Microsoft Windows 10 21H2 vulnerabilities

1,827 known vulnerabilities affecting microsoft/windows_10_21h2.

Total CVEs

1,827

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL44HIGH1303MEDIUM473LOW7

Vulnerabilities

SortPage 46 of 92

CVE-2026-26161P3HIGHCVSS 7.8fixed in 10.0.19044.71842026-04-14

CVE-2026-26161 [HIGH] CWE-20 CVE-2026-26161: Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevat Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2024-38239P3HIGHCVSS 7.2fixed in 10.0.19044.48942024-09-10

CVE-2024-38239 [HIGH] CWE-1390 CVE-2024-38239: Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability

nvd

CVE-2023-28232P3HIGHCVSS 7.5fixed in 10.0.19044.28462023-04-11

CVE-2023-28232 [HIGH] CWE-362 CVE-2023-28232: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

nvd

CVE-2024-38198P3HIGHCVSS 7.5fixed in 10.0.19044.47802024-08-13

CVE-2024-38198 [HIGH] CWE-345 CVE-2024-38198: Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability

nvd

CVE-2025-54919P3HIGHCVSS 7.5fixed in 10.0.19044.63322025-09-09

CVE-2025-54919 [HIGH] CWE-362 CVE-2025-54919: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.

nvd

CVE-2026-21235P3HIGHCVSS 7.3fixed in 10.0.19044.69372026-02-10

CVE-2026-21235 [HIGH] CWE-416 CVE-2026-21235: Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges l Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-49690P3HIGHCVSS 7.4fixed in 10.0.19044.60932025-07-08

CVE-2025-49690 [HIGH] CWE-362 CVE-2025-49690: Concurrent execution using shared resource with improper synchronization ('race condition') in Capab Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.

nvd

CVE-2025-25004P3HIGHCVSS 7.3fixed in 10.0.19044.64562025-10-14

CVE-2025-25004 [HIGH] CWE-284 CVE-2025-25004: Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-32149P3HIGHCVSS 7.3fixed in 10.0.19044.71842026-04-14

CVE-2026-32149 [HIGH] CWE-20 CVE-2026-32149: Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.

nvd

CVE-2026-20812P3MEDIUMCVSS 6.5fixed in 10.0.19044.68092026-01-13

CVE-2026-20812 [MEDIUM] CWE-20 CVE-2026-20812: Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authoriz Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.

nvd

CVE-2024-38064P3HIGHCVSS 7.5fixed in 10.0.19044.46512024-07-09

CVE-2024-38064 [HIGH] CWE-908 CVE-2024-38064: Windows TCP/IP Information Disclosure Vulnerability Windows TCP/IP Information Disclosure Vulnerability

nvd

CVE-2023-41766P3HIGHCVSS 7.8fixed in 10.0.19041.35702023-10-10

CVE-2023-41766 [HIGH] CWE-426 CVE-2023-41766: Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

nvd

CVE-2024-29050P3HIGHCVSS 7.8fixed in 10.0.19044.42912024-04-09

CVE-2024-29050 [HIGH] CWE-197 CVE-2024-29050: Windows Cryptographic Services Remote Code Execution Vulnerability Windows Cryptographic Services Remote Code Execution Vulnerability

nvd

CVE-2024-49076P3HIGHCVSS 7.8fixed in 10.0.19044.52472024-12-12

CVE-2024-49076 [HIGH] CWE-287 CVE-2024-49076: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

nvd

CVE-2023-35356P3HIGHCVSS 7.8fixed in 10.0.19041.32082023-07-11

CVE-2023-35356 [HIGH] CWE-843 CVE-2023-35356: Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability

nvd

CVE-2024-38051P3HIGHCVSS 7.8fixed in 10.0.19044.46512024-07-09

CVE-2024-38051 [HIGH] CWE-122 CVE-2024-38051: Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability

nvd

CVE-2024-38185P3HIGHCVSS 7.8fixed in 10.0.19044.46512024-08-13

CVE-2024-38185 [HIGH] CWE-822 CVE-2024-38185: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

nvd

CVE-2024-38187P3HIGHCVSS 7.8fixed in 10.0.19044.46512024-08-13

CVE-2024-38187 [HIGH] CWE-822 CVE-2024-38187: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

nvd

CVE-2024-30086P3HIGHCVSS 7.8fixed in 10.0.19044.45292024-06-11

CVE-2024-30086 [HIGH] CWE-416 CVE-2024-30086: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

nvd

CVE-2024-30095P3HIGHCVSS 7.8fixed in 10.0.19044.45292024-06-11

CVE-2024-30095 [HIGH] CWE-122 CVE-2024-30095: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

nvd

← Previous46 / 92Next →