Lenovo Security Vulnerabilities (CVEs)
Track 41 security vulnerabilities affecting Lenovo products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A local authentication bypass vulnerability in ThinkPlus configuration software allows authenticated users to enroll untrusted fingerprints on ThinkPl...
Jan 14, 2026A physical security vulnerability in certain ThinkPlus USB drives allows unauthorized data access when an attacker has physical possession of the devi...
Jan 14, 2026This vulnerability in ThinkPlus configuration software allows local authenticated users to access sensitive device information they shouldn't normally...
Jan 14, 2026A local privilege escalation vulnerability in Lenovo App Store allows authenticated local users to execute arbitrary code with elevated privileges dur...
Nov 12, 2025This vulnerability in PC Manager allows a local authenticated user to execute arbitrary code with elevated privileges, potentially gaining full system...
Oct 15, 2025A DLL hijacking vulnerability in Lenovo PC Manager allows local authenticated users to execute arbitrary code with elevated privileges by placing a ma...
Oct 15, 2025This vulnerability in Lenovo Vantage allows a local attacker to modify an application configuration file and execute arbitrary code with elevated priv...
Jul 17, 2025An untrusted search path vulnerability in Lenovo PC Manager allows local attackers to execute arbitrary code with elevated privileges by placing malic...
May 30, 2025A local privilege escalation vulnerability in Lenovo PC Manager allows attackers with local access to delete arbitrary files with elevated system perm...
May 30, 2025A DLL hijack vulnerability in Lenovo Emulator allows local attackers to execute arbitrary code with elevated privileges by placing a malicious DLL in ...
Oct 11, 2024A local privilege escalation vulnerability in Lenovo's Dolby Vision Provisioning software allows attackers to read arbitrary files with elevated privi...
Oct 11, 2024A DLL hijack vulnerability in Lenovo Super File allows local attackers to execute arbitrary code with elevated privileges by placing a malicious DLL i...
Oct 11, 2024This vulnerability allows authenticated Lenovo XClarity Administrator (LXCA) users with insufficient privileges to modify managed devices through a sp...
Sep 13, 2024A local path hijacking vulnerability in Lenovo Driver Manager allows attackers to execute arbitrary code with elevated privileges by manipulating sear...
Jul 31, 2024A local privilege escalation vulnerability in Lenovo PC Manager allows attackers to gain elevated system privileges. This affects users running vulner...
Jul 31, 2024This CVE describes a local privilege escalation vulnerability in Lenovo Vantage software where attackers can bypass integrity checks to execute arbitr...
Jan 19, 2024The Lenovo LeCloud App contains an improper input validation vulnerability that allows attackers to bypass security controls and access arbitrary comp...
Nov 8, 2023This vulnerability in Lenovo System Update allows attackers with local access to execute arbitrary code with elevated privileges by exploiting an unco...
Nov 8, 2023A local privilege escalation vulnerability in Lenovo Vantage SystemUpdate plugin allows attackers to execute arbitrary code with elevated privileges. ...
Oct 27, 2023This CVE describes a remote code execution vulnerability in Lenovo printer firmware where an attacker can send a specially crafted string to the serve...
Oct 27, 2023This vulnerability allows authenticated users with read-only permissions on Lenovo ThinkSystem servers to change other users' passwords through a craf...
Oct 25, 2023This is a local privilege escalation vulnerability in Lenovo HardwareScanPlugin and Lenovo Diagnostics software. A local user with limited privileges ...
Oct 25, 2023This vulnerability in Lenovo Universal Device Client allows attackers with local access to execute arbitrary code with elevated privileges by exploiti...
Aug 17, 2023A BIOS vulnerability in certain Lenovo ThinkPad models allows systems to recover to insecure default settings if the BIOS becomes corrupted. This affe...
Aug 17, 2023This vulnerability allows authenticated users with elevated privileges in Lenovo XClarity Administrator (LXCA) to execute arbitrary commands through c...
Jun 26, 2023An unauthenticated XML external entity injection (XXE) vulnerability in Lenovo XClarity Administrator's CIM server allows attackers to read specific f...
Jun 26, 2023An unauthenticated denial-of-service vulnerability exists in Lenovo's SMM v1, SMM v2, and FPC management web servers that allows remote attackers to c...
Jun 26, 2023A directory permissions vulnerability in Lenovo System Update allows local authenticated users to write arbitrary files to protected directories, pote...
May 1, 2023Lenovo Smart Clock Essential with Alexa Built In devices have a default password vulnerability that allows attackers on the same local network to gain...
May 1, 2023A local privilege escalation vulnerability in Lenovo Driver Manager allows authenticated local users to execute arbitrary code with SYSTEM/administrat...
Apr 28, 2023This vulnerability allows authenticated users to bypass intended Active Directory permission restrictions when specific LDAP configuration is used. It...
Apr 28, 2023A local privilege escalation vulnerability exists in Lenovo System Interface Foundation's IMController component due to a Time-of-Check Time-of-Use (T...
May 18, 2022This vulnerability allows attackers with physical or local network access to gain unauthorized administrative access to Lenovo Personal Cloud Storage ...
May 18, 2022This CVE describes an authenticated command injection vulnerability in Lenovo Personal Cloud Storage devices that allows authenticated users to execut...
May 18, 2022This DLL search path vulnerability in Lenovo PCManager allows attackers to place malicious DLLs in directories searched by the application, potentiall...
Apr 22, 2022An authentication bypass vulnerability in Lenovo Fan Power Controller2 (FPC2) and System Management Module (SMM) firmware allows unauthenticated attac...
Apr 22, 2022This vulnerability in Lenovo Smart Camera models X3, X5, and C2E allows unauthorized users to access device information, modify firmware, and change d...
Aug 17, 2021This CVE describes a DLL preloading vulnerability in Lenovo Driver Management software that could allow local attackers to escalate privileges by plac...
Aug 17, 2021This CVE describes a DLL search path vulnerability in Lenovo PCManager that could allow local attackers to escalate privileges by placing a malicious ...
Jul 16, 2021This vulnerability allows local attackers to escalate privileges by exploiting a DLL search path issue in Lenovo PCManager. Attackers can place malici...
Apr 27, 2021This vulnerability allows unauthenticated remote code execution on Lenovo Cloud Networking Operating System (CNOS) devices when the optional REST API ...
Oct 14, 2020Why Monitor Lenovo Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 41+ known vulnerabilities affecting Lenovo products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Lenovo packages in under 60 seconds. No agents required - completely agentless scanning that works across Lenovo deployments.
Free vulnerability database: Access detailed information about every Lenovo CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Lenovo CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
