated-08 Jan, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m70q_firmwarethinkcentre_m920qthinkcentre_m720t_firmwarethinkcentre_m80t_gen_3ideacentre_aio_3-27itl6_firmwarethinkcentre_m720ethinkstation_p330_gen_2thinkstation_p350_tiny_firmwarethinkcentre_m70s_firmwarethinkcentre_m70t_gen_3thinkcentre_m90q_gen_2thinkcentre_m90q_tiny_firmwarethinkcentre_neo_30a_27_gen_3_firmwareideacentre_3_07iab7_firmwareideacentre_g5-14imb05_firmwarethinkcentre_neo_50s_gen_3thinkcentre_m720qthinkcentre_m70qideacentre_5_14iab7_firmwareideacentre_aio_3-24alc6thinkstation_p330_tiny_firmwarev35s-07adav55t_gen_2_13acnthinkcentre_m90q_gen_3thinkcentre_neo_30a_27_gen_3thinkcentre_m90t_gen_3_firmwareideacentre_aio_3-24imb05_firmwarethinkcentre_m625qv50t-13imbthinkcentre_m90a_pro_gen_3_firmwarethinkcentre_t540-15ama_gideacentre_5-14are05thinkcentre_neo_50s_gen_3_firmwareideacentre_mini_5_01iaq7legion_t5-28imb05_firmwareideacentre_5-14iob6v30a-22itlideacentre_gaming_5_17acn7_firmwarethinkcentre_m70c_firmwareideacentre_510s-07ick_firmwarelegion_t530-28icb_firmwarev530s-07icb_firmwarev55t_gen_2_13acn_firmwareideacentre_aio_3-27alc6_firmwarelegion_t5-26amr5_firmwarethinkcentre_m90tthinkstation_p340ideacentre_5-14iob6_firmwarethinkcentre_m920tideacentre_aio_3-22itl6_firmwarethinkcentre_m70s_gen_3_firmwarelegion_t5-28imb05thinkstation_p350thinkcentre_m720tthinkcentre_m80q_gen_3_firmwarev530s-07icblegion_c530-19icb_firmwareideacentre_3_07ach7_firmwarethinkcentre_t540-15ama_g_firmwarelegion_t530-28icbthinkcentre_m90sthinkcentre_neo_30a_24_gen_3ideacentre_5-14are05_firmwareideacentre_510s-07icb_firmwarethinkcentre_m75s-1thinkstation_p330_tinythinkcentre_m70q_gen_2_firmwarev50s-07imbideacentre_creator_5-14iob6thinkcentre_m75s_gen_2thinkcentre_m90a_gen_3thinkstation_p340_firmwareideacentre_5-14acn6_firmwareideacentre_aio_3-24imb05ideacentre_5-14imb05ideacentre_gaming_5-14acn6legion_c530-19icbthinkcentre_m70tthinkcentre_m80tthinkcentre_m625q_firmwarethinkcentre_m90a_firmwarethinkcentre_m90a_gen_2_firmwarethinkcentre_m90a_pro_gen_3thinkstation_p360_tiny_firmwareideacentre_aio_5_24iah7thinkstation_p360_firmwareideacentre_aio_3_21itl7thinkcentre_m920s_firmwareideacentre_aio_5_27iah7_firmwareideacentre_aio_3-27imb05ideacentre_aio_3-24itl6_firmwarelenovo_legion_t5_26iab7thinkcentre_m920z_firmwareideacentre_aio_3_22iap7_firmwareideacentre_510s-07ickthinkcentre_m75t_gen_2_firmwareideacentre_aio_5_24iah7_firmwarelegion_t5-26iob6thinkcentre_neo_70t_gen_3_firmwarev50t-13iob_g2thinkcentre_m90a_gen_3_firmwareideacentre_aio_3_24iap7_firmwarethinkcentre_m90t_gen_3ideacentre_gaming_5-14iob6thinkcentre_m90q_tinylegion_t7-34imz5_firmwareideacentre_aio_3-22itl6ideacentre_g5-14imb05ideacentre_mini_5_01iaq7_firmwarethinkcentre_m70t_firmwarethinkcentre_m920xthinkcentre_neo_50t_gen_3thinkcentre_neo_70t_gen_3thinkcentre_m600_firmwareideacentre_aio_3_27iap7_firmwarethinkstation_p340_tinythinkstation_p350_tinythinkcentre_m90t_firmwarelegion_r5-28imb05thinkcentre_m720s_firmwarethinkcentre_m80sthinkcentre_m70q_gen_2thinkcentre_m75s_gen_2_firmwarelegion_t7-34iaz7thinkcentre_m80q_firmwareideacentre_aio_3-27itl6thinkcentre_m920q_firmwarethinkcentre_m920sthinkcentre_m90s_firmwareideacentre_aio_3-22imb05thinkstation_p320ideacentre_510s-07icbthinkcentre_neo_30a_22_gen_3_firmwareideacentre_mini_5-01imh05lenovo_legion_t5_26iab7_firmwarethinkcentre_m80t_gen_3_firmwareideacentre_aio_3_22iap7ideacentre_gaming_5_17acn7thinkstation_p320_firmwareideacentre_aio_3_21itl7_firmwareideacentre_3_07iab7thinkcentre_m90s_gen_3thinkcentre_neo_30a_22_gen_3thinkcentre_neo_50t_gen_3_firmwareideacentre_aio_3_27iap7ideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m720e_firmwarethinkcentre_m80qthinkcentre_m720sideacentre_720-18apr_firmwareideacentre_5_14iab7ideacentre_mini_5-01imh05_firmwarelegion_t5-26amr5thinkcentre_m920t_firmwarethinkstation_p360_tinythinkcentre_m725sthinkcentre_m75nlegion_t5-26iob6_firmwarelegion_t7-34imz5thinkcentre_m60e_tinythinkcentre_m70t_gen_3_firmwarethinkcentre_m725s_firmwarethinkcentre_neo_30a_24_gen_3_firmwarelegion_r5-28imb05_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_m60e_tiny_firmwarethinkcentre_m70q_gen_3_firmwarethinkcentre_m75s-1_firmwarethinkcentre_m90q_gen_3_firmwarelegion_t5-28icb05_firmwarethinkcentre_m90athinkcentre_m920zthinkcentre_m80s_gen_3v30a-24itl_firmwarethinkstation_p330thinkstation_p350_firmwareideacentre_aio_3-22imb05_firmwareideacentre_c5-14imb05thinkcentre_m90s_gen_3_firmwarethinkcentre_m70s_gen_3ideacentre_aio_3_24iap7ideacentre_aio_3-27alc6thinkcentre_m80q_gen_3thinkcentre_m90q_gen_2_firmwarev30a-24itlv35s-07ada_firmwarethinkcentre_m70sthinkstation_p330_gen_2_firmwarev50s-07imb_firmwarethinkstation_p340_tiny_firmwareideacentre_aio_3-24itl6ideacentre_720-18aprlegion_t5-28icb05ideacentre_c5-14imb05_firmwareideacentre_aio_3-27imb05_firmwarethinkcentre_m80s_gen_3_firmwarev530s-07icr_firmwareideacentre_3-07ada05_firmwarethinkstation_p360v30a-22itl_firmwarev530s-07icrideacentre_5-14imb05_firmwareideacentre_3_07ach7v50t-13imb_firmwareideacentre_gaming_5_17iab7ideacentre_3-07imb05_firmwarev50t-13iob_g2_firmwareideacentre_g5-14amr05thinkcentre_m70q_gen_3ideacentre_aio_3-24alc6_firmwareideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwarethinkcentre_m90a_gen_2ideacentre_5-14acn6ideacentre_aio_5_27iah7thinkcentre_m80s_firmwareideacentre_3-07imb05thinkstation_p330_firmwarelegion_t7-34iaz7_firmwareideacentre_gaming_5_17iab7_firmwareideacentre_gaming_5-14acn6_firmwarethinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m720q_firmwarethinkcentre_m600thinkcentre_m920x_firmwareThinkStation BIOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-48188
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.66%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 21:03
Updated-08 Jan, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m720s_firmwarethinkcentre_m920qthinkstation_p520_firmwarethinkcentre_m75s_gen_2_firmwarev530s-07icbthinkcentre_m720t_firmwareideacentre_510s-07icb_firmwareideacentre_aio_3-27itl6_firmwareideacentre_aio_3-27itl6thinkcentre_m720ethinkcentre_m920q_firmwarethinkcentre_m920sthinkcentre_m920zthinkstation_p330_tinyv30a-24itl_firmwareideacentre_510s-07icbthinkcentre_m75s_gen_2v30a-24itlthinkcentre_m720qthinkstation_p330_tiny_firmwarethinkstation_p520ideacentre_aio_3-24itl6ideacentre_720-18aprideacentre_aio_3_21itl7_firmwarethinkstation_p520cthinkstation_p520c_firmwareideacentre_aio_3_21itl7thinkcentre_m920s_firmwareideacentre_aio_3-24itl6_firmwarethinkcentre_m920z_firmwarev530s-07icr_firmwarethinkcentre_m720e_firmwareideacentre_510s-07ickthinkcentre_m720sideacentre_720-18apr_firmwarethinkcentre_m75t_gen_2_firmwarev30a-22itl_firmwarev530s-07icrthinkstation_p360_ultra_firmwarev30a-22itlideacentre_510s-07ick_firmwarethinkcentre_m920t_firmwarev530s-07icb_firmwarethinkcentre_m725sideacentre_aio_3-22itl6thinkcentre_m920tthinkcentre_m920xideacentre_aio_3-22itl6_firmwarethinkstation_p360_ultrathinkcentre_m720tthinkcentre_m725s_firmwarethinkcentre_m75t_gen_2thinkcentre_m720q_firmwarethinkcentre_m920x_firmwareThinkStation BIOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-12046
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.02% / 4.48%
||
7 Day CHG~0.00%
Published-10 Dec, 2025 | 14:08
Updated-12 Dec, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions.

Action-Not Available
Vendor-Lenovo Group Limited
Product-BrowserApp Store
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-8351
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.52%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 19:05
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-16
Not Available
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-8338
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 21:25
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.

Action-Not Available
Vendor-Lenovo Group Limited
Product-diagnosticsDiagnostics
CWE ID-CWE-426
Untrusted Search Path
CVE-2020-8327
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.92%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-vantageVantage
CWE ID-CWE-428
Unquoted Search Path or Element
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-8319
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.12% / 30.78%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-16 Sep, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationLenovo System Interface Foundation
CVE-2020-8333
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 11.64%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 21:05
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution

Action-Not Available
Vendor-Lenovo Group Limited
Product-qitian_b4550h50-30g_firmwarethinkcentre_m4500s_firmwarethinkcentre_m93z_firmwarethinkcentre_m4500q_firmwarethinkcentre_m9350zyangtian_mf_h81_pci_firmwarethinkcentre_m9350z_firmwarethinkstation_c3063_firmwarethinkcentre_m4500kyangtian_mc_h81_firmwareqitian_4500_firmwarethinkcentre_m93zyangtian_wcc_h81_pcithinkcentre_e73sqitian_4500qitian_m4550thinkcentre_m4500k_firmwareyangtian_mf_h81_pcithinkstation_d30_firmwarethinkcentre_e93_firmwarethinkstation_s30_firmwareqitian_m4550_firmwarethinkcentre_m4500t_firmwareyangtian_mc_h81thinkstation_d30yangtian_wf_h81_pci_firmwarem4550thinkcentre_m4500sthinkcentre_m4500qthinkcentre_e73s_firmwarethinkstation_e32_firmwareqitian_b4550_firmwarem4500m4550_firmwarethinkcentre_e73_firmwarem4500_firmwareyangtian_afh81yangtian_wcc_h81_pci_firmwarethinkcentre_e93yangtian_afh81_firmwarethinkcentre_m4500tyangtian_wf_h81_pcithinkstation_c30_firmwarethinkstation_s30yangtian_tc_h81_pci_firmwareyangtian_tc_h81_pcithinkstation_e32thinkstation_p300_firmwarethinkstation_p30063thinkcentre_e73h50-30gBIOS
CVE-2020-8318
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.12% / 30.78%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationLenovoSystemUpdatePlugin for Lenovo System Interface Foundation
CVE-2022-1890
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.66%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 15:18
Updated-01 Apr, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkbook_15-imlthinkbook_14-iml_firmwareyoga_c640-13iml_firmwarethinkbook_15-iml_firmwarethinkbook_14-iil_firmwarethinkbook_14-imlthinkbook_15-iilyoga_c640-13imlyoga_c640-13iml_lte_firmwarethinkbook_14-iilthinkbook_15-iil_firmwareyoga_c640-13iml_lteBIOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4089
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.98%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:15
Updated-17 Oct, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-superfileSuperFilesuperfile
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-13455
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.03% / 8.12%
||
7 Day CHG~0.00%
Published-14 Jan, 2026 | 22:18
Updated-23 Feb, 2026 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkplus_tu800_firmwarethinkplus_fu200_firmwarethinkplus_fu100_firmwarethinkplus_tsd303thinkplus_fu200thinkplus_tsd303_firmwarethinkplus_fu100thinkplus_tu800ThinkPlus FU100ThinkPlus TU800ThinkPlus FU200ThinkPlus TSD303
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2025-13155
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.01% / 2.35%
||
7 Day CHG~0.00%
Published-10 Dec, 2025 | 14:08
Updated-12 Dec, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper permissions vulnerability was reported in Lenovo Baiying Client that could allow a local authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Baiying Client
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-13152
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.02% / 4.48%
||
7 Day CHG~0.00%
Published-10 Dec, 2025 | 14:08
Updated-12 Dec, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-One Client
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-4130
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.98%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:15
Updated-17 Oct, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-app_storeApp Storeapp_store
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-4568
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7||HIGH
EPSS-0.05% / 16.35%
||
7 Day CHG~0.00%
Published-01 May, 2023 | 14:36
Updated-30 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateLenovo System Update
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-6231
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.08% / 24.69%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 19:19
Updated-22 Jul, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.

Action-Not Available
Vendor-Lenovo Group Limited
Product-commercial_vantagevantageVantageCommercial Vantage
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2022-4569
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.28%
||
7 Day CHG+0.01%
Published-05 Jun, 2023 | 20:59
Updated-08 Jan, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_hybrid_usb-c_with_usb-a_dockthinkpad_hybrid_usb-c_with_usb-a_dock_firmwareThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-9046
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.07%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:16
Updated-17 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-starstudiostARstudiostarstudio
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-1891
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.66%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 15:25
Updated-03 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkbook_15-imlthinkbook_14-iml_firmwareyoga_c640-13iml_firmwarethinkbook_15-iml_firmwarethinkbook_14-iil_firmwarethinkbook_14-imlthinkbook_15-iilyoga_c640-13imlyoga_c640-13iml_lte_firmwarethinkbook_14-iilthinkbook_15-iil_firmwareyoga_c640-13iml_lteBIOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-3431
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 10.67%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 18:18
Updated-19 Sep, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_5_pro-16ihu6_firmwarethinkbook_plus_g3_iap_firmwareyoga_slim_7-13itl05yoga_slim_7_carbon_13itl5thinkbook_16_g4\+_arad330-10iglideapad_5_pro-16ihu6yoga_slim_7-13itl05_firmwareyoga_duet_7-13itl6-lteyoga_slim_7-13acn05_firmwareyoga_slim_7_carbon_13itl5_firmwareslim_7_16arh7_firmwareyoga_duet_7-13iml05_firmwarethinkbook_14_g4\+_araideapad_slim_7_pro_16ach6_firmwarethinkbook_13x_itgthinkbook_16_g4\+_iapthinkbook_13x_itg_firmwareideapad_5_pro_16arh7yoga_slim_7_pro_16ach6ideapad_creator_5-16ach6_firmwarethinkbook_plus_g3_iapd330-10igl_firmwareideapad_duet_3_10igl5_firmwareyoga_slim_7_pro_16arh7yoga_slim_7-13acn05ideapad_creator_5-16ach6thinkbook_plus_g2_itg_firmwarethinkbook_plus_g2_itgthinkbook_16_g4\+_iap_firmwareyoga_slim_7_pro_16ach6_firmwareyoga_duet_7-13itl6_firmwareyoga_duet_7-13iml05ideapad_5_pro_16arh7_firmwarethinkbook_16_g4\+_ara_firmwares540-15iml_firmwareideapad_slim_7_pro_16ach6slim_7_16arh7thinkbook_16p_nx_arh_firmwareyoga_duet_7-13itl6-lte_firmwareyoga_slim_7_pro_16arh7_firmwareyoga_duet_7-13itl6thinkbook_14_g4\+_iaps540-15imlideapad_5_pro-16ach6thinkbook_14_g4\+_iap_firmwarethinkbook_14_g4\+_ara_firmwareideapad_5_pro-16ach6_firmwareideapad_duet_3_10igl5thinkbook_16p_nx_arhBIOSnotebook
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-6184
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.29%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 01:31
Updated-17 Sep, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-customer_engagement_serviceCustomer Engagement Service (CCSDK)
CVE-2019-6197
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.61%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 20:30
Updated-31 Jul, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-PC Managerpcmanager
CWE ID-CWE-287
Improper Authentication
CVE-2019-6198
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.61%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 20:30
Updated-02 Aug, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-PC Managerpcmanager
CWE ID-CWE-287
Improper Authentication
CVE-2026-4145
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.65%
||
7 Day CHG~0.00%
Published-15 Apr, 2026 | 12:28
Updated-17 Apr, 2026 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Software Fix
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2025-9201
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.03% / 8.09%
||
7 Day CHG~0.00%
Published-11 Sep, 2025 | 18:32
Updated-15 Sep, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Browser
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-8486
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.02% / 5.56%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 14:25
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPC Manager
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-8098
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.02% / 6.40%
||
7 Day CHG~0.00%
Published-18 Aug, 2025 | 20:05
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPC Manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-6232
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.08% / 24.69%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 19:19
Updated-22 Jul, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.

Action-Not Available
Vendor-Lenovo Group Limited
Product-commercial_vantagevantageVantageCommercial Vantage
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2019-6191
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.33%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 01:31
Updated-16 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-paperLenovoPaper
CVE-2024-4763
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 17.15%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to kernel.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Accessories and Display ManagerDisplay Control Centerdisplay_control_centeraccessories_and_display_manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-4762
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.24%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 17:04
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Accessories and Display ManagerDisplay Control Center
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-4131
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.98%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:15
Updated-17 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-emulatorEmulatoremulator
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-4132
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.98%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:16
Updated-17 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-lock_screenLock Screenlock_screen
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-33580
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.02% / 7.13%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:17
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Personal Cloudpersonal_cloud
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-33581
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.02% / 7.13%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:17
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-PC Manager AI intelligent scenariopcmanager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-33578
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.02% / 7.13%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:16
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Leyunleyun
CWE ID-CWE-427
Uncontrolled Search Path Element
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found