CVE-2026-9046
A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclus
CVSS
7.0
High
EPSS
—
KEV
—
Exploit Today
0
0-100
Published: Jul 16, 2026 · Last modified: Jul 16, 2026 · CWE-277
Not enough EPSS history yet.
A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-78919.1 CRI19.3%
——6A vulnerability has been identified in Mendix Runtime (All versions). Mendix documentation for access rules does not adequately describe the special behavior of the System.User entity, leaving developers without sufficient guidance to configure access rules securely. This documentation gap may lead application developers to unknowingly apply overly permissive access rules to System.User, resulting in unintended exposure of sensitive user data or privilege escalation within deployed Mendix applications.3dCVE-2026-302667.8 HIG1.9%
——1Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.12 and before allows a local attacker to execute arbitrary code via a crafted file11d