4467 matches found
EUVD-2026-44978
The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands...
CVE-2026-14371
The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands...
CVE-2026-13104
Technical details for CVE-2026-13104 are not publicly available in the provided documents. Monitor for updates from Lenovo and security advisories; current entries only note a local authenticated arbitrary-code risk with elevated privileges.
EUVD-2026-44977
A potential vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code with elevated privileges...
CVE-2026-13104
A potential vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code with elevated privileges...
CVE-2026-13103
A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code...
CVE-2026-13103
Lenovo App Store (Chinese market) contains a path traversal vulnerability allowing a local authenticated user to execute arbitrary code. The issue affects the package/component handling file paths, with impact on confidentiality, integrity, and availability reported as high. CVSS: from the report...
EUVD-2026-44976
A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code...
CVE-2026-9046
A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code...
CVE-2026-9046
CVE-2026-9046 describes an insecure-permissions issue affecting Windows deployments of Legion Zone and Lenovo App Store (Chinese market). When installed on a non-system partition, a local user could potentially execute arbitrary code due to insufficient access controls. The vulnerability is class...
EUVD-2026-44975
A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code...
EUVD-2026-44974
During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system...
CVE-2026-6511
During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system...
CVE-2026-6511
CVE-2026-6511 : Lenovo Smart Connect for Windows is reported to have an improper access control vulnerability that could allow a local authenticated user to access files owned by another user on the same system. The issue is described as local, with low attack complexity and the attack requires l...
PT-2026-60521
Name of the Vulnerable Software and Affected Versions Legion Zone affected versions not specified Lenovo App Store affected versions not specified Description Insecure permissions in the Legion Zone and Lenovo App Store Windows applications, distributed exclusively in the Chinese market, may allo...
CVE-2026-58583
CVE-2026-58583 affects FluxInk Color Management Driver (TcnPeripheral64.sys) 1.0.7.2, enabling local privilege escalation for a standard user via arbitrary physical memory mapping at \Device\PhysicalMemory. Root cause: memory mapping vulnerability in the driver. Impact: potential elevation of pri...
EUVD-2026-42094
FluxInk formerly Sunia SPB Peripheral Color Management Driver TcnPeripheral64.sys 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows...
CVE-2026-58583
FluxInk formerly Sunia SPB Peripheral Color Management Driver TcnPeripheral64.sys 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows...
CVE-2026-7516
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents...
CVE-2026-6090
A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...