cy//ective

Vulnerabilities in Lenovo Vantage A write-up of CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717

Lenovo released all patches for the #Lenovo #Vantage #vulnerabilities, which we've reported earlier this year.
Our blog now includes the full write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.
🔗 cyllective.com/blog/posts/l...

cyAssist - Cybersecurity Without the Overhead We provide the continuous support you need to build a genuine security culture and baseline maturity.

No budget for an internal security team, but too complex for “we’ll just do it on the side”?

🔴 Have you met cyAssist?

✅ Dedicated cybersecurity experts
✅ Fair‑play & flexible time mgmt
✅ Scalable starting from 2h/month
Security without the overhead
👉 cyllective.com/blog/posts/i...

Two great follow‑ups expanding on our CVE‑2025‑13154 write‑up:
🔹 Manuel Kiesel (@rtfmkiesel.bsky.social)- "Roll with Advantage"
👉 mkiesel.ch/posts/lenovo...
🔹 Compass Security (@compass-security.com) - "From Folder Deletion to Admin"
👉 blog.compass-security.com/2026/02/from...

roll with advantage: hacking lenovo vantage | mkiesel.ch A technical deep dive into the lands of Lenovo Vantage and its add-ins, including tooling to help you hunt for vulnerabilities

First research in a while! Here's my brain dump on reverse-engineering and auditing Lenovo Vantage. In total, I found four (4) vulns. Check out the post and my custom tooling if you're interested.

mkiesel.ch/posts/lenovo...

How To Audit Plugin Ecosystems How we audit plugin ecosystems, using (Nextcloud|ownCloud) as an example

🚀 New blog post: How to Audit Plugin Ecosystems 🔧🔥
Our reusable 4‑step method helped us navigate 600+ Nextcloud/ownCloud plugins & find some vulns.

cyllective.com/blog/posts/h...

#CyberSecurity #AppSec #Nextcloud #ownCloud #infosec #pentest #SAST

The final stage would not have been possible without John Ostrowski from @compass-security.com thanks for the Swiss infosec collaboration! 🫕🤝

Lenovo Vantage LPE/EoP (CVE-2025-13154) A write-up of CVE-2025-13154, a privilege escalation vulnerability in Lenovo Vantage.

🚨 New blog post!

Read about CVE-2025-13154, a privilege-escalation vulnerability in a Lenovo Vantage add-in called SmartPerformance.

cyllective.com/blog/posts/l...

#windows #cve #infosec #pentest

Vulnerabilities in Cordaware bestinformed A write-up of CVE-2025-0422, CVE-2025-0423, CVE-2025-0424, and CVE-2025-0425

The first CVEs of 2025 are live!🚨
We discovered ~10 vulnerabilities in Cordaware bestinformed, leading to 4 CVEs. They can be chained for an unauthenticated compromise of the server and all connected clients.👾 CVE-2025-042{2..5}
cyllective.com/blog/posts/c...

#blogpost #cybersecurity #CVE #infosec

OAuth Labs: OAuth 2.0 Vulnerabilites Introducing our latest project: the OAuth Labs. A hands-on approach to OAuth 2.0 vulnerabilities

🚀 New from cyllective: 𝐎𝐀𝐮𝐭𝐡 𝐋𝐚𝐛𝐬 🔒

🔑 Master OAuth 2.0 with hands-on Docker-based labs:
- JWT signature flaws
- Open redirect risks
- Claim validation issues

💻 Devs & pentesters: sharpen your skills!
👉 cyllective.com/blog/posts/o...

#OAuth #Cybersecurity #Training #InfoSec #Security