Microsoft Windows 10 21H2 vulnerabilities

1,830 known vulnerabilities affecting microsoft/windows_10_21h2.

Total CVEs

1,830

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL44HIGH1306MEDIUM473LOW7

Vulnerabilities

SortPage 82 of 92

CVE-2023-21693P4MEDIUMCVSS 5.7fixed in 10.0.19044.26042023-02-14

CVE-2023-21693 [MEDIUM] CWE-125 CVE-2023-21693: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

nvd

CVE-2024-20692P4MEDIUMCVSS 5.7fixed in 10.0.19044.39302024-01-09

CVE-2024-20692 [MEDIUM] CWE-326 CVE-2024-20692: Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

nvd

CVE-2024-43547P4MEDIUMCVSS 5.9fixed in 10.0.19044.50112024-10-08

CVE-2024-43547 [MEDIUM] CWE-325 CVE-2024-43547: Windows Kerberos Information Disclosure Vulnerability Windows Kerberos Information Disclosure Vulnerability

nvd

CVE-2025-21269P4MEDIUMCVSS 4.3fixed in 10.0.19044.53712025-01-14

CVE-2025-21269 [MEDIUM] CWE-41 CVE-2025-21269: Windows HTML Platforms Security Feature Bypass Vulnerability Windows HTML Platforms Security Feature Bypass Vulnerability

nvd

CVE-2023-36889P4MEDIUMCVSS 5.5fixed in 10.0.19044.33242023-08-08

CVE-2023-36889 [MEDIUM] CWE-284 CVE-2023-36889: Windows Group Policy Security Feature Bypass Vulnerability Windows Group Policy Security Feature Bypass Vulnerability

nvd

CVE-2025-53804P4MEDIUMCVSS 5.5fixed in 10.0.19044.63322025-09-09

CVE-2025-53804 [MEDIUM] CWE-200 CVE-2025-53804: Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized at Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

nvd

CVE-2025-53803P4MEDIUMCVSS 5.5fixed in 10.0.19044.63322025-09-09

CVE-2025-53803 [MEDIUM] CWE-209 CVE-2025-53803: Generation of error message containing sensitive information in Windows Kernel allows an authorized Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.

nvd

CVE-2026-21222P4MEDIUMCVSS 5.5fixed in 10.0.19044.69372026-02-10

CVE-2026-21222 [MEDIUM] CWE-532 CVE-2026-21222: Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

nvd

CVE-2025-49664P4MEDIUMCVSS 5.5fixed in 10.0.19044.60932025-07-08

CVE-2025-49664 [MEDIUM] CWE-200 CVE-2025-49664: Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Hos Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.

nvd

CVE-2025-29837P4MEDIUMCVSS 5.5fixed in 10.0.19044.58542025-05-13

CVE-2025-29837 [MEDIUM] CWE-59 CVE-2025-29837: Improper link resolution before file access ('link following') in Windows Installer allows an author Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.

nvd

CVE-2025-62209P4MEDIUMCVSS 5.5fixed in 10.0.19044.64562025-11-11

CVE-2025-62209 [MEDIUM] CWE-532 CVE-2025-62209: Insertion of sensitive information into log file in Windows License Manager allows an authorized att Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.

nvd

CVE-2025-62208P4MEDIUMCVSS 5.5fixed in 10.0.19044.64562025-11-11

CVE-2025-62208 [MEDIUM] CWE-532 CVE-2025-62208: Insertion of sensitive information into log file in Windows License Manager allows an authorized att Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.

nvd

CVE-2025-55699P4MEDIUMCVSS 5.5fixed in 10.0.19044.64562025-10-14

CVE-2025-55699 [MEDIUM] CWE-200 CVE-2025-55699: Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized at Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

nvd

CVE-2025-59510P4MEDIUMCVSS 5.5fixed in 10.0.19044.65752025-11-11

CVE-2025-59510 [MEDIUM] CWE-59 CVE-2025-59510: Improper link resolution before file access ('link following') in Windows Routing and Remote Access Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.

nvd

CVE-2026-20939P4MEDIUMCVSS 5.5fixed in 10.0.19044.68092026-01-13

CVE-2026-20939 [MEDIUM] CWE-200 CVE-2026-20939: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

nvd

CVE-2026-20937P4MEDIUMCVSS 5.5fixed in 10.0.19044.68092026-01-13

CVE-2026-20937 [MEDIUM] CWE-200 CVE-2026-20937: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

nvd

CVE-2025-24068P4MEDIUMCVSS 5.5fixed in 10.0.19044.59652025-06-10

CVE-2025-24068 [MEDIUM] CWE-126 CVE-2025-24068: Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose in Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

nvd

CVE-2025-21340P4MEDIUMCVSS 5.5fixed in 10.0.19044.53712025-01-14

CVE-2025-21340 [MEDIUM] CWE-284 CVE-2025-21340: Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability

nvd

CVE-2026-32085P4MEDIUMCVSS 5.5fixed in 10.0.19044.71842026-04-14

CVE-2026-32085 [MEDIUM] CWE-200 CVE-2026-32085: Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows a Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.

nvd

CVE-2025-60706P4MEDIUMCVSS 5.5fixed in 10.0.19044.65752025-11-11

CVE-2025-60706 [MEDIUM] CWE-125 CVE-2025-60706: Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.

nvd

← Previous82 / 92Next →