EUVD-2026-22928

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges...

CVE-2026-4145

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges...

PT-2026-33056

Name of the Vulnerable Software and Affected Versions Lenovo Diagnostics affected versions not specified Lenovo Vantage HardwareScanAddin affected versions not specified Description An issue exists in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage. During installation or whil...

PT-2026-33060

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...

EUVD-2025-34614

A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges...

PT-2025-37261

Name of the Vulnerable Software and Affected Versions: Lenovo Browser affected versions not specified Description: A potential DLL hijacking issue was identified in Lenovo Browser. This could allow a local user to execute code with elevated privileges. Recommendations: At the moment, there is no...

Starbucks: SAP Server - default credentials enabled

@ak1t4 reported that the Starbucks SAP server webgui was exposed to the internet with default TMSADM credentials. Although the risk was flagged as critical by the researcher, Starbucks security along with SAP security team performed an internal assessment on the risk and changed the severity to...