Microsoft Windows 10 21H2 vulnerabilities

CVE-2026-25186 [MEDIUM] CWE-200 CVE-2026-25186: Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure ( Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally.

CVE-2025-55336 [MEDIUM] CWE-200 CVE-2025-55336: Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.

CVE-2025-55325 [MEDIUM] CWE-126 CVE-2025-55325: Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose in Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

CVE-2025-47160 [MEDIUM] CWE-693 CVE-2025-47160: Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security f Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-42971 [MEDIUM] CWE-200 CVE-2026-42971: Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-42969 [MEDIUM] CWE-908 CVE-2026-42969: Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-20806 [MEDIUM] CWE-843 CVE-2026-20806: Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized at Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.

CVE-2026-42973 [MEDIUM] CWE-200 CVE-2026-42973: Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-42970 [MEDIUM] CWE-200 CVE-2026-42970: Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclos Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.

CVE-2026-45655 [MEDIUM] CWE-693 CVE-2026-45655: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a securi Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

CVE-2022-44684 [MEDIUM] CVE-2022-44684: Windows Local Session Manager (LSM) Denial of Service Vulnerability Windows Local Session Manager (LSM) Denial of Service Vulnerability

CVE-2023-32037 [MEDIUM] CWE-20 CVE-2023-32037: Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability

CVE-2025-60708 [MEDIUM] CWE-822 CVE-2025-60708: Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service lo Untrusted pointer dereference in Storvsp.sys Driver allows an authorized attacker to deny service locally.

CVE-2025-21202 [MEDIUM] CWE-284 CVE-2025-21202: Windows Recovery Environment Agent Elevation of Privilege Vulnerability Windows Recovery Environment Agent Elevation of Privilege Vulnerability

CVE-2025-29974 [MEDIUM] CWE-125 CVE-2025-29974: Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.

CVE-2025-53136 [MEDIUM] CWE-200 CVE-2025-53136: Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authori Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.

CVE-2025-53799 [MEDIUM] CWE-908 CVE-2025-53799: Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclo Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

CVE-2026-20932 [MEDIUM] CWE-200 CVE-2026-20932: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-20823 [MEDIUM] CWE-200 CVE-2026-20823: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

CVE-2026-20862 [MEDIUM] CWE-200 CVE-2026-20862: Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.