Microsoft Windows 10 21H2 vulnerabilities
1,827 known vulnerabilities affecting microsoft/windows_10_21h2.
Total CVEs
1,827
CISA KEV
87
actively exploited
Public exploits
54
Exploited in wild
97
Severity breakdown
CRITICAL44HIGH1303MEDIUM473LOW7
Vulnerabilities
Page 25 of 92
CVE-2025-59242P3HIGHCVSS 7.8fixed in 10.0.19044.64562025-10-14
CVE-2025-59242 [HIGH] CWE-122 CVE-2025-59242: Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized att
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-40407P3HIGHCVSS 7.8fixed in 10.0.19044.72912026-05-12
CVE-2026-40407 [HIGH] CWE-122 CVE-2026-40407: Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-59191P3HIGHCVSS 7.8fixed in 10.0.19044.64562025-10-14
CVE-2025-59191 [HIGH] CWE-122 CVE-2025-59191: Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attac
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-29969P3HIGHCVSS 7.5fixed in 10.0.19044.58542025-05-13
CVE-2025-29969 [HIGH] CWE-367 CVE-2025-29969: Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attac
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.
nvd
CVE-2026-40406P3HIGHCVSS 7.5fixed in 10.0.19044.72912026-05-12
CVE-2026-40406 [HIGH] CWE-416 CVE-2026-40406: Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a netw
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
nvd
CVE-2023-32056P3CRITICALCVSS 9.8fixed in 10.0.19041.32082023-07-11
CVE-2023-32056 [CRITICAL] CWE-59 CVE-2023-32056: Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
nvd
CVE-2023-33154P3CRITICALCVSS 9.8fixed in 10.0.19041.32082023-07-11
CVE-2023-33154 [CRITICAL] CWE-367 CVE-2023-33154: Windows Partition Management Driver Elevation of Privilege Vulnerability
Windows Partition Management Driver Elevation of Privilege Vulnerability
nvd
CVE-2023-24864P3HIGHCVSS 8.8fixed in 10.0.19044.27282023-03-14
CVE-2023-24864 [HIGH] CWE-191 CVE-2023-24864: Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability
nvd
CVE-2025-26669P3HIGHCVSS 8.8fixed in 10.0.19044.57372025-04-08
CVE-2025-26669 [HIGH] CWE-125 CVE-2025-26669: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
nvd
CVE-2023-21799P3HIGHCVSS 8.8fixed in 10.0.19044.26042023-02-14
CVE-2023-21799 [HIGH] CWE-122 CVE-2023-21799: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2023-21686P3HIGHCVSS 8.8fixed in 10.0.19044.26042023-02-14
CVE-2023-21686 [HIGH] CWE-190 CVE-2023-21686: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-20700P3HIGHCVSS 7.5fixed in 10.0.19044.39302024-01-09
CVE-2024-20700 [HIGH] CWE-362 CVE-2024-20700: Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
nvd
CVE-2025-49723P3HIGHCVSS 8.8fixed in 10.0.19044.60932025-07-08
CVE-2025-49723 [HIGH] CWE-862 CVE-2025-49723: Missing authorization in Windows StateRepository API allows an authorized attacker to perform tamper
Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.
nvd
CVE-2023-36697P3HIGHCVSS 8.0fixed in 10.0.19041.35702023-10-10
CVE-2023-36697 [HIGH] CWE-20 CVE-2023-36697: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
nvd
CVE-2024-20654P3HIGHCVSS 8.0fixed in 10.0.19044.39302024-01-09
CVE-2024-20654 [HIGH] CWE-190 CVE-2024-20654: Microsoft ODBC Driver Remote Code Execution Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
nvd
CVE-2024-21437P3HIGHCVSS 7.8fixed in 10.0.19044.41702024-03-12
CVE-2024-21437 [HIGH] CWE-416 CVE-2024-21437: Windows Graphics Component Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
nvd
CVE-2026-27909P3HIGHCVSS 7.8fixed in 10.0.19044.71842026-04-14
CVE-2026-27909 [HIGH] CWE-416 CVE-2026-27909: Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privil
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-42986P3HIGHCVSS 7.8fixed in 10.0.19044.74172026-06-09
CVE-2026-42986 [HIGH] CWE-416 CVE-2026-42986: Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges l
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-54100P3HIGHCVSS 7.8fixed in 10.0.19044.66912025-12-09
CVE-2025-54100 [HIGH] CWE-77 CVE-2025-54100: Improper neutralization of special elements used in a command ('command injection') in Windows Power
Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally.
nvd
CVE-2024-26208P3HIGHCVSS 7.2fixed in 10.0.19044.42912024-04-09
CVE-2024-26208 [HIGH] CWE-191 CVE-2024-26208: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
nvd