Microsoft Windows 10 21H2 vulnerabilities

1,830 known vulnerabilities affecting microsoft/windows_10_21h2.

Total CVEs

1,830

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL44HIGH1306MEDIUM473LOW7

Vulnerabilities

SortPage 83 of 92

CVE-2025-59209P4MEDIUMCVSS 5.5fixed in 10.0.19044.64562025-10-14

CVE-2025-59209 [MEDIUM] CWE-200 CVE-2025-59209: Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.

nvd

CVE-2024-21362P4MEDIUMCVSS 5.5fixed in 10.0.19044.40462024-02-13

CVE-2024-21362 [MEDIUM] CWE-367 CVE-2024-21362: Windows Kernel Security Feature Bypass Vulnerability Windows Kernel Security Feature Bypass Vulnerability

nvd

CVE-2026-32081P4MEDIUMCVSS 5.5fixed in 10.0.19044.71842026-04-14

CVE-2026-32081 [MEDIUM] CWE-200 CVE-2026-32081: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

nvd

CVE-2026-24282P4MEDIUMCVSS 5.5fixed in 10.0.19044.70582026-03-10

CVE-2026-24282 [MEDIUM] CWE-125 CVE-2026-24282: Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose informa Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally.

nvd

CVE-2026-32084P4MEDIUMCVSS 5.5fixed in 10.0.19044.71842026-04-14

CVE-2026-32084 [MEDIUM] CWE-200 CVE-2026-32084: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

nvd

CVE-2026-42915P4MEDIUMCVSS 5.5fixed in 10.0.19044.74172026-06-09

CVE-2026-42915 [MEDIUM] CWE-131 CVE-2026-42915: Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny servi Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service locally.

nvd

CVE-2026-32079P4MEDIUMCVSS 5.5fixed in 10.0.19044.71842026-04-14

CVE-2026-32079 [MEDIUM] CWE-200 CVE-2026-32079: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

nvd

CVE-2026-42906P4MEDIUMCVSS 5.5fixed in 10.0.19044.74172026-06-09

CVE-2026-42906 [MEDIUM] CWE-200 CVE-2026-42906: Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized att Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

nvd

CVE-2025-21247P4MEDIUMCVSS 4.3fixed in 10.0.19044.56082025-03-11

CVE-2025-21247 [MEDIUM] CWE-41 CVE-2025-21247: Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to b Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

nvd

CVE-2026-21249P4LOWCVSS 3.3fixed in 10.0.19044.69372026-02-10

CVE-2026-21249 [LOW] CWE-73 CVE-2026-21249: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

nvd

CVE-2025-21272P4MEDIUMCVSS 6.5fixed in 10.0.19044.53712025-01-14

CVE-2025-21272 [MEDIUM] CWE-908 CVE-2025-21272: Windows COM Server Information Disclosure Vulnerability Windows COM Server Information Disclosure Vulnerability

nvd

CVE-2025-21288P4MEDIUMCVSS 6.5fixed in 10.0.19044.53712025-01-14

CVE-2025-21288 [MEDIUM] CWE-908 CVE-2025-21288: Windows COM Server Information Disclosure Vulnerability Windows COM Server Information Disclosure Vulnerability

nvd

CVE-2022-35747P4MEDIUMCVSS 5.9fixed in 10.0.19044.18892023-05-31

CVE-2022-35747 [MEDIUM] CVE-2022-35747: Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability

nvd

CVE-2025-29957P4MEDIUMCVSS 6.2fixed in 10.0.19044.58542025-05-13

CVE-2025-29957 [MEDIUM] CWE-400 CVE-2025-29957: Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.

nvd

CVE-2024-21313P4MEDIUMCVSS 5.3fixed in 10.0.19044.39302024-01-09

CVE-2024-21313 [MEDIUM] CWE-209 CVE-2024-21313: Windows TCP/IP Information Disclosure Vulnerability Windows TCP/IP Information Disclosure Vulnerability

nvd

CVE-2025-49722P4MEDIUMCVSS 5.7fixed in 10.0.19044.60932025-07-08

CVE-2025-49722 [MEDIUM] CWE-400 CVE-2025-49722: Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.

nvd

CVE-2023-21729P4MEDIUMCVSS 5.3fixed in 10.0.19044.28462023-04-11

CVE-2023-21729 [MEDIUM] CWE-125 CVE-2023-21729: Remote Procedure Call Runtime Information Disclosure Vulnerability Remote Procedure Call Runtime Information Disclosure Vulnerability

nvd

CVE-2025-27736P4MEDIUMCVSS 5.5fixed in 10.0.19044.57372025-04-08

CVE-2025-27736 [MEDIUM] CWE-200 CVE-2025-27736: Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator a Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.

nvd

CVE-2023-36914P4MEDIUMCVSS 5.5v10.0.19044.33242023-08-08

CVE-2023-36914 [MEDIUM] CVE-2023-36914: Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

nvd

CVE-2025-33052P4MEDIUMCVSS 5.5fixed in 10.0.19044.59652025-06-10

CVE-2025-33052 [MEDIUM] CWE-908 CVE-2025-33052: Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

nvd

← Previous83 / 92Next →