VYPR

App Store

by Lenovo

CVEs (10)

  • CVE-2025-12046HigDec 10, 2025
    risk 0.51cvss 7.8epss 0.00

    A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions.

  • CVE-2025-10495HigNov 12, 2025
    risk 0.49cvss 7.5epss 0.00

    A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code.

  • CVE-2024-10254MedJan 14, 2025
    risk 0.31cvss 4.7epss 0.00

    A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.

  • CVE-2024-10253MedJan 14, 2025
    risk 0.31cvss 4.7epss 0.00

    A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.

  • CVE-2025-8485Nov 12, 2025
    risk 0.00cvss epss 0.00

    An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.

  • CVE-2024-4130Oct 11, 2024
    risk 0.00cvss epss 0.00

    A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.

  • CVE-2023-6450Jan 19, 2024
    risk 0.00cvss epss 0.00

    An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service.

  • CVE-2022-3611Oct 27, 2023
    risk 0.00cvss epss 0.00

    An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.

  • CVE-2020-14118Apr 21, 2022
    risk 0.00cvss epss 0.01

    An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps.

  • CVE-2020-14121Apr 21, 2022
    risk 0.00cvss epss 0.00

    A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation.