Common Vulnerabilities and Exposures (CVE)
CVE-2026-0520
A potential vulnerability was reported in the Lenovo FileZ Android application that, under certain conditions, could allow a local authenticated user to retrieve some sensitive data stored in a log file.
CVE-2026-1068
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application.
CVE-2026-2368
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code.
CVE-2019-25540
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. Attackers can craft malicious requests with SQL p...
CVE-2026-1652
A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to corrupt memory and cause a Windows blue screen error.
CVE-2026-1653
A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Windows blue screen error.
CVE-2025-69534
Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, an...
CVE-2026-1715
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.
CVE-2026-1716
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges.
CVE-2026-1717
An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.
CVE-2026-2640
During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.
CVE-2026-32128
FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent file writes (static detection + seccomp). These guardrails are bypassable by remapping stdou...
CVE-2026-32130
ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management (SCIM) API to provision users from external providers into Zitadel. Request to th...
CVE-2026-32131
ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token (e.g., project.read, pro...
CVE-2026-32132
ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved cod...