Vendor CVEs
Lenovo
All CVEs
486 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-10699 | Med | 0.34 | 5.3 | 0.00 | Oct 15, 2025 | A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure. | ||
| CVE-2025-1479 | Med | 0.34 | 5.3 | 0.00 | May 30, 2025 | An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code. | ||
| CVE-2024-27909 | Med | 0.32 | 4.9 | 0.01 | Apr 5, 2024 | A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot. | ||
| CVE-2016-8226 | Med | 0.32 | 4.9 | 0.01 | Jan 26, 2017 | The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. | ||
| CVE-2024-10254 | Med | 0.31 | 4.7 | 0.00 | Jan 14, 2025 | A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. | ||
| CVE-2024-10253 | Med | 0.31 | 4.7 | 0.00 | Jan 14, 2025 | A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. | ||
| CVE-2018-9081 | Med | 0.31 | 4.7 | 0.01 | Sep 28, 2018 | For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible… | ||
| CVE-2017-3742 | Med | 0.31 | 4.8 | 0.00 | Jul 17, 2017 | In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker… | ||
| CVE-2025-13453 | Med | 0.30 | 4.6 | 0.00 | Jan 14, 2026 | A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive. | ||
| CVE-2024-11679 | Med | 0.29 | 4.4 | 0.00 | Apr 11, 2025 | An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory. | ||
| CVE-2016-8222 | Med | 0.29 | 4.4 | 0.00 | Nov 30, 2016 | A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow… | ||
| CVE-2016-8224 | Med | 0.29 | 4.4 | 0.00 | Nov 29, 2016 | A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or… | ||
| CVE-2026-7516 | Med | 0.28 | 4.3 | 0.00 | Jun 10, 2026 | A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents. | ||
| CVE-2015-7269 | Med | 0.27 | 4.2 | 0.00 | Nov 27, 2017 | Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate… | ||
| CVE-2015-7267 | Med | 0.27 | 4.2 | 0.00 | Nov 27, 2017 | Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with… | ||
| CVE-2016-1490 | Med | 0.27 | 4.1 | 0.02 | Jan 26, 2016 | The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list. | ||
| CVE-2025-14058 | Low | 0.21 | 3.2 | 0.00 | Jan 14, 2026 | A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled. | ||
| CVE-2017-3741 | Low | 0.21 | 3.3 | 0.00 | Jun 4, 2017 | In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation. | ||
| CVE-2025-6026 | Low | 0.20 | 3.1 | 0.00 | Oct 15, 2025 | An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data. | ||
| CVE-2024-4786 | Low | 0.18 | 2.8 | 0.00 | Jul 26, 2024 | An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device on. | ||
| CVE-2022-3699 | 0.10 | — | 0.04 | Oct 24, 2023 | A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges. | |||
| CVE-2012-1195 | 0.08 | — | 0.68 | Feb 18, 2012 | Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a… | |||
| CVE-2012-1196 | 0.07 | — | 0.56 | Feb 18, 2012 | Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request. | |||
| CVE-2019-6192 | 0.03 | — | 0.02 | Dec 10, 2019 | A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service. | |||
| CVE-2015-2219 | 0.03 | — | 0.04 | May 12, 2015 | Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. | |||
| CVE-2013-1361 | 0.01 | — | 0.06 | Jan 21, 2014 | Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the… | |||
| CVE-2026-2640 | 0.00 | — | 0.00 | Mar 11, 2026 | During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes. | |||
| CVE-2026-1717 | 0.00 | — | 0.00 | Mar 11, 2026 | An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges. | |||
| CVE-2026-1716 | 0.00 | — | 0.00 | Mar 11, 2026 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges. | |||
| CVE-2026-1715 | 0.00 | — | 0.00 | Mar 11, 2026 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges. | |||
| CVE-2026-0940 | 0.00 | — | 0.00 | Mar 11, 2026 | A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code. | |||
| CVE-2026-2368 | 0.00 | — | 0.00 | Mar 11, 2026 | An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code. | |||
| CVE-2026-1068 | 0.00 | — | 0.00 | Mar 11, 2026 | An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application. | |||
| CVE-2026-0520 | 0.00 | — | 0.00 | Mar 11, 2026 | A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file. | |||
| CVE-2025-63946 | 0.00 | — | 0.00 | Feb 23, 2026 | A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. | |||
| CVE-2025-8485 | 0.00 | — | 0.00 | Nov 12, 2025 | An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application. | |||
| CVE-2025-10581 | 0.00 | — | 0.00 | Oct 15, 2025 | A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges. | |||
| CVE-2025-8486 | 0.00 | — | 0.00 | Oct 15, 2025 | A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges. | |||
| CVE-2025-49728 | 0.00 | — | 0.00 | Sep 16, 2025 | Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally. | |||
| CVE-2025-53795 | 0.00 | — | 0.01 | Aug 21, 2025 | Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2025-8098 | 0.00 | — | 0.00 | Aug 18, 2025 | An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. | |||
| CVE-2025-6232 | 0.00 | — | 0.00 | Jul 17, 2025 | An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations. | |||
| CVE-2025-6231 | 0.00 | — | 0.00 | Jul 17, 2025 | An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file. | |||
| CVE-2025-6230 | 0.00 | — | 0.00 | Jul 17, 2025 | A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands. | |||
| CVE-2025-49738 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-47993 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-2503 | 0.00 | — | 0.00 | May 30, 2025 | An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. | |||
| CVE-2025-2502 | 0.00 | — | 0.00 | May 30, 2025 | An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | |||
| CVE-2025-2501 | 0.00 | — | 0.00 | May 30, 2025 | An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. | |||
| CVE-2025-29975 | 0.00 | — | 0.00 | May 13, 2025 | Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. |
- risk 0.34cvss 5.3epss 0.00
A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.
- risk 0.34cvss 5.3epss 0.00
An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code.
- risk 0.32cvss 4.9epss 0.01
A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot.
- risk 0.32cvss 4.9epss 0.01
The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.
- risk 0.31cvss 4.7epss 0.00
A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.
- risk 0.31cvss 4.7epss 0.00
A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.
- risk 0.31cvss 4.7epss 0.01
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible…
- risk 0.31cvss 4.8epss 0.00
In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker…
- risk 0.30cvss 4.6epss 0.00
A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.
- risk 0.29cvss 4.4epss 0.00
An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory.
- risk 0.29cvss 4.4epss 0.00
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow…
- risk 0.29cvss 4.4epss 0.00
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents.
- risk 0.27cvss 4.2epss 0.00
Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate…
- risk 0.27cvss 4.2epss 0.00
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with…
- risk 0.27cvss 4.1epss 0.02
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.
- risk 0.21cvss 3.2epss 0.00
A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled.
- risk 0.21cvss 3.3epss 0.00
In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation.
- risk 0.20cvss 3.1epss 0.00
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data.
- risk 0.18cvss 2.8epss 0.00
An improper validation vulnerability was reported in the Lenovo Tab K10 that could allow a specially crafted application to keep the device on.
- CVE-2022-3699Oct 24, 2023risk 0.10cvss —epss 0.04
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.
- CVE-2012-1195Feb 18, 2012risk 0.08cvss —epss 0.68
Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a…
- CVE-2012-1196Feb 18, 2012risk 0.07cvss —epss 0.56
Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request.
- CVE-2019-6192Dec 10, 2019risk 0.03cvss —epss 0.02
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
- CVE-2015-2219May 12, 2015risk 0.03cvss —epss 0.04
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
- CVE-2013-1361Jan 21, 2014risk 0.01cvss —epss 0.06
Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the…
- CVE-2026-2640Mar 11, 2026risk 0.00cvss —epss 0.00
During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.
- CVE-2026-1717Mar 11, 2026risk 0.00cvss —epss 0.00
An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.
- CVE-2026-1716Mar 11, 2026risk 0.00cvss —epss 0.00
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges.
- CVE-2026-1715Mar 11, 2026risk 0.00cvss —epss 0.00
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.
- CVE-2026-0940Mar 11, 2026risk 0.00cvss —epss 0.00
A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code.
- CVE-2026-2368Mar 11, 2026risk 0.00cvss —epss 0.00
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code.
- CVE-2026-1068Mar 11, 2026risk 0.00cvss —epss 0.00
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application.
- CVE-2026-0520Mar 11, 2026risk 0.00cvss —epss 0.00
A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file.
- CVE-2025-63946Feb 23, 2026risk 0.00cvss —epss 0.00
A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.
- CVE-2025-8485Nov 12, 2025risk 0.00cvss —epss 0.00
An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.
- CVE-2025-10581Oct 15, 2025risk 0.00cvss —epss 0.00
A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.
- CVE-2025-8486Oct 15, 2025risk 0.00cvss —epss 0.00
A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.
- CVE-2025-49728Sep 16, 2025risk 0.00cvss —epss 0.00
Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.
- CVE-2025-53795Aug 21, 2025risk 0.00cvss —epss 0.01
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.
- CVE-2025-8098Aug 18, 2025risk 0.00cvss —epss 0.00
An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.
- CVE-2025-6232Jul 17, 2025risk 0.00cvss —epss 0.00
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.
- CVE-2025-6231Jul 17, 2025risk 0.00cvss —epss 0.00
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.
- CVE-2025-6230Jul 17, 2025risk 0.00cvss —epss 0.00
A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.
- CVE-2025-49738Jul 8, 2025risk 0.00cvss —epss 0.00
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
- CVE-2025-47993Jul 8, 2025risk 0.00cvss —epss 0.00
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
- CVE-2025-2503May 30, 2025risk 0.00cvss —epss 0.00
An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.
- CVE-2025-2502May 30, 2025risk 0.00cvss —epss 0.00
An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
- CVE-2025-2501May 30, 2025risk 0.00cvss —epss 0.00
An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
- CVE-2025-29975May 13, 2025risk 0.00cvss —epss 0.00
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
Page 4 of 10