cbcvebase.

Microsoft Windows 10 21H2 vulnerabilities

1,827 known vulnerabilities affecting microsoft/windows_10_21h2.

Total CVEs
1,827
CISA KEV
87
actively exploited
Public exploits
54
Exploited in wild
97
Severity breakdown
CRITICAL44HIGH1303MEDIUM473LOW7

Vulnerabilities

Page 16 of 92
CVE-2025-26663P3HIGHCVSS 8.1fixed in 10.0.19044.57372025-04-08
CVE-2025-26663 [HIGH] CWE-416 CVE-2025-26663: Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attack Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-21294P3HIGHCVSS 8.1fixed in 10.0.19044.53712025-01-14
CVE-2025-21294 [HIGH] CWE-591 CVE-2025-21294: Microsoft Digest Authentication Remote Code Execution Vulnerability Microsoft Digest Authentication Remote Code Execution Vulnerability
nvd
CVE-2026-40415P3HIGHCVSS 8.1fixed in 10.0.19044.72912026-05-12
CVE-2026-40415 [HIGH] CWE-416 CVE-2026-40415: Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network. Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
nvd
CVE-2023-36434P3CRITICALCVSS 9.8fixed in 10.0.19041.35702023-10-10
CVE-2023-36434 [CRITICAL] CWE-307 CVE-2023-36434: Windows IIS Server Elevation of Privilege Vulnerability Windows IIS Server Elevation of Privilege Vulnerability
nvd
CVE-2025-21204P3HIGHCVSS 7.8fixed in 10.0.19044.57372025-04-08
CVE-2025-21204 [HIGH] CWE-59 CVE-2025-21204: Improper link resolution before file access ('link following') in Windows Update Stack allows an aut Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-58726P3HIGHCVSS 7.5fixed in 10.0.19044.64562025-10-14
CVE-2025-58726 [HIGH] CWE-284 CVE-2025-58726: Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges ov Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2023-24871P3HIGHCVSS 8.8fixed in 10.0.19044.27282023-03-14
CVE-2023-24871 [HIGH] CWE-190 CVE-2023-24871: Windows Bluetooth Service Remote Code Execution Vulnerability Windows Bluetooth Service Remote Code Execution Vulnerability
nvd
CVE-2026-33829P4MEDIUMCVSS 4.3PoCfixed in 10.0.19044.71842026-04-14
CVE-2026-33829 [MEDIUM] CWE-200 CVE-2026-33829: Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauth Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2023-35639P3HIGHCVSS 8.8fixed in 10.0.19041.38032023-12-12
CVE-2023-35639 [HIGH] CWE-122 CVE-2023-35639: Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability
nvd
CVE-2024-26166P3HIGHCVSS 8.8fixed in 10.0.19044.41702024-03-12
CVE-2024-26166 [HIGH] CWE-122 CVE-2024-26166: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-21450P3HIGHCVSS 8.8fixed in 10.0.19044.42912024-03-12
CVE-2024-21450 [HIGH] CWE-190 CVE-2024-21450: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-21440P3HIGHCVSS 8.8fixed in 10.0.19044.42912024-03-12
CVE-2024-21440 [HIGH] CWE-197 CVE-2024-21440: Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability
nvd
CVE-2024-26162P3HIGHCVSS 8.8fixed in 10.0.19044.41702024-03-12
CVE-2024-26162 [HIGH] CWE-681 CVE-2024-26162: Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability
nvd
CVE-2024-26210P3HIGHCVSS 8.8fixed in 10.0.19044.42912024-04-09
CVE-2024-26210 [HIGH] CWE-122 CVE-2024-26210: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-26244P3HIGHCVSS 8.8fixed in 10.0.19044.42912024-04-09
CVE-2024-26244 [HIGH] CWE-191 CVE-2024-26244: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-26159P3HIGHCVSS 8.8fixed in 10.0.19044.42912024-03-12
CVE-2024-26159 [HIGH] CWE-122 CVE-2024-26159: Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability
nvd
CVE-2024-21451P3HIGHCVSS 8.8fixed in 10.0.19044.42912024-03-12
CVE-2024-21451 [HIGH] CWE-197 CVE-2024-21451: Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability
nvd
CVE-2024-21444P3HIGHCVSS 8.8fixed in 10.0.19044.42912024-03-12
CVE-2024-21444 [HIGH] CWE-190 CVE-2024-21444: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-21441P3HIGHCVSS 8.8fixed in 10.0.19044.42912024-03-12
CVE-2024-21441 [HIGH] CWE-190 CVE-2024-21441: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-26161P3HIGHCVSS 8.8fixed in 10.0.19044.42912024-03-12
CVE-2024-26161 [HIGH] CWE-122 CVE-2024-26161: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
← Previous16 / 92Next →