Microsoft Windows 10 21H2 vulnerabilities

1,827 known vulnerabilities affecting microsoft/windows_10_21h2.

Total CVEs

1,827

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL44HIGH1303MEDIUM473LOW7

Vulnerabilities

SortPage 53 of 92

CVE-2025-60719P3HIGHCVSS 7.0fixed in 10.0.19044.65752025-11-11

CVE-2025-60719 [HIGH] CWE-822 CVE-2025-60719: Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-62213P3HIGHCVSS 7.0fixed in 10.0.19044.65752025-11-11

CVE-2025-62213 [HIGH] CWE-416 CVE-2025-62213: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-21197P3MEDIUMCVSS 6.5fixed in 10.0.19044.57372025-04-08

CVE-2025-21197 [MEDIUM] CWE-284 CVE-2025-21197: Improper access control in Windows NTFS allows an authorized attacker to disclose file path informat Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.

nvd

CVE-2025-49682P3HIGHCVSS 7.3fixed in 10.0.19044.60932025-07-08

CVE-2025-49682 [HIGH] CWE-416 CVE-2025-49682: Use after free in Windows Media allows an authorized attacker to elevate privileges locally. Use after free in Windows Media allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-49727P3HIGHCVSS 7.0fixed in 10.0.19044.60932025-07-08

CVE-2025-49727 [HIGH] CWE-122 CVE-2025-49727: Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privile Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-41108P3HIGHCVSS 7.0fixed in 10.0.19044.74172026-06-09

CVE-2026-41108 [HIGH] CWE-122 CVE-2026-41108: Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privile Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-58725P3HIGHCVSS 7.0fixed in 10.0.19044.64562025-10-14

CVE-2025-58725 [HIGH] CWE-122 CVE-2025-58725: Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locall Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.

nvd

CVE-2024-26254P3HIGHCVSS 7.5fixed in 10.0.19044.42912024-04-09

CVE-2024-26254 [HIGH] CWE-822 CVE-2024-26254: Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability

nvd

CVE-2023-35383P3HIGHCVSS 7.5fixed in 10.0.19044.33242023-08-08

CVE-2023-35383 [HIGH] CWE-190 CVE-2023-35383: Microsoft Message Queuing Information Disclosure Vulnerability Microsoft Message Queuing Information Disclosure Vulnerability

nvd

CVE-2023-36906P3HIGHCVSS 7.5fixed in 10.0.19044.33242023-08-08

CVE-2023-36906 [HIGH] CWE-170 CVE-2023-36906: Windows Cryptographic Services Information Disclosure Vulnerability Windows Cryptographic Services Information Disclosure Vulnerability

nvd

CVE-2023-36712P3HIGHCVSS 7.8fixed in 10.0.19041.35702023-10-10

CVE-2023-36712 [HIGH] CVE-2023-36712: Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability

nvd

CVE-2023-21817P3HIGHCVSS 7.8fixed in 10.0.19044.26042023-02-14

CVE-2023-21817 [HIGH] CWE-287 CVE-2023-21817: Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability

nvd

CVE-2023-21822P3HIGHCVSS 7.8fixed in 10.0.19044.26042023-02-14

CVE-2023-21822 [HIGH] CWE-416 CVE-2023-21822: Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability

nvd

CVE-2023-36726P3HIGHCVSS 7.8fixed in 10.0.19041.35702023-10-10

CVE-2023-36726 [HIGH] CWE-416 CVE-2023-36726: Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability

nvd

CVE-2023-21805P3HIGHCVSS 7.8fixed in 10.0.19044.26042023-02-14

CVE-2023-21805 [HIGH] CWE-77 CVE-2023-21805: Windows MSHTML Platform Remote Code Execution Vulnerability Windows MSHTML Platform Remote Code Execution Vulnerability

nvd

CVE-2023-21691P3HIGHCVSS 7.5fixed in 10.0.19044.26042023-02-14

CVE-2023-21691 [HIGH] CWE-125 CVE-2023-21691: Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability

nvd

CVE-2023-36711P3HIGHCVSS 7.8fixed in 10.0.19041.35702023-10-10

CVE-2023-36711 [HIGH] CWE-59 CVE-2023-36711: Windows Runtime C++ Template Library Elevation of Privilege Vulnerability Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

nvd

CVE-2023-35313P3HIGHCVSS 7.8fixed in 10.0.19041.32082023-07-11

CVE-2023-35313 [HIGH] CWE-416 CVE-2023-35313: Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability

nvd

CVE-2023-36605P3HIGHCVSS 7.8fixed in 10.0.19041.35702023-10-10

CVE-2023-36605 [HIGH] CWE-416 CVE-2023-36605: Windows Named Pipe Filesystem Elevation of Privilege Vulnerability Windows Named Pipe Filesystem Elevation of Privilege Vulnerability

nvd

CVE-2023-35312P3HIGHCVSS 7.8fixed in 10.0.19041.32082023-07-11

CVE-2023-35312 [HIGH] CWE-190 CVE-2023-35312: Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability

nvd

← Previous53 / 92Next →