← Back

Windows 11 23h2

windows_11_23h2

Vendor: Microsoft • 1,558 CVEs

CVEs (1,558)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-24282
1Microsoft
8Windows 10 1607
Windows 10 1809Windows 10 21h2+5 more
Mar 13, 2026
Mar 10, 2026
N/A· v4
5.5 MEDIUM· v3
N/A· v2
Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally.
CVE-2026-23674
1Microsoft
14Windows 10 1607
Windows 10 1809Windows 10 21h2+11 more
Mar 13, 2026
Mar 10, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-23673
1Microsoft
14Windows 10 1607
Windows 10 1809Windows 10 21h2+11 more
Mar 13, 2026
Mar 10, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-23672
1Microsoft
14Windows 10 1607
Windows 10 1809Windows 10 21h2+11 more
Mar 13, 2026
Mar 10, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVE-2026-23671
1Microsoft
13Windows 10 1607
Windows 10 1809Windows 10 21h2+10 more
Mar 13, 2026
Mar 10, 2026
N/A· v4
7.0 HIGH· v3
N/A· v2
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-23669
1Microsoft
14Windows 10 1607
Windows 10 1809Windows 10 21h2+11 more
Mar 24, 2026
Mar 10, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Use after free in RPC Runtime allows an authorized attacker to execute code over a network.
CVE-2026-23668
1Microsoft
10Windows 10 1607
Windows 10 1809Windows 10 21h2+7 more
Mar 12, 2026
Mar 10, 2026
N/A· v4
7.0 HIGH· v3
N/A· v2
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-23667
1Microsoft
7Windows 10 1809
Windows 10 21h2Windows 10 22h2+4 more
Mar 12, 2026
Mar 10, 2026
N/A· v4
7.0 HIGH· v3
N/A· v2
Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally.
CVE-2026-21533
1Microsoft
13Windows 10 1607
Windows 10 1809Windows 10 21h2+10 more
Mar 30, 2026
Feb 10, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-21525
1Microsoft
13Windows 10 1607
Windows 10 1809Windows 10 21h2+10 more
Mar 30, 2026
Feb 10, 2026
N/A· v4
6.2 MEDIUM· v3
N/A· v2
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
CVE-2026-21519
1Microsoft
12Windows 10 1607
Windows 10 1809Windows 10 21h2+9 more
Feb 11, 2026
Feb 10, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-21513
1Microsoft
13Windows 10 1607
Windows 10 1809Windows 10 21h2+10 more
Mar 30, 2026
Feb 10, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21510
1Microsoft
13Windows 10 1607
Windows 10 1809Windows 10 21h2+10 more
Feb 11, 2026
Feb 10, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21508
1Microsoft
13Windows 10 1607
Windows 10 1809Windows 10 21h2+10 more
Feb 12, 2026
Feb 10, 2026
N/A· v4
7.0 HIGH· v3
N/A· v2
Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.
CVE-2026-21255
1Microsoft
12Windows 10 1607
Windows 10 1809Windows 10 21h2+9 more
Feb 11, 2026
Feb 10, 2026
N/A· v4
8.8 HIGH· v3
N/A· v2
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
CVE-2026-21253
1Microsoft
13Windows 10 1607
Windows 10 1809Windows 10 21h2+10 more
Mar 27, 2026
Feb 10, 2026
N/A· v4
7.0 HIGH· v3
N/A· v2
Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.
CVE-2026-21249
1Microsoft
13Windows 10 1607
Windows 10 1809Windows 10 21h2+10 more
Feb 11, 2026
Feb 10, 2026
N/A· v4
3.3 LOW· v3
N/A· v2
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
CVE-2026-21248
1Microsoft
12Windows 10 1607
Windows 10 1809Windows 10 21h2+9 more
Feb 11, 2026
Feb 10, 2026
N/A· v4
7.3 HIGH· v3
N/A· v2
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21247
1Microsoft
12Windows 10 1607
Windows 10 1809Windows 10 21h2+9 more
Feb 11, 2026
Feb 10, 2026
N/A· v4
7.3 HIGH· v3
N/A· v2
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21246
1Microsoft
13Windows 10 1607
Windows 10 1809Windows 10 21h2+10 more
Feb 11, 2026
Feb 10, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.