14 matches found
CVE-2025-10238
During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode SMM...
CVE-2026-4134
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges...
PT-2026-33059
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges...
PT-2026-33061
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges...
CVE-2025-12048
An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system...
CVE-2025-12047
A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application...
CVE-2025-12048
An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected system...
CVE-2025-12047
Lenovo Scanner Pro is reported to have a vulnerability that, under certain conditions during an internal security assessment, could allow an attacker on the same logical network to disclose sensitive user files from the application. The available documents provide a high-level impact description ...
CVE-2025-12047
A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application...
CVE-2025-9201
A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges...
CVE-2025-9201
CVE-2025-9201 corresponds to a DLL hijacking vulnerability in Lenovo Browser that could allow a local user to execute code with elevated privileges. Connected sources explicitly reference Lenovo Browser and describe the issue as a local privilege escalation via DLL hijacking, but they do not prov...
CVE-2025-7622
During an internal security assessment, a Server-Side Request Forgery SSRF vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered...
CVE-2025-7622
CVE-2025-7622 describes a Server-Side Request Forgery (SSRF) vulnerability affecting Axis Camera Station/Axis Camera Station Pro, observed during internal security assessments. The authenticated attacker could access internal server resources via SSRF. The core issue is an SSRF condition that ena...
CVE-2025-7622
During an internal security assessment, a Server-Side Request Forgery SSRF vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered...