cbcvebase.

Microsoft Windows 10 21H2 vulnerabilities

1,827 known vulnerabilities affecting microsoft/windows_10_21h2.

Total CVEs
1,827
CISA KEV
87
actively exploited
Public exploits
54
Exploited in wild
97
Severity breakdown
CRITICAL44HIGH1303MEDIUM473LOW7

Vulnerabilities

Page 65 of 92
CVE-2025-24996P3MEDIUMCVSS 6.5fixed in 10.0.19044.56082025-03-11
CVE-2025-24996 [MEDIUM] CWE-73 CVE-2025-24996: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2023-36871P3MEDIUMCVSS 6.5fixed in 10.0.19041.32082023-07-11
CVE-2023-36871 [MEDIUM] CVE-2023-36871: Azure Active Directory Security Feature Bypass Vulnerability Azure Active Directory Security Feature Bypass Vulnerability
nvd
CVE-2026-26155P3MEDIUMCVSS 6.5fixed in 10.0.19044.71842026-04-14
CVE-2026-26155 [MEDIUM] CWE-126 CVE-2026-26155: Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
nvd
CVE-2026-42903P3MEDIUMCVSS 6.5fixed in 10.0.19044.74172026-06-09
CVE-2026-42903 [MEDIUM] CWE-476 CVE-2026-42903: Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a ne Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
nvd
CVE-2024-20661P3HIGHCVSS 7.5fixed in 10.0.19044.39302024-01-09
CVE-2024-20661 [HIGH] CWE-476 CVE-2024-20661: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
nvd
CVE-2023-36720P3HIGHCVSS 7.5fixed in 10.0.19041.35702023-10-10
CVE-2023-36720 [HIGH] CVE-2023-36720: Windows Mixed Reality Developer Tools Denial of Service Vulnerability Windows Mixed Reality Developer Tools Denial of Service Vulnerability
nvd
CVE-2023-36431P3HIGHCVSS 7.5fixed in 10.0.19041.35702023-10-10
CVE-2023-36431 [HIGH] CWE-400 CVE-2023-36431: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
nvd
CVE-2023-36579P3HIGHCVSS 7.5fixed in 10.0.19041.35702023-10-10
CVE-2023-36579 [HIGH] CWE-400 CVE-2023-36579: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
nvd
CVE-2023-36581P3HIGHCVSS 7.5fixed in 10.0.19041.35702023-10-10
CVE-2023-36581 [HIGH] CWE-126 CVE-2023-36581: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
nvd
CVE-2025-21276P3HIGHCVSS 7.5fixed in 10.0.19044.53712025-01-14
CVE-2025-21276 [HIGH] CWE-191 CVE-2025-21276: Windows MapUrlToZone Denial of Service Vulnerability Windows MapUrlToZone Denial of Service Vulnerability
nvd
CVE-2025-21207P3HIGHCVSS 7.5fixed in 10.0.19044.53712025-01-14
CVE-2025-21207 [HIGH] CWE-400 CVE-2025-21207: Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
nvd
CVE-2023-28241P3HIGHCVSS 7.5fixed in 10.0.19044.28462023-04-11
CVE-2023-28241 [HIGH] CVE-2023-28241: Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
nvd
CVE-2023-28217P3HIGHCVSS 7.5fixed in 10.0.19044.28462023-04-11
CVE-2023-28217 [HIGH] CWE-400 CVE-2023-28217: Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT) Denial of Service Vulnerability
nvd
CVE-2023-24942P3HIGHCVSS 7.5fixed in 10.0.19044.29652023-05-09
CVE-2023-24942 [HIGH] CWE-126 CVE-2023-24942: Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability
nvd
CVE-2023-24948P3HIGHCVSS 7.4fixed in 10.0.19044.29652023-05-09
CVE-2023-24948 [HIGH] CWE-122 CVE-2023-24948: Windows Bluetooth Driver Elevation of Privilege Vulnerability Windows Bluetooth Driver Elevation of Privilege Vulnerability
nvd
CVE-2023-32054P3HIGHCVSS 7.3fixed in 10.0.19041.32082023-07-11
CVE-2023-32054 [HIGH] CWE-36 CVE-2023-32054: Volume Shadow Copy Elevation of Privilege Vulnerability Volume Shadow Copy Elevation of Privilege Vulnerability
nvd
CVE-2025-48819P3HIGHCVSS 7.1fixed in 10.0.19044.60932025-07-08
CVE-2025-48819 [HIGH] CWE-591 CVE-2025-48819: Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
nvd
CVE-2025-53139P3HIGHCVSS 7.1fixed in 10.0.19044.64562025-10-14
CVE-2025-53139 [HIGH] CWE-319 CVE-2025-53139: Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally.
nvd
CVE-2025-58735P3HIGHCVSS 7.0fixed in 10.0.19044.64562025-10-14
CVE-2025-58735 [HIGH] CWE-416 CVE-2025-58735: Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
nvd
CVE-2025-58732P3HIGHCVSS 7.0fixed in 10.0.19044.64562025-10-14
CVE-2025-58732 [HIGH] CWE-416 CVE-2025-58732: Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
nvd
← Previous65 / 92Next →
Microsoft Windows 10 21H2 vulnerabilities | cvebase