Microsoft Windows 10 21H2 vulnerabilities

1,830 known vulnerabilities affecting microsoft/windows_10_21h2.

Total CVEs

1,830

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL44HIGH1306MEDIUM473LOW7

Vulnerabilities

SortPage 78 of 92

CVE-2024-43637P4MEDIUMCVSS 6.8fixed in 10.0.19044.51312024-11-12

CVE-2024-43637 [MEDIUM] CWE-125 CVE-2024-43637: Windows USB Video Class System Driver Elevation of Privilege Vulnerability Windows USB Video Class System Driver Elevation of Privilege Vulnerability

nvd

CVE-2024-43638P4MEDIUMCVSS 6.8fixed in 10.0.19044.51312024-11-12

CVE-2024-43638 [MEDIUM] CWE-125 CVE-2024-43638: Windows USB Video Class System Driver Elevation of Privilege Vulnerability Windows USB Video Class System Driver Elevation of Privilege Vulnerability

nvd

CVE-2024-43643P4MEDIUMCVSS 6.8fixed in 10.0.19044.51312024-11-12

CVE-2024-43643 [MEDIUM] CWE-125 CVE-2024-43643: Windows USB Video Class System Driver Elevation of Privilege Vulnerability Windows USB Video Class System Driver Elevation of Privilege Vulnerability

nvd

CVE-2024-38223P4MEDIUMCVSS 6.8fixed in 10.0.19044.47802024-08-13

CVE-2024-38223 [MEDIUM] CWE-284 CVE-2024-38223: Windows Initial Machine Configuration Elevation of Privilege Vulnerability Windows Initial Machine Configuration Elevation of Privilege Vulnerability

nvd

CVE-2023-35318P4MEDIUMCVSS 6.5fixed in 10.0.19041.32082023-07-11

CVE-2023-35318 [MEDIUM] CWE-125 CVE-2023-35318: Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability

nvd

CVE-2023-35319P4MEDIUMCVSS 6.5fixed in 10.0.19041.32082023-07-11

CVE-2023-35319 [MEDIUM] CWE-125 CVE-2023-35319: Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability

nvd

CVE-2023-35314P4MEDIUMCVSS 6.5fixed in 10.0.19041.32082023-07-11

CVE-2023-35314 [MEDIUM] CWE-125 CVE-2023-35314: Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability

nvd

CVE-2023-33164P4MEDIUMCVSS 6.5fixed in 10.0.19041.32082023-07-11

CVE-2023-33164 [MEDIUM] CWE-125 CVE-2023-33164: Remote Procedure Call Runtime Denial of Service Vulnerability Remote Procedure Call Runtime Denial of Service Vulnerability

nvd

CVE-2025-24987P4MEDIUMCVSS 6.8fixed in 10.0.19044.56082025-03-11

CVE-2025-24987 [MEDIUM] CWE-125 CVE-2025-24987: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges w Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.

nvd

CVE-2025-24988P4MEDIUMCVSS 6.8fixed in 10.0.19044.56082025-03-11

CVE-2025-24988 [MEDIUM] CWE-125 CVE-2025-24988: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges w Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.

nvd

CVE-2023-28235P4MEDIUMCVSS 6.8fixed in 10.0.19044.28462023-04-11

CVE-2023-28235 [MEDIUM] CVE-2023-28235: Windows Lock Screen Security Feature Bypass Vulnerability Windows Lock Screen Security Feature Bypass Vulnerability

nvd

CVE-2023-28270P4MEDIUMCVSS 6.8fixed in 10.0.19044.28462023-04-11

CVE-2023-28270 [MEDIUM] CWE-863 CVE-2023-28270: Windows Lock Screen Security Feature Bypass Vulnerability Windows Lock Screen Security Feature Bypass Vulnerability

nvd

CVE-2025-47999P4MEDIUMCVSS 6.8fixed in 10.0.19044.60932025-07-08

CVE-2025-47999 [MEDIUM] CWE-820 CVE-2025-47999: Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adj Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.

nvd

CVE-2023-32055P4MEDIUMCVSS 6.7fixed in 10.0.19041.32082023-07-11

CVE-2023-32055 [MEDIUM] CWE-416 CVE-2023-32055: Active Template Library Elevation of Privilege Vulnerability Active Template Library Elevation of Privilege Vulnerability

nvd

CVE-2025-21242P4MEDIUMCVSS 5.9fixed in 10.0.19044.53712025-01-14

CVE-2025-21242 [MEDIUM] CWE-200 CVE-2025-21242: Windows Kerberos Information Disclosure Vulnerability Windows Kerberos Information Disclosure Vulnerability

nvd

CVE-2023-24900P4MEDIUMCVSS 5.9fixed in 10.0.19044.29652023-05-09

CVE-2023-24900 [MEDIUM] CWE-125 CVE-2023-24900: Windows NTLM Security Support Provider Information Disclosure Vulnerability Windows NTLM Security Support Provider Information Disclosure Vulnerability

nvd

CVE-2025-32722P4MEDIUMCVSS 5.5fixed in 10.0.19044.59652025-06-10

CVE-2025-32722 [MEDIUM] CWE-284 CVE-2025-32722: Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose inf Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.

nvd

CVE-2026-25180P4MEDIUMCVSS 5.5fixed in 10.0.19044.70582026-03-10

CVE-2026-25180 [MEDIUM] CWE-125 CVE-2026-25180: Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose infor Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.

nvd

CVE-2025-55338P4MEDIUMCVSS 4.6fixed in 10.0.19044.64562025-10-14

CVE-2025-55338 [MEDIUM] CWE-1310 CVE-2025-55338: Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a s Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

nvd

CVE-2026-20827P4MEDIUMCVSS 5.5fixed in 10.0.19044.68092026-01-13

CVE-2026-20827 [MEDIUM] CWE-200 CVE-2026-20827: Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.

nvd

← Previous78 / 92Next →