Microsoft Windows 10 21H2 vulnerabilities
1,827 known vulnerabilities affecting microsoft/windows_10_21h2.
Total CVEs
1,827
CISA KEV
87
actively exploited
Public exploits
54
Exploited in wild
97
Severity breakdown
CRITICAL44HIGH1303MEDIUM473LOW7
Vulnerabilities
Page 13 of 92
CVE-2025-21233P3HIGHCVSS 8.8fixed in 10.0.19044.53712025-01-14
CVE-2025-21233 [HIGH] CWE-122 CVE-2025-21233: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21246P3HIGHCVSS 8.8fixed in 10.0.19044.53712025-01-14
CVE-2025-21246 [HIGH] CWE-122 CVE-2025-21246: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2024-43628P3HIGHCVSS 8.8fixed in 10.0.19044.51312024-11-12
CVE-2024-43628 [HIGH] CWE-190 CVE-2024-43628: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2024-43635P3HIGHCVSS 8.8fixed in 10.0.19044.51312024-11-12
CVE-2024-43635 [HIGH] CWE-190 CVE-2024-43635: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2024-43627P3HIGHCVSS 8.8fixed in 10.0.19044.51312024-11-12
CVE-2024-43627 [HIGH] CWE-122 CVE-2024-43627: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21223P3HIGHCVSS 8.8fixed in 10.0.19044.53712025-01-14
CVE-2025-21223 [HIGH] CWE-122 CVE-2025-21223: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2023-35303P3HIGHCVSS 8.8fixed in 10.0.19041.32082023-07-11
CVE-2023-35303 [HIGH] CWE-20 CVE-2023-35303: USB Audio Class System Driver Remote Code Execution Vulnerability
USB Audio Class System Driver Remote Code Execution Vulnerability
nvd
CVE-2023-35302P3HIGHCVSS 8.8fixed in 10.0.19041.32082023-07-11
CVE-2023-35302 [HIGH] CWE-122 CVE-2023-35302: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
nvd
CVE-2023-35300P3HIGHCVSS 8.8fixed in 10.0.19041.32082023-07-11
CVE-2023-35300 [HIGH] CWE-416 CVE-2023-35300: Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
nvd
CVE-2025-62549P3HIGHCVSS 8.8fixed in 10.0.19044.66912025-12-09
CVE-2025-62549 [HIGH] CWE-822 CVE-2025-62549: Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthor
Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-53131P3HIGHCVSS 8.8fixed in 10.0.19044.62162025-08-12
CVE-2025-53131 [HIGH] CWE-122 CVE-2025-53131: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a n
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-29840P3HIGHCVSS 8.8fixed in 10.0.19044.58542025-05-13
CVE-2025-29840 [HIGH] CWE-121 CVE-2025-29840: Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a
Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
nvd
CVE-2026-42985P3HIGHCVSS 8.8fixed in 10.0.19044.74172026-06-09
CVE-2026-42985 [HIGH] CWE-416 CVE-2026-42985: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
nvd
CVE-2026-47289P3HIGHCVSS 8.8fixed in 10.0.19044.74172026-06-09
CVE-2026-47289 [HIGH] CWE-122 CVE-2026-47289: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
nvd
CVE-2026-40403P3HIGHCVSS 8.8fixed in 10.0.19044.72912026-05-12
CVE-2026-40403 [HIGH] CWE-122 CVE-2026-40403: Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code lo
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
nvd
CVE-2025-54916P3HIGHCVSS 7.8fixed in 10.0.19044.63322025-09-09
CVE-2025-54916 [HIGH] CWE-121 CVE-2025-54916: Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
nvd
CVE-2026-20860P3HIGHCVSS 7.8fixed in 10.0.19044.68092026-01-13
CVE-2026-20860 [HIGH] CWE-843 CVE-2026-20860: Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver f
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-62452P3HIGHCVSS 8.0fixed in 10.0.19044.65752025-11-11
CVE-2025-62452 [HIGH] CWE-122 CVE-2025-62452: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
nvd
CVE-2025-60715P3HIGHCVSS 8.0fixed in 10.0.19044.65752025-11-11
CVE-2025-60715 [HIGH] CWE-122 CVE-2025-60715: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
nvd
CVE-2026-45635P3HIGHCVSS 8.1fixed in 10.0.19044.74172026-06-09
CVE-2026-45635 [HIGH] CWE-843 CVE-2026-45635: Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
nvd