cbcvebase.

Microsoft Windows 10 21H2 vulnerabilities

1,827 known vulnerabilities affecting microsoft/windows_10_21h2.

Total CVEs
1,827
CISA KEV
87
actively exploited
Public exploits
54
Exploited in wild
97
Severity breakdown
CRITICAL44HIGH1303MEDIUM473LOW7

Vulnerabilities

Page 42 of 92
CVE-2024-38057P3HIGHCVSS 7.8fixed in 10.0.19044.46512024-07-09
CVE-2024-38057 [HIGH] CWE-125 CVE-2024-38057: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
nvd
CVE-2024-38243P3HIGHCVSS 7.8fixed in 10.0.19044.48942024-09-10
CVE-2024-38243 [HIGH] CWE-20 CVE-2024-38243: Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability
nvd
CVE-2024-38238P3HIGHCVSS 7.8fixed in 10.0.19044.48942024-09-10
CVE-2024-38238 [HIGH] CWE-122 CVE-2024-38238: Kernel Streaming Service Driver Elevation of Privilege Vulnerability Kernel Streaming Service Driver Elevation of Privilege Vulnerability
nvd
CVE-2024-38070P3HIGHCVSS 7.8fixed in 10.0.19044.46512024-07-09
CVE-2024-38070 [HIGH] CWE-693 CVE-2024-38070: Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability
nvd
CVE-2025-33056P3HIGHCVSS 7.5fixed in 10.0.19044.59652025-06-10
CVE-2025-33056 [HIGH] CWE-284 CVE-2025-33056: Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.
nvd
CVE-2025-21375P3HIGHCVSS 7.8fixed in 10.0.19044.54872025-02-11
CVE-2025-21375 [HIGH] CWE-20 CVE-2025-21375: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
nvd
CVE-2025-27476P3HIGHCVSS 7.8fixed in 10.0.19044.57372025-04-08
CVE-2025-27476 [HIGH] CWE-416 CVE-2025-27476: Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-27467P3HIGHCVSS 7.8fixed in 10.0.19044.57372025-04-08
CVE-2025-27467 [HIGH] CWE-416 CVE-2025-27467: Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-27730P3HIGHCVSS 7.8fixed in 10.0.19044.57372025-04-08
CVE-2025-27730 [HIGH] CWE-415 CVE-2025-27730: Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-26679P3HIGHCVSS 7.8fixed in 10.0.19044.57372025-04-08
CVE-2025-26679 [HIGH] CWE-416 CVE-2025-26679: Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges lo Use after free in RPC Endpoint Mapper Service allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-24072P3HIGHCVSS 7.8fixed in 10.0.19044.56082025-03-11
CVE-2025-24072 [HIGH] CWE-416 CVE-2025-24072: Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker t Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-47656P3HIGHCVSS 7.9fixed in 10.0.19044.74172026-06-09
CVE-2026-47656 [HIGH] CWE-693 CVE-2026-47656: Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a secur Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.
nvd
CVE-2025-24062P3HIGHCVSS 7.8fixed in 10.0.19044.57372025-04-08
CVE-2025-24062 [HIGH] CWE-20 CVE-2025-24062: Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privi Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-24060P3HIGHCVSS 7.8fixed in 10.0.19044.57372025-04-08
CVE-2025-24060 [HIGH] CWE-20 CVE-2025-24060: Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privi Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-53723P3HIGHCVSS 7.8fixed in 10.0.19044.62162025-08-12
CVE-2025-53723 [HIGH] CWE-122 CVE-2025-53723: Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges loca Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-26648P3HIGHCVSS 7.8fixed in 10.0.19044.57372025-04-08
CVE-2025-26648 [HIGH] CWE-416 CVE-2025-26648: Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker t Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-53801P3HIGHCVSS 7.8fixed in 10.0.19044.63322025-09-09
CVE-2025-53801 [HIGH] CWE-822 CVE-2025-53801: Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges loc Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-25165P3HIGHCVSS 7.8fixed in 10.0.19044.70582026-03-10
CVE-2026-25165 [HIGH] CWE-476 CVE-2026-25165: Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate pr Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-24293P3HIGHCVSS 7.8fixed in 10.0.19044.70582026-03-10
CVE-2026-24293 [HIGH] CWE-476 CVE-2026-24293: Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attac Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-48815P3HIGHCVSS 7.8fixed in 10.0.19044.60932025-07-08
CVE-2025-48815 [HIGH] CWE-843 CVE-2025-48815: Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an auth Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
nvd
← Previous42 / 92Next →
Microsoft Windows 10 21H2 vulnerabilities | cvebase