Microsoft Windows 10 21H2 vulnerabilities
1,827 known vulnerabilities affecting microsoft/windows_10_21h2.
Total CVEs
1,827
CISA KEV
87
actively exploited
Public exploits
54
Exploited in wild
97
Severity breakdown
CRITICAL44HIGH1303MEDIUM473LOW7
Vulnerabilities
Page 76 of 92
CVE-2026-20821P4MEDIUMCVSS 6.2fixed in 10.0.19044.68092026-01-13
CVE-2026-20821 [MEDIUM] CWE-200 CVE-2026-20821: Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows a
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.
nvd
CVE-2023-36713P4MEDIUMCVSS 5.5fixed in 10.0.19041.35702023-10-10
CVE-2023-36713 [MEDIUM] CWE-908 CVE-2023-36713: Windows Common Log File System Driver Information Disclosure Vulnerability
Windows Common Log File System Driver Information Disclosure Vulnerability
nvd
CVE-2025-27471P4MEDIUMCVSS 5.9fixed in 10.0.19044.57372025-04-08
CVE-2025-27471 [MEDIUM] CWE-591 CVE-2025-27471: Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthor
Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network.
nvd
CVE-2026-20824P4MEDIUMCVSS 5.5fixed in 10.0.19044.68092026-01-13
CVE-2026-20824 [MEDIUM] CWE-693 CVE-2026-20824: Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass
Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.
nvd
CVE-2026-23670P4MEDIUMCVSS 5.7fixed in 10.0.19044.71842026-04-14
CVE-2026-23670 [MEDIUM] CWE-822 CVE-2026-23670: Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an autho
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
nvd
CVE-2026-32088P4MEDIUMCVSS 5.7fixed in 10.0.19044.71842026-04-14
CVE-2026-32088 [MEDIUM] CWE-362 CVE-2026-32088: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.
nvd
CVE-2025-54101P4MEDIUMCVSS 4.8fixed in 10.0.19044.63322025-09-09
CVE-2025-54101 [MEDIUM] CWE-416 CVE-2025-54101: Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.
Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.
nvd
CVE-2026-35423P4MEDIUMCVSS 5.4fixed in 10.0.19044.72912026-05-12
CVE-2026-35423 [MEDIUM] CWE-125 CVE-2026-35423: Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a n
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
nvd
CVE-2026-45595P4MEDIUMCVSS 5.4fixed in 10.0.19044.74172026-06-09
CVE-2026-45595 [MEDIUM] CWE-693 CVE-2026-45595: Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to by
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
nvd
CVE-2024-30037P4MEDIUMCVSS 5.5fixed in 10.0.19044.44122024-05-14
CVE-2024-30037 [MEDIUM] CWE-125 CVE-2024-30037: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
nvd
CVE-2022-26934P4MEDIUMCVSS 6.5fixed in 10.0.19044.17062022-05-10
CVE-2022-26934 [MEDIUM] CVE-2022-26934: Windows Graphics Component Information Disclosure Vulnerability
Windows Graphics Component Information Disclosure Vulnerability
nvd
CVE-2023-35347P4HIGHCVSS 7.1fixed in 10.0.19041.32082023-07-11
CVE-2023-35347 [HIGH] CWE-59 CVE-2023-35347: Microsoft Install Service Elevation of Privilege Vulnerability
Microsoft Install Service Elevation of Privilege Vulnerability
nvd
CVE-2023-28269P4MEDIUMCVSS 6.8fixed in 10.0.19044.28462023-04-11
CVE-2023-28269 [MEDIUM] CWE-122 CVE-2023-28269: Windows Boot Manager Security Feature Bypass Vulnerability
Windows Boot Manager Security Feature Bypass Vulnerability
nvd
CVE-2023-28249P4MEDIUMCVSS 6.8fixed in 10.0.19044.28462023-04-11
CVE-2023-28249 [MEDIUM] CWE-863 CVE-2023-28249: Windows Boot Manager Security Feature Bypass Vulnerability
Windows Boot Manager Security Feature Bypass Vulnerability
nvd
CVE-2025-49751P4MEDIUMCVSS 6.8fixed in 10.0.19044.62162025-08-12
CVE-2025-49751 [MEDIUM] CWE-820 CVE-2025-49751: Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adj
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
nvd
CVE-2024-38013P4MEDIUMCVSS 6.7fixed in 10.0.19044.46512024-07-09
CVE-2024-38013 [MEDIUM] CWE-59 CVE-2024-38013: Microsoft Windows Server Backup Elevation of Privilege Vulnerability
Microsoft Windows Server Backup Elevation of Privilege Vulnerability
nvd
CVE-2024-49101P4MEDIUMCVSS 6.6fixed in 10.0.19044.52472024-12-12
CVE-2024-49101 [MEDIUM] CWE-125 CVE-2024-49101: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
nvd
CVE-2024-49109P4MEDIUMCVSS 6.6fixed in 10.0.19044.52472024-12-12
CVE-2024-49109 [MEDIUM] CWE-125 CVE-2024-49109: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
nvd
CVE-2024-49081P4MEDIUMCVSS 6.6fixed in 10.0.19044.52472024-12-12
CVE-2024-49081 [MEDIUM] CWE-122 CVE-2024-49081: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
nvd
CVE-2024-49094P4MEDIUMCVSS 6.6fixed in 10.0.19044.52472024-12-12
CVE-2024-49094 [MEDIUM] CWE-122 CVE-2024-49094: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
nvd