Microsoft Windows 10 21H2 vulnerabilities
1,827 known vulnerabilities affecting microsoft/windows_10_21h2.
Total CVEs
1,827
CISA KEV
87
actively exploited
Public exploits
54
Exploited in wild
97
Severity breakdown
CRITICAL44HIGH1303MEDIUM473LOW7
Vulnerabilities
Page 73 of 92
CVE-2024-38161P4MEDIUMCVSS 6.8fixed in 10.0.19044.46512024-08-13
CVE-2024-38161 [MEDIUM] CWE-122 CVE-2024-38161: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
nvd
CVE-2023-24883P4MEDIUMCVSS 6.5fixed in 10.0.19044.28462023-04-11
CVE-2023-24883 [MEDIUM] CWE-126 CVE-2023-24883: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
nvd
CVE-2023-24906P4MEDIUMCVSS 6.5fixed in 10.0.19044.27282023-03-14
CVE-2023-24906 [MEDIUM] CWE-190 CVE-2023-24906: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
nvd
CVE-2023-24857P4MEDIUMCVSS 6.5fixed in 10.0.19044.27282023-03-14
CVE-2023-24857 [MEDIUM] CWE-126 CVE-2023-24857: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
nvd
CVE-2023-24863P4MEDIUMCVSS 6.5fixed in 10.0.19044.27282023-03-14
CVE-2023-24863 [MEDIUM] CWE-190 CVE-2023-24863: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
nvd
CVE-2023-24870P4MEDIUMCVSS 6.5fixed in 10.0.19044.27282023-03-14
CVE-2023-24870 [MEDIUM] CWE-126 CVE-2023-24870: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
nvd
CVE-2024-43523P4MEDIUMCVSS 6.8fixed in 10.0.19044.50112024-10-08
CVE-2024-43523 [MEDIUM] CWE-20 CVE-2024-43523: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
nvd
CVE-2024-43524P4MEDIUMCVSS 6.8fixed in 10.0.19044.50112024-10-08
CVE-2024-43524 [MEDIUM] CWE-118 CVE-2024-43524: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
nvd
CVE-2024-43525P4MEDIUMCVSS 6.8fixed in 10.0.19044.50112024-10-08
CVE-2024-43525 [MEDIUM] CWE-20 CVE-2024-43525: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
nvd
CVE-2024-43526P4MEDIUMCVSS 6.8fixed in 10.0.19044.50112024-10-08
CVE-2024-43526 [MEDIUM] CWE-20 CVE-2024-43526: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
nvd
CVE-2024-43543P4MEDIUMCVSS 6.8fixed in 10.0.19044.50112024-10-08
CVE-2024-43543 [MEDIUM] CWE-601 CVE-2024-43543: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
nvd
CVE-2024-43536P4MEDIUMCVSS 6.8fixed in 10.0.19044.50112024-10-08
CVE-2024-43536 [MEDIUM] CWE-601 CVE-2024-43536: Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
nvd
CVE-2024-21431P4MEDIUMCVSS 6.7fixed in 10.0.19044.41702024-03-12
CVE-2024-21431 [MEDIUM] CWE-732 CVE-2024-21431: Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
nvd
CVE-2025-49743P4MEDIUMCVSS 6.7fixed in 10.0.19044.62162025-08-12
CVE-2025-49743 [MEDIUM] CWE-362 CVE-2025-49743: Concurrent execution using shared resource with improper synchronization ('race condition') in Micro
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-48811P4MEDIUMCVSS 6.7fixed in 10.0.19044.60932025-07-08
CVE-2025-48811 [MEDIUM] CWE-353 CVE-2025-48811: Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-48803P4MEDIUMCVSS 6.7fixed in 10.0.19044.60932025-07-08
CVE-2025-48803 [MEDIUM] CWE-353 CVE-2025-48803: Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-26209P4MEDIUMCVSS 5.5fixed in 10.0.19044.42912024-04-09
CVE-2024-26209 [MEDIUM] CWE-908 CVE-2024-26209: Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
nvd
CVE-2026-40380P4MEDIUMCVSS 6.2fixed in 10.0.19044.72912026-05-12
CVE-2026-40380 [MEDIUM] CWE-122 CVE-2026-40380: Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execu
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
nvd
CVE-2026-32072P4MEDIUMCVSS 6.2fixed in 10.0.19044.71842026-04-14
CVE-2026-32072 [MEDIUM] CWE-287 CVE-2026-32072: Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoof
Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
nvd
CVE-2026-20927P4MEDIUMCVSS 5.3fixed in 10.0.19044.68092026-01-13
CVE-2026-20927 [MEDIUM] CWE-362 CVE-2026-20927: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network.
nvd