These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A high-severity vulnerability (CVSS Score: 8.5) was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows. This vulnerability allows a local authenticated user to execute arbitrary code with elevated privileges.
CVE-2026-8637 is a HIGH-severity vulnerability (CVSS Score: 8.5) in the LanSchool Classic client application. A local authenticated user could exploit this uncontrolled search path vulnerability to execute arbitrary code with elevated privileges.
A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite system clipboard contents. This vulnerability has a CVSS score of 5.1 and a severity of MEDIUM.
A potential authentication bypass vulnerability was reported in Lenovo Smart Connect for Windows, which could allow a local authenticated user to execute arbitrary code with elevated privileges. The vulnerability has a CVSS score of 7.3 and is classified as HIGH severity.
A potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products. A privileged local user could exploit this vulnerability to execute code in System Management Mode (SMM).
A potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions. The vulnerability has a CVSS score of 8.4 and is classified as HIGH severity.
A local information disclosure vulnerability in Lenovo ThinkPlus configuration software allows authenticated users to access sensitive device information. The vulnerability, classified as CWE-319 (Cleartext Transmission of Sensitive Information), affects firmware for multiple ThinkPlus device models including the FU100, FU200, TU800, and TSD303. The CVSS 4.0 vector indicates local attack vector with low a [truncated]
A medium-severity vulnerability in select Lenovo ThinkPlus USB drives allows an attacker with physical access to read stored data. The issue, published 2026-01-14 and last modified 2026-06-01, affects the firmware of ThinkPlus FU100, FU200, TU800, and TSD303 Gen1 devices. The CVSS 4.0 vector (AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N) reflects high confidentiality impact requiring physical access with no us [truncated]
CVE-2016-8236 is a Lenovo ThinkServer TSM firmware issue where a prolonged broadcast storm may cause the system to reset to default settings. The publicly listed impact is high because it can disrupt configuration integrity on affected ThinkServer RD350, RD450, RD550, RD650, and TD350 systems running TSM versions earlier than 3.77.
CVE-2016-8233 describes a credential exposure weakness in Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2. According to the NVD record, log files could contain user credentials in non-secure clear text and could be viewed by a non-privileged user. Because the issue involves sensitive authentication data in accessible logs, defenders should treat it as a high-priority exposure risk even th [truncated]
CVE-2016-8227 is a high-severity local privilege escalation vulnerability in Lenovo Transition on Lenovo Yoga, Flex, and Miix systems running Windows. According to NVD, a local user could execute code with elevated privileges. Lenovo’s advisory is linked from the official NVD record and should be used to confirm affected systems and mitigation steps.
CVE-2016-8226 is a firmware denial-of-service issue in Lenovo BIOS for System X M5, M6, and X6 platforms. According to the NVD record, an administrator with high privileges can trigger a DoS condition while updating a UEFI data structure.
CVE-2016-8225 is a local privilege escalation issue in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21. The weakness is an unquoted service path condition (CWE-428), which can allow a local user to execute code with elevated privileges. NVD rates the issue HIGH with CVSS 7.8.