CVE Tools

lenovo

Hardware FirmwareCNcommercial

389

Cumulative CVEs

60

Monthly snapshots

#26

Peak rank

Top products

z16 gen 2 (type 21jx, 21jy) laptop (thinkpad) bios2 p16 gen 1 (type 21d6, 21d7) laptop (thinkpad) bios2 p16 gen 2 (type 21fa, 21fb) laptop (thinkpad) bios2

Latest CVEs

The 15 most recently published vulnerabilities affecting lenovo.

CVE-2025-10238During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in Sy...6.7Jun 10, 2026
CVE-2025-10237During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or...6.7Jun 10, 2026
CVE-2026-6090A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.7.0Jun 10, 2026
CVE-2026-8637A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privi...7.8Jun 10, 2026
CVE-2026-9045During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to ...7.8Jun 10, 2026
CVE-2026-7516A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite s...4.3Jun 10, 2026
CVE-2026-6282A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files belonging to ...8.1May 13, 2026
CVE-2026-6281A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.8.8May 13, 2026
CVE-2026-4145During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated...7.8Apr 15, 2026
CVE-2026-4135During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file...6.6Apr 15, 2026
CVE-2026-4134During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevate...7.3Apr 15, 2026
CVE-2026-1636A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.6.7Apr 15, 2026
CVE-2026-0827During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardw...7.1Apr 15, 2026
CVE-2026-2640During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.5.5Mar 11, 2026
CVE-2026-1717An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary proc...5.5Mar 11, 2026