~/products/microsoft/windows_10_21h2

pipeline liveDigest Docs

Microsoft Windows 10 21H2 vulnerabilities

1,827 known vulnerabilities affecting microsoft/windows_10_21h2.

Total CVEs

1,827

CISA KEV

87

actively exploited

Public exploits

54

Exploited in wild

97

Severity breakdown

CRITICAL44HIGH1303MEDIUM473LOW7

Vulnerabilities

SortPage 67 of 92

CVE-2023-33172P3HIGHCVSS 7.5fixed in 10.0.19041.32082023-07-11

CVE-2023-33172 [HIGH] CWE-126 CVE-2023-33172: Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability

CVE-2023-33168P3HIGHCVSS 7.5fixed in 10.0.19041.32082023-07-11

CVE-2023-33168 [HIGH] CWE-126 CVE-2023-33168: Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability

CVE-2023-33167P3HIGHCVSS 7.5fixed in 10.0.19041.32082023-07-11

CVE-2023-33167 [HIGH] CWE-126 CVE-2023-33167: Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability

CVE-2023-33166P3HIGHCVSS 7.5fixed in 10.0.19041.32082023-07-11

CVE-2023-33166 [HIGH] CWE-126 CVE-2023-33166: Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability

CVE-2023-32034P3HIGHCVSS 7.5fixed in 10.0.19041.32082023-07-11

CVE-2023-32034 [HIGH] CWE-125 CVE-2023-32034: Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability

CVE-2023-32035P3HIGHCVSS 7.5fixed in 10.0.19041.32082023-07-11

CVE-2023-32035 [HIGH] CWE-125 CVE-2023-32035: Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability

CVE-2023-33169P3HIGHCVSS 7.5fixed in 10.0.19041.32082023-07-11

CVE-2023-33169 [HIGH] CWE-126 CVE-2023-33169: Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability

CVE-2023-36805P4HIGHCVSS 7.0fixed in 10.0.19044.34482023-09-12

CVE-2023-36805 [HIGH] CWE-77 CVE-2023-36805: Windows MSHTML Platform Security Feature Bypass Vulnerability Windows MSHTML Platform Security Feature Bypass Vulnerability

CVE-2024-38032P3HIGHCVSS 7.1fixed in 10.0.19044.46512024-07-09

CVE-2024-38032 [HIGH] CWE-122 CVE-2024-38032: Microsoft Xbox Remote Code Execution Vulnerability Microsoft Xbox Remote Code Execution Vulnerability

CVE-2024-21302P4MEDIUMCVSS 6.7fixed in 10.0.19044.47802024-08-08

CVE-2024-21302 [MEDIUM] CWE-284 CVE-2024-21302: Summary: As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See K Summary: As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this vulnerability. An elevation of privilege vulnerability exis

CVE-2024-30099P4HIGHCVSS 7.0fixed in 10.0.19044.45292024-06-11

CVE-2024-30099 [HIGH] CWE-367 CVE-2024-30099: Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-24954P4MEDIUMCVSS 6.5fixed in 10.0.19044.29652023-05-09

CVE-2023-24954 [MEDIUM] CWE-918 CVE-2023-24954: Microsoft SharePoint Server Information Disclosure Vulnerability Microsoft SharePoint Server Information Disclosure Vulnerability

CVE-2025-26640P4HIGHCVSS 7.0fixed in 10.0.19044.57372025-04-08

CVE-2025-26640 [HIGH] CWE-415 CVE-2025-26640: Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

CVE-2023-35384P4MEDIUMCVSS 6.5fixed in 10.0.19044.33242023-08-08

CVE-2023-35384 [MEDIUM] CWE-73 CVE-2023-35384: Windows HTML Platforms Security Feature Bypass Vulnerability Windows HTML Platforms Security Feature Bypass Vulnerability

CVE-2024-38069P4HIGHCVSS 7.0fixed in 10.0.19044.46512024-07-09

CVE-2024-38069 [HIGH] CWE-347 CVE-2024-38069: Windows Enroll Engine Security Feature Bypass Vulnerability Windows Enroll Engine Security Feature Bypass Vulnerability

CVE-2025-49685P4HIGHCVSS 7.0fixed in 10.0.19044.60932025-07-08

CVE-2025-49685 [HIGH] CWE-416 CVE-2025-49685: Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privil Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.

CVE-2025-27732P4HIGHCVSS 7.0fixed in 10.0.19044.57372025-04-08

CVE-2025-27732 [HIGH] CWE-591 CVE-2025-27732: Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized att Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2025-26665P4HIGHCVSS 7.0fixed in 10.0.19044.57372025-04-08

CVE-2025-26665 [HIGH] CWE-591 CVE-2025-26665: Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized atta Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.

CVE-2025-62219P4HIGHCVSS 7.0fixed in 10.0.19044.65752025-11-11

CVE-2025-62219 [HIGH] CWE-362 CVE-2025-62219: Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privi Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.

CVE-2025-27468P4HIGHCVSS 7.0fixed in 10.0.19044.58542025-05-13

CVE-2025-27468 [HIGH] CWE-269 CVE-2025-27468: Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.

← Previous67 / 92Next →

Microsoft Windows 10 21H2 vulnerabilities | cvebase