Microsoft Windows 10 21H2 vulnerabilities

CVE-2025-49659 [HIGH] CWE-126 CVE-2025-49659: Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.

CVE-2025-49679 [HIGH] CWE-197 CVE-2025-49679: Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locall Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally.

CVE-2026-23672 [HIGH] CWE-125 CVE-2026-23672: Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

CVE-2025-47996 [HIGH] CWE-125 CVE-2025-47996: Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

CVE-2025-48816 [HIGH] CWE-125 CVE-2025-48816: Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileg Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally.

CVE-2026-25174 [HIGH] CWE-125 CVE-2026-25174: Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate pr Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally.

CVE-2025-47991 [HIGH] CWE-416 CVE-2025-47991: Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privi Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

CVE-2024-26248 [HIGH] CWE-303 CVE-2024-26248: Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability

CVE-2025-49742 [HIGH] CWE-122 CVE-2025-49742: Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to exec Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

CVE-2026-34336 [HIGH] CWE-122 CVE-2026-34336: Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

CVE-2026-26184 [HIGH] CWE-126 CVE-2026-26184: Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privilege Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

CVE-2026-45592 [HIGH] CWE-190 CVE-2026-45592: Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to el Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.

CVE-2024-30092 [HIGH] CWE-20 CVE-2024-30092: Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability

CVE-2025-64658 [HIGH] CWE-362 CVE-2025-64658: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.

CVE-2025-54911 [HIGH] CWE-416 CVE-2025-54911: Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.

CVE-2026-21247 [HIGH] CWE-20 CVE-2026-21247: Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.

CVE-2023-35387 [HIGH] CWE-191 CVE-2023-35387: Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability

CVE-2023-32009 [HIGH] CWE-284 CVE-2023-32009: Windows Collaborative Translation Framework Elevation of Privilege Vulnerability Windows Collaborative Translation Framework Elevation of Privilege Vulnerability

CVE-2024-21371 [HIGH] CWE-367 CVE-2024-21371: Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability

CVE-2026-23668 [HIGH] CWE-362 CVE-2026-23668: Concurrent execution using shared resource with improper synchronization ('race condition') in Micro Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.