23
CVEs
0
Critical
12
High
0
KEV
0
PoC
11
Unpatched C/H
17.4%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
12
MEDIUM
11
LOW
0
Monthly CVE Trend
Affected Products (11)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-2501 | An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.5 | 0.1% | 43 |
No patch
|
| CVE-2025-2502 | An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.5 | 0.1% | 43 |
No patch
|
| CVE-2025-22020 | In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application. | HIGH | 7.8 | 0.1% | 39 |
|
| CVE-2025-2503 | An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available. | MEDIUM | 6.9 | 0.1% | 35 |
No patch
|
| CVE-2026-1715 | Lenovo Vantage and Baiying DeviceSettingsSystemAddin contains an input validation flaw that allows authenticated local users to modify arbitrary registry keys with system-level privileges. This vulnerability could enable privilege escalation or system configuration tampering by an attacker with local access. No patch is currently available. | MEDIUM | 6.9 | 0.0% | 35 |
No patch
|
| CVE-2026-1716 | Lenovo Vantage and Baiying DeviceSettingsSystemAddin contain an input validation flaw that allows authenticated local users to delete arbitrary registry keys with elevated privileges. This vulnerability affects systems where users have local access and could enable attackers to modify system configuration or disable security controls. No patch is currently available. | MEDIUM | 6.9 | 0.0% | 35 |
No patch
|
| CVE-2026-1717 | LenovoProductivitySystemAddin in Lenovo Vantage and Baiying contains an input validation flaw that enables local authenticated users to terminate arbitrary processes with elevated privileges. This medium-severity vulnerability (CVSS 6.8) requires local access and valid credentials but poses a significant availability risk. No patch is currently available. | MEDIUM | 6.8 | 0.0% | 34 |
No patch
|
| CVE-2025-37765 | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttm_bo_delayed_delete oops Fix an oops in ttm_bo_delayed_delete which results from dererencing a dangling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application. | MEDIUM | 5.5 | 0.1% | 28 |
|
| CVE-2025-71108 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect num_connectors capability The UCSI spec states that the num_connectors field is 7 bits, and the 8th bit is reserved and should be set to zero. | MEDIUM | 5.5 | 0.1% | 28 |
|
| CVE-2025-4371 | A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | HIGH | 7.0 | 0.0% | – |
No patch
|
| CVE-2025-8098 | An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.5 | 0.0% | – |
No patch
|
| CVE-2025-38647 | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: sar: drop lockdep assertion in rtw89_set_sar_from_acpi The following assertion is triggered on the rtw89 driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. | MEDIUM | 5.5 | 0.0% | – |
|
| CVE-2025-8061 | A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated. Rated high severity (CVSS 7.3). No vendor patch available. | HIGH | 7.3 | 0.0% | – |
No patch
|
| CVE-2025-8557 | An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator (LXCO). Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.7 | 0.0% | – |
No patch
|
| CVE-2025-9201 | A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 8.5 | 0.0% | – |
No patch
|