10
CVEs
0
Critical
3
High
0
KEV
0
PoC
3
Unpatched C/H
10.0%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
3
MEDIUM
7
LOW
0
Monthly CVE Trend
Affected Products (11)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-1715 | Lenovo Vantage and Baiying DeviceSettingsSystemAddin contains an input validation flaw that allows authenticated local users to modify arbitrary registry keys with system-level privileges. This vulnerability could enable privilege escalation or system configuration tampering by an attacker with local access. No patch is currently available. | MEDIUM | 6.9 | 0.0% | 35 |
No patch
|
| CVE-2026-1716 | Lenovo Vantage and Baiying DeviceSettingsSystemAddin contain an input validation flaw that allows authenticated local users to delete arbitrary registry keys with elevated privileges. This vulnerability affects systems where users have local access and could enable attackers to modify system configuration or disable security controls. No patch is currently available. | MEDIUM | 6.9 | 0.0% | 35 |
No patch
|
| CVE-2026-1717 | LenovoProductivitySystemAddin in Lenovo Vantage and Baiying contains an input validation flaw that enables local authenticated users to terminate arbitrary processes with elevated privileges. This medium-severity vulnerability (CVSS 6.8) requires local access and valid credentials but poses a significant availability risk. No patch is currently available. | MEDIUM | 6.8 | 0.0% | 34 |
No patch
|
| CVE-2025-71108 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect num_connectors capability The UCSI spec states that the num_connectors field is 7 bits, and the 8th bit is reserved and should be set to zero. | MEDIUM | 5.5 | 0.1% | 28 |
|
| CVE-2025-11193 | A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available. | MEDIUM | 6.8 | 0.0% | – |
No patch
|
| CVE-2025-10495 | A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | HIGH | 7.7 | 0.0% | – |
No patch
|
| CVE-2025-12047 | A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available. | MEDIUM | 6.0 | 0.0% | – |
No patch
|
| CVE-2025-12048 | An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | HIGH | 7.7 | 0.1% | – |
No patch
|
| CVE-2025-8421 | An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available. | MEDIUM | 5.2 | 0.0% | – |
No patch
|
| CVE-2025-8485 | An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 7.0 | 0.0% | – |
No patch
|