Microsoft Windows 10 21H2 vulnerabilities

1,827 known vulnerabilities affecting microsoft/windows_10_21h2.

Total CVEs

1,827

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL44HIGH1303MEDIUM473LOW7

Vulnerabilities

SortPage 27 of 92

CVE-2026-44801P3HIGHCVSS 7.5fixed in 10.0.19044.74172026-06-09

CVE-2026-44801 [HIGH] CWE-416 CVE-2026-44801: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

nvd

CVE-2026-42992P3HIGHCVSS 7.5fixed in 10.0.19044.74172026-06-09

CVE-2026-42992 [HIGH] CWE-122 CVE-2026-42992: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

nvd

CVE-2026-44799P3HIGHCVSS 7.5fixed in 10.0.19044.74172026-06-09

CVE-2026-44799 [HIGH] CWE-122 CVE-2026-44799: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

nvd

CVE-2024-38241P3HIGHCVSS 7.8fixed in 10.0.19044.48942024-09-10

CVE-2024-38241 [HIGH] CWE-20 CVE-2024-38241: Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability

nvd

CVE-2026-42993P3HIGHCVSS 7.5fixed in 10.0.19044.74172026-06-09

CVE-2026-42993 [HIGH] CWE-122 CVE-2026-42993: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

nvd

CVE-2026-42909P3HIGHCVSS 7.5fixed in 10.0.19044.74172026-06-09

CVE-2026-42909 [HIGH] CWE-362 CVE-2026-42909: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

nvd

CVE-2024-43623P3HIGHCVSS 7.8fixed in 10.0.19044.51312024-11-12

CVE-2024-43623 [HIGH] CWE-190 CVE-2024-43623: Windows NT OS Kernel Elevation of Privilege Vulnerability Windows NT OS Kernel Elevation of Privilege Vulnerability

nvd

CVE-2024-26211P3HIGHCVSS 7.8fixed in 10.0.19044.44122024-04-09

CVE-2024-26211 [HIGH] CWE-122 CVE-2024-26211: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

nvd

CVE-2024-49105P3HIGHCVSS 8.4fixed in 10.0.19044.52472024-12-12

CVE-2024-49105 [HIGH] CWE-284 CVE-2024-49105: Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability

nvd

CVE-2025-30388P3HIGHCVSS 7.8fixed in 10.0.19044.58542025-05-13

CVE-2025-30388 [HIGH] CWE-122 CVE-2025-30388: Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

nvd

CVE-2025-49687P3HIGHCVSS 8.8fixed in 10.0.19044.60932025-07-08

CVE-2025-49687 [HIGH] CWE-125 CVE-2025-49687: Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate p Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

nvd

CVE-2023-23405P3HIGHCVSS 8.1fixed in 10.0.19044.27282023-03-14

CVE-2023-23405 [HIGH] CWE-190 CVE-2023-23405: Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability

nvd

CVE-2023-24908P3HIGHCVSS 8.1fixed in 10.0.19044.27282023-03-14

CVE-2023-24908 [HIGH] CWE-190 CVE-2023-24908: Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability

nvd

CVE-2023-24869P3HIGHCVSS 8.1fixed in 10.0.19044.27282023-03-14

CVE-2023-24869 [HIGH] CWE-190 CVE-2023-24869: Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability

nvd

CVE-2023-21712P3HIGHCVSS 8.1fixed in 10.0.19044.22512023-04-27

CVE-2023-21712 [HIGH] CWE-362 CVE-2023-21712: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

nvd

CVE-2023-24903P3HIGHCVSS 8.1fixed in 10.0.19044.29652023-05-09

CVE-2023-24903 [HIGH] CWE-415 CVE-2023-24903: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

nvd

CVE-2023-23404P3HIGHCVSS 8.1fixed in 10.0.19044.27282023-03-14

CVE-2023-23404 [HIGH] CWE-416 CVE-2023-23404: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

nvd

CVE-2024-21307P3HIGHCVSS 7.5fixed in 10.0.19044.39302024-01-09

CVE-2024-21307 [HIGH] CWE-416 CVE-2024-21307: Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability

nvd

CVE-2025-24067P3HIGHCVSS 7.8fixed in 10.0.19044.56082025-03-11

CVE-2025-24067 [HIGH] CWE-122 CVE-2025-24067: Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate p Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-24066P3HIGHCVSS 7.8fixed in 10.0.19044.56082025-03-11

CVE-2025-24066 [HIGH] CWE-122 CVE-2025-24066: Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate p Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

nvd

← Previous27 / 92Next →