Microsoft Windows 10 21H2 vulnerabilities

CVE-2025-59211 [MEDIUM] CWE-200 CVE-2025-59211: Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.

CVE-2026-20829 [MEDIUM] CWE-125 CVE-2026-20829: Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.

CVE-2025-59509 [MEDIUM] CWE-201 CVE-2025-59509: Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.

CVE-2024-43585 [MEDIUM] CWE-693 CVE-2024-43585: Code Integrity Guard Security Feature Bypass Vulnerability Code Integrity Guard Security Feature Bypass Vulnerability

CVE-2025-59204 [MEDIUM] CWE-908 CVE-2025-59204: Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclo Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.

CVE-2025-59513 [MEDIUM] CWE-125 CVE-2025-59513: Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to discl Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.

CVE-2025-49684 [MEDIUM] CWE-126 CVE-2025-49684: Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locall Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.

CVE-2026-42972 [MEDIUM] CWE-200 CVE-2026-42972: Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized a Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.

CVE-2026-42968 [MEDIUM] CWE-125 CVE-2026-42968: Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose informatio Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.

CVE-2026-45594 [MEDIUM] CWE-200 CVE-2026-45594: Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) S Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

CVE-2026-32212 [MEDIUM] CWE-59 CVE-2026-32212: Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

CVE-2026-45634 [MEDIUM] CWE-125 CVE-2026-45634: Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information loca Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

CVE-2026-32214 [MEDIUM] CWE-284 CVE-2026-32214: Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to discl Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

CVE-2023-28226 [MEDIUM] CWE-347 CVE-2023-28226: Windows Enroll Engine Security Feature Bypass Vulnerability Windows Enroll Engine Security Feature Bypass Vulnerability

CVE-2023-28266 [MEDIUM] CWE-126 CVE-2023-28266: Windows Common Log File System Driver Information Disclosure Vulnerability Windows Common Log File System Driver Information Disclosure Vulnerability

CVE-2026-24297 [MEDIUM] CWE-362 CVE-2026-24297: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network.

CVE-2023-35377 [MEDIUM] CWE-20 CVE-2023-35377: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2023-35376 [MEDIUM] CWE-20 CVE-2023-35376: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2023-36909 [MEDIUM] CWE-191 CVE-2023-36909: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2023-20569 [MEDIUM] CWE-203 CVE-2023-20569: A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the retur A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.