Microsoft Windows 10 21H2 vulnerabilities
1,827 known vulnerabilities affecting microsoft/windows_10_21h2.
Total CVEs
1,827
CISA KEV
87
actively exploited
Public exploits
54
Exploited in wild
97
Severity breakdown
CRITICAL44HIGH1303MEDIUM473LOW7
Vulnerabilities
Page 19 of 92
CVE-2024-21391P3HIGHCVSS 8.8fixed in 10.0.19044.40462024-02-13
CVE-2024-21391 [HIGH] CWE-197 CVE-2024-21391: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-21352P3HIGHCVSS 8.8fixed in 10.0.19044.40462024-02-13
CVE-2024-21352 [HIGH] CWE-197 CVE-2024-21352: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2026-20872P3MEDIUMCVSS 6.5fixed in 10.0.19044.68092026-01-13
CVE-2026-20872 [MEDIUM] CWE-73 CVE-2026-20872: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2023-29362P3HIGHCVSS 8.8fixed in 10.0.14393.59892023-06-14
CVE-2023-29362 [HIGH] CWE-122 CVE-2023-29362: Remote Desktop Client Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
nvd
CVE-2024-43517P3HIGHCVSS 8.8fixed in 10.0.19044.50112024-10-08
CVE-2024-43517 [HIGH] CWE-122 CVE-2024-43517: Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
nvd
CVE-2024-38053P3HIGHCVSS 8.8fixed in 10.0.19044.46512024-07-09
CVE-2024-38053 [HIGH] CWE-416 CVE-2024-38053: Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
nvd
CVE-2025-29966P3HIGHCVSS 8.8fixed in 10.0.19044.58542025-05-13
CVE-2025-29966 [HIGH] CWE-122 CVE-2025-29966: Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
nvd
CVE-2026-32162P3HIGHCVSS 8.4fixed in 10.0.19044.71842026-04-14
CVE-2026-32162 [HIGH] CWE-349 CVE-2026-32162: Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized atta
Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
nvd
CVE-2024-43518P3HIGHCVSS 8.8fixed in 10.0.19044.50112024-10-08
CVE-2024-43518 [HIGH] CWE-122 CVE-2024-43518: Windows Telephony Server Remote Code Execution Vulnerability
Windows Telephony Server Remote Code Execution Vulnerability
nvd
CVE-2025-29964P3HIGHCVSS 8.8fixed in 10.0.19044.58542025-05-13
CVE-2025-29964 [HIGH] CWE-122 CVE-2025-29964: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a n
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-29963P3HIGHCVSS 8.8fixed in 10.0.19044.58542025-05-13
CVE-2025-29963 [HIGH] CWE-122 CVE-2025-29963: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a n
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-49740P3HIGHCVSS 8.8fixed in 10.0.19044.60932025-07-08
CVE-2025-49740 [HIGH] CWE-693 CVE-2025-49740: Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a secu
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
nvd
CVE-2025-21224P3HIGHCVSS 8.1fixed in 10.0.19044.53712025-01-14
CVE-2025-21224 [HIGH] CWE-416 CVE-2025-21224: Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
nvd
CVE-2024-38045P3HIGHCVSS 8.1fixed in 10.0.19044.48942024-09-10
CVE-2024-38045 [HIGH] CWE-122 CVE-2024-38045: Windows TCP/IP Remote Code Execution Vulnerability
Windows TCP/IP Remote Code Execution Vulnerability
nvd
CVE-2025-59516P3HIGHCVSS 7.8fixed in 10.0.19044.66912025-12-09
CVE-2025-59516 [HIGH] CWE-73 CVE-2025-59516: Missing authentication for critical function in Windows Storage VSP Driver allows an authorized atta
Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-49124P3HIGHCVSS 8.1fixed in 10.0.19044.52472024-12-12
CVE-2024-49124 [HIGH] CWE-362 CVE-2024-49124: Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
nvd
CVE-2025-62472P3HIGHCVSS 7.8fixed in 10.0.19044.66912025-12-09
CVE-2025-62472 [HIGH] CWE-416 CVE-2025-62472: Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attac
Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-49127P3HIGHCVSS 8.1fixed in 10.0.19044.52472024-12-12
CVE-2024-49127 [HIGH] CWE-416 CVE-2024-49127: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
nvd
CVE-2025-29810P3HIGHCVSS 7.5fixed in 10.0.19044.57372025-04-08
CVE-2025-29810 [HIGH] CWE-284 CVE-2025-29810: Improper access control in Active Directory Domain Services allows an authorized attacker to elevate
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2024-26218P3HIGHCVSS 7.8fixed in 10.0.19044.42912024-04-09
CVE-2024-26218 [HIGH] CWE-367 CVE-2024-26218: Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
nvd