Overview
- Lenovo
- Vantage
14 Jan 2026
Published
15 Jan 2026
Updated
CVSS v4.0
MEDIUM (6.8)
EPSS
0.03%
KEV
Description
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.
Statistics
- 1 Post
Last activity: Last hour
Overview
Description
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.
Statistics
- 1 Post
Last activity: 20 hours ago
Overview
- SolarWinds
- Web Help Desk
23 Sep 2025
Published
24 Sep 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
12.86%
KEV
Description
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.
Statistics
- 1 Post
- 1 Interaction
Last activity: 15 hours ago
Overview
- SolarWinds
- Web Help Desk
28 Jan 2026
Published
02 Feb 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
27.82%
KEV
Description
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
Statistics
- 1 Post
- 1 Interaction
Last activity: 15 hours ago