Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys
A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.
The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.
An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affect
An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated p
A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.
A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a
CVE-2026-47370
CRITICAL CVSS 9.9
Find Similar
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within
CVE-2026-34910
CRITICAL CVSS 10.0 KEV
Find Similar
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.
An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.
A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privile
An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.
An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary process
An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.
CVE-2026-33000
CRITICAL CVSS 9.1
Find Similar
A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to