Microsoft Windows 10 21H2 vulnerabilities

1,827 known vulnerabilities affecting microsoft/windows_10_21h2.

Total CVEs

1,827

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL44HIGH1303MEDIUM473LOW7

Vulnerabilities

SortPage 68 of 92

CVE-2025-55696P4HIGHCVSS 7.0fixed in 10.0.19044.64562025-10-14

CVE-2025-55696 [HIGH] CWE-367 CVE-2025-55696: Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) all Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-27929P4HIGHCVSS 7.0fixed in 10.0.19044.71842026-04-14

CVE-2026-27929 [HIGH] CWE-367 CVE-2026-27929: Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-47648P3HIGHCVSS 7.0fixed in 10.0.19044.74172026-06-09

CVE-2026-47648 [HIGH] CWE-426 CVE-2026-47648: Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-45487P4HIGHCVSS 7.0fixed in 10.0.19044.74172026-06-09

CVE-2026-45487 [HIGH] CWE-367 CVE-2026-45487: Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-29960P3MEDIUMCVSS 6.5fixed in 10.0.19044.58542025-05-13

CVE-2025-29960 [MEDIUM] CWE-125 CVE-2025-29960: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-29959P3MEDIUMCVSS 6.5fixed in 10.0.19044.58542025-05-13

CVE-2025-29959 [MEDIUM] CWE-908 CVE-2025-29959: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthor Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2023-29352P4MEDIUMCVSS 6.5fixed in 10.0.19044.30862023-06-14

CVE-2023-29352 [MEDIUM] CVE-2023-29352: Windows Remote Desktop Security Feature Bypass Vulnerability Windows Remote Desktop Security Feature Bypass Vulnerability

nvd

CVE-2024-43487P3MEDIUMCVSS 6.5fixed in 10.0.19044.48942024-09-10

CVE-2024-43487 [MEDIUM] CWE-693 CVE-2024-43487: Windows Mark of the Web Security Feature Bypass Vulnerability Windows Mark of the Web Security Feature Bypass Vulnerability

nvd

CVE-2025-29958P3MEDIUMCVSS 6.5fixed in 10.0.19044.58542025-05-13

CVE-2025-29958 [MEDIUM] CWE-908 CVE-2025-29958: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthor Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-29961P3MEDIUMCVSS 6.5fixed in 10.0.19044.58542025-05-13

CVE-2025-29961 [MEDIUM] CWE-125 CVE-2025-29961: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-29836P3MEDIUMCVSS 6.5fixed in 10.0.19044.58542025-05-13

CVE-2025-29836 [MEDIUM] CWE-125 CVE-2025-29836: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-29830P3MEDIUMCVSS 6.5fixed in 10.0.19044.58542025-05-13

CVE-2025-29830 [MEDIUM] CWE-908 CVE-2025-29830: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthor Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-29832P3MEDIUMCVSS 6.5fixed in 10.0.19044.58542025-05-13

CVE-2025-29832 [MEDIUM] CWE-125 CVE-2025-29832: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-29835P3MEDIUMCVSS 6.5fixed in 10.0.19044.58542025-05-13

CVE-2025-29835 [MEDIUM] CWE-125 CVE-2025-29835: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2023-35308P3MEDIUMCVSS 6.5fixed in 10.0.19041.32082023-07-11

CVE-2023-35308 [MEDIUM] CWE-73 CVE-2023-35308: Windows MSHTML Platform Security Feature Bypass Vulnerability Windows MSHTML Platform Security Feature Bypass Vulnerability

nvd

CVE-2025-54915P3MEDIUMCVSS 6.7fixed in 10.0.19044.63322025-09-09

CVE-2025-54915 [MEDIUM] CWE-843 CVE-2025-54915: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-54109P3MEDIUMCVSS 6.7fixed in 10.0.19044.63322025-09-09

CVE-2025-54109 [MEDIUM] CWE-843 CVE-2025-54109: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-54104P3MEDIUMCVSS 6.7fixed in 10.0.19044.63322025-09-09

CVE-2025-54104 [MEDIUM] CWE-843 CVE-2025-54104: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-53808P3MEDIUMCVSS 6.7fixed in 10.0.19044.63322025-09-09

CVE-2025-53808 [MEDIUM] CWE-843 CVE-2025-53808: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-53810P3MEDIUMCVSS 6.7fixed in 10.0.19044.63322025-09-09

CVE-2025-53810 [MEDIUM] CWE-843 CVE-2025-53810: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.

nvd

← Previous68 / 92Next →