Aggregates CVE and security vulnerability intelligence across all Lenovo-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk buffer overflow, vendor risk input validation, and vendor risk path handling, with potential vendor impact unexpected behavior across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-1717 | An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges. | [email protected] | 6.8 | 0.14% | 2026-03-11 | 2026-03-25 |
| CVE-2026-1716 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges. | [email protected] | 6.9 | 0.15% | 2026-03-11 | 2026-03-25 |
| CVE-2026-1715 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges. | [email protected] | 6.9 | 0.15% | 2026-03-11 | 2026-03-25 |
| CVE-2025-13455 | A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint. | [email protected] | 7.3 | 0.12% | 2026-01-14 | 2026-02-23 |
| CVE-2025-13454 | A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information. | [email protected] | 6.8 | 0.09% | 2026-01-14 | 2026-06-01 |
| CVE-2025-13453 | A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive. | [email protected] | 5.1 | 0.12% | 2026-01-14 | 2026-06-01 |
| CVE-2025-8485 | An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application. | [email protected] | 7.0 | 0.10% | 2025-11-12 | 2026-02-02 |
| CVE-2025-8486 | A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges. | [email protected] | 8.5 | 0.14% | 2025-10-15 | 2026-02-02 |
| CVE-2025-10581 | A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges. | [email protected] | 8.5 | 0.14% | 2025-10-15 | 2026-02-02 |
| CVE-2025-8098 | An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. | [email protected] | 8.5 | 0.06% | 2025-08-18 | 2026-01-27 |
| CVE-2025-6232 | An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations. | [email protected] | 8.5 | 0.17% | 2025-07-17 | 2025-07-22 |
| CVE-2025-6231 | An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file. | [email protected] | 8.5 | 0.17% | 2025-07-17 | 2025-07-22 |
| CVE-2025-6230 | A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands. | [email protected] | 4.8 | 0.15% | 2025-07-17 | 2025-08-19 |
| CVE-2025-2503 | An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. | [email protected] | 6.9 | 0.05% | 2025-05-30 | 2026-02-02 |
| CVE-2025-2502 | An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | [email protected] | 8.5 | 0.17% | 2025-05-30 | 2026-02-02 |
| CVE-2025-2501 | An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | [email protected] | 8.5 | 0.15% | 2025-05-30 | 2026-02-02 |
| CVE-2024-9046 | A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. | [email protected] | 7.8 | 0.24% | 2024-10-11 | 2024-10-17 |
| CVE-2024-5474 | A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue. | [email protected] | 5.5 | 0.06% | 2024-10-11 | 2024-11-15 |
| CVE-2024-4132 | A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. | [email protected] | 7.8 | 0.17% | 2024-10-11 | 2024-10-17 |
| CVE-2024-4131 | A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. | [email protected] | 7.8 | 0.17% | 2024-10-11 | 2024-10-17 |