Microsoft Windows 10 21H2 vulnerabilities

1,827 known vulnerabilities affecting microsoft/windows_10_21h2.

Total CVEs

1,827

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL44HIGH1303MEDIUM473LOW7

Vulnerabilities

SortPage 10 of 92

CVE-2025-53722P3HIGHCVSS 7.5fixed in 10.0.19044.62162025-08-12

CVE-2025-53722 [HIGH] CWE-400 CVE-2025-53722: Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.

nvd

CVE-2023-35641P3HIGHCVSS 8.8fixed in 10.0.19041.38032023-12-12

CVE-2023-35641 [HIGH] CWE-682 CVE-2023-35641: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

nvd

CVE-2025-49724P3HIGHCVSS 8.8fixed in 10.0.19044.60932025-07-08

CVE-2025-49724 [HIGH] CWE-416 CVE-2025-49724: Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to exec Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.

nvd

CVE-2024-30078P3HIGHCVSS 8.8fixed in 10.0.19044.45292024-06-11

CVE-2024-30078 [HIGH] CWE-20 CVE-2024-30078: Windows Wi-Fi Driver Remote Code Execution Vulnerability Windows Wi-Fi Driver Remote Code Execution Vulnerability

nvd

CVE-2025-33070P3HIGHCVSS 8.1fixed in 10.0.19044.59652025-06-10

CVE-2025-33070 [HIGH] CWE-908 CVE-2025-33070: Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privile Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.

nvd

CVE-2024-38240P3CRITICALCVSS 9.8fixed in 10.0.19044.48942024-09-10

CVE-2024-38240 [CRITICAL] CWE-125 CVE-2024-38240: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

nvd

CVE-2025-26645P3HIGHCVSS 8.8fixed in 10.0.19044.56082025-03-11

CVE-2025-26645 [HIGH] CWE-23 CVE-2025-26645: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code ove Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

nvd

CVE-2024-20678P3HIGHCVSS 8.8fixed in 10.0.19044.42912024-04-09

CVE-2024-20678 [HIGH] CWE-843 CVE-2024-20678: Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability

nvd

CVE-2023-38148P3HIGHCVSS 8.8fixed in 10.0.19044.34482023-09-12

CVE-2023-38148 [HIGH] CWE-121 CVE-2023-38148: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

nvd

CVE-2023-36423P3HIGHCVSS 8.8fixed in 10.0.19041.36932023-11-14

CVE-2023-36423 [HIGH] CWE-122 CVE-2023-36423: Microsoft Remote Registry Service Remote Code Execution Vulnerability Microsoft Remote Registry Service Remote Code Execution Vulnerability

nvd

CVE-2025-50177P3HIGHCVSS 8.1fixed in 10.0.19044.62162025-08-12

CVE-2025-50177 [HIGH] CWE-362 CVE-2025-50177: Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a net Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-21285P3HIGHCVSS 7.5fixed in 10.0.19044.53712025-01-14

CVE-2025-21285 [HIGH] CWE-476 CVE-2025-21285: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

nvd

CVE-2025-59295P3HIGHCVSS 8.8fixed in 10.0.19044.64562025-10-14

CVE-2025-59295 [HIGH] CWE-122 CVE-2025-59295: Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.

nvd

CVE-2025-24051P3HIGHCVSS 8.8fixed in 10.0.19044.56082025-03-11

CVE-2025-24051 [HIGH] CWE-122 CVE-2025-24051: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

nvd

CVE-2026-25188P3HIGHCVSS 8.8fixed in 10.0.19044.70582026-03-10

CVE-2026-25188 [HIGH] CWE-122 CVE-2026-25188: Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate p Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.

nvd

CVE-2023-35630P3HIGHCVSS 8.8fixed in 10.0.19041.38032023-12-12

CVE-2023-35630 [HIGH] CWE-122 CVE-2023-35630: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

nvd

CVE-2023-24949P3HIGHCVSS 7.8fixed in 10.0.19044.29652023-05-09

CVE-2023-24949 [HIGH] CWE-190 CVE-2023-24949: Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability

nvd

CVE-2025-54110P3HIGHCVSS 8.8fixed in 10.0.19044.63322025-09-09

CVE-2025-54110 [HIGH] CWE-190 CVE-2025-54110: Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.

nvd

CVE-2024-26230P3HIGHCVSS 7.8fixed in 10.0.19044.42912024-04-09

CVE-2024-26230 [HIGH] CWE-416 CVE-2024-26230: Windows Telephony Server Elevation of Privilege Vulnerability Windows Telephony Server Elevation of Privilege Vulnerability

nvd

CVE-2025-21371P3HIGHCVSS 8.8fixed in 10.0.19044.54872025-02-11

CVE-2025-21371 [HIGH] CWE-122 CVE-2025-21371: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

← Previous10 / 92Next →