Microsoft Windows 10 21H2 vulnerabilities
1,827 known vulnerabilities affecting microsoft/windows_10_21h2.
Total CVEs
1,827
CISA KEV
87
actively exploited
Public exploits
54
Exploited in wild
97
Severity breakdown
CRITICAL44HIGH1303MEDIUM473LOW7
Vulnerabilities
Page 7 of 92
CVE-2024-38060P2HIGHCVSS 8.8fixed in 10.0.19044.46512024-07-09
CVE-2024-38060 [HIGH] CWE-122 CVE-2024-38060: Windows Imaging Component Remote Code Execution Vulnerability
Windows Imaging Component Remote Code Execution Vulnerability
nvd
CVE-2025-60724P2CRITICALCVSS 9.8fixed in 10.0.19044.65752025-11-11
CVE-2025-60724 [CRITICAL] CWE-122 CVE-2025-60724: Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execut
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
nvd
CVE-2023-28293P3HIGHCVSS 7.8PoCfixed in 10.0.19044.28462023-04-11
CVE-2023-28293 [HIGH] CWE-191 CVE-2023-28293: Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
nvd
CVE-2025-53766P2CRITICALCVSS 9.8fixed in 10.0.19044.62162025-08-12
CVE-2025-53766 [CRITICAL] CWE-122 CVE-2025-53766: Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a ne
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
nvd
CVE-2023-38039P3HIGHCVSS 7.5fixed in 10.0.19044.36932023-09-15
CVE-2023-38039 [HIGH] CWE-770 CVE-2023-38039: When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed la
When curl retrieves an HTTP response, it stores the incoming headers so that
they can be accessed later via the libcurl headers API.
However, curl did not have a limit in how many or how large headers it would
accept in a response, allowing a malicious server to stream an endless series
of headers and eventually cause curl to run out of heap memory.
nvd
CVE-2025-49730P3HIGHCVSS 7.8PoCfixed in 10.0.19044.60932025-07-08
CVE-2025-49730 [HIGH] CWE-122 CVE-2025-49730: Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an autho
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-49113P3HIGHCVSS 7.5fixed in 10.0.19044.52472024-12-12
CVE-2024-49113 [HIGH] CWE-125 CVE-2024-49113: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
nvd
CVE-2025-53145P2HIGHCVSS 8.8fixed in 10.0.19044.62162025-08-12
CVE-2025-53145 [HIGH] CWE-843 CVE-2025-53145: Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an a
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
nvd
CVE-2025-53144P2HIGHCVSS 8.8fixed in 10.0.19044.62162025-08-12
CVE-2025-53144 [HIGH] CWE-843 CVE-2025-53144: Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an a
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
nvd
CVE-2026-44815P2CRITICALCVSS 9.8fixed in 10.0.19044.74172026-06-09
CVE-2026-44815 [CRITICAL] CWE-121 CVE-2026-44815: Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code o
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
nvd
CVE-2026-47291P2CRITICALCVSS 9.8fixed in 10.0.19044.74172026-06-09
CVE-2026-47291 [CRITICAL] CWE-122 CVE-2026-47291: Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code o
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
nvd
CVE-2024-49122P2HIGHCVSS 8.1fixed in 10.0.19044.52472024-12-12
CVE-2024-49122 [HIGH] CWE-416 CVE-2024-49122: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
nvd
CVE-2023-36028P2CRITICALCVSS 9.8fixed in 10.0.19041.36932023-11-14
CVE-2023-36028 [CRITICAL] CWE-122 CVE-2023-36028: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
nvd
CVE-2023-28302P3HIGHCVSS 7.5fixed in 10.0.19044.28462023-04-11
CVE-2023-28302 [HIGH] CWE-20 CVE-2023-28302: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
nvd
CVE-2023-21769P3HIGHCVSS 7.5fixed in 10.0.19044.28462023-04-11
CVE-2023-21769 [HIGH] CWE-125 CVE-2023-21769: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
nvd
CVE-2023-24943P2CRITICALCVSS 9.8fixed in 10.0.19044.29652023-05-09
CVE-2023-24943 [CRITICAL] CWE-122 CVE-2023-24943: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
nvd
CVE-2024-38140P2CRITICALCVSS 9.8fixed in 10.0.19044.47802024-08-13
CVE-2024-38140 [CRITICAL] CWE-416 CVE-2024-38140: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
nvd
CVE-2023-23415P2CRITICALCVSS 9.8fixed in 10.0.19044.27282023-03-14
CVE-2023-23415 [CRITICAL] CWE-122 CVE-2023-23415: Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
nvd
CVE-2024-43532P2HIGHCVSS 8.8fixed in 10.0.19044.50112024-10-08
CVE-2024-43532 [HIGH] CWE-636 CVE-2024-43532: Remote Registry Service Elevation of Privilege Vulnerability
Remote Registry Service Elevation of Privilege Vulnerability
nvd
CVE-2023-36017P2HIGHCVSS 8.8fixed in 10.0.19041.36932023-11-14
CVE-2023-36017 [HIGH] CWE-843 CVE-2023-36017: Windows Scripting Engine Memory Corruption Vulnerability
Windows Scripting Engine Memory Corruption Vulnerability
nvd