Microsoft Windows 10 21H2 vulnerabilities

1,830 known vulnerabilities affecting microsoft/windows_10_21h2.

Total CVEs

1,830

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL44HIGH1306MEDIUM473LOW7

Vulnerabilities

SortPage 84 of 92

CVE-2026-27931P4MEDIUMCVSS 5.5fixed in 10.0.19044.71842026-04-14

CVE-2026-27931 [MEDIUM] CWE-125 CVE-2026-27931: Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally. Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.

nvd

CVE-2025-48808P4MEDIUMCVSS 5.5fixed in 10.0.19044.60932025-07-08

CVE-2025-48808 [MEDIUM] CWE-200 CVE-2025-48808: Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized at Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

nvd

CVE-2023-28251P4MEDIUMCVSS 5.5fixed in 10.0.19044.29652023-05-09

CVE-2023-28251 [MEDIUM] CVE-2023-28251: Windows Driver Revocation List Security Feature Bypass Vulnerability Windows Driver Revocation List Security Feature Bypass Vulnerability

nvd

CVE-2025-49658P4MEDIUMCVSS 5.5fixed in 10.0.19044.60932025-07-08

CVE-2025-49658 [MEDIUM] CWE-125 CVE-2025-49658: Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally. Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.

nvd

CVE-2025-29829P4MEDIUMCVSS 5.5fixed in 10.0.19044.58542025-05-13

CVE-2025-29829 [MEDIUM] CWE-908 CVE-2025-29829: Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attac Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

nvd

CVE-2026-32218P4MEDIUMCVSS 5.5fixed in 10.0.19044.71842026-04-14

CVE-2026-32218 [MEDIUM] CWE-532 CVE-2026-32218: Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

nvd

CVE-2026-32215P4MEDIUMCVSS 5.5fixed in 10.0.19044.71842026-04-14

CVE-2026-32215 [MEDIUM] CWE-532 CVE-2026-32215: Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

nvd

CVE-2026-32217P4MEDIUMCVSS 5.5fixed in 10.0.19044.71842026-04-14

CVE-2026-32217 [MEDIUM] CWE-532 CVE-2026-32217: Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

nvd

CVE-2025-59203P4MEDIUMCVSS 5.5fixed in 10.0.19044.64562025-10-14

CVE-2025-59203 [MEDIUM] CWE-532 CVE-2025-59203: Insertion of sensitive information into log file in Windows StateRepository API allows an authorized Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.

nvd

CVE-2025-59197P4MEDIUMCVSS 5.5fixed in 10.0.19044.64562025-10-14

CVE-2025-59197 [MEDIUM] CWE-532 CVE-2025-59197: Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacke Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally.

nvd

CVE-2026-27930P4MEDIUMCVSS 5.5fixed in 10.0.19044.71842026-04-14

CVE-2026-27930 [MEDIUM] CWE-125 CVE-2026-27930: Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally. Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.

nvd

CVE-2025-59253P4MEDIUMCVSS 5.5fixed in 10.0.19044.64562025-10-14

CVE-2025-59253 [MEDIUM] CWE-284 CVE-2025-59253: Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.

nvd

CVE-2025-21219P4MEDIUMCVSS 4.3fixed in 10.0.19044.53712025-01-14

CVE-2025-21219 [MEDIUM] CWE-41 CVE-2025-21219: MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability

nvd

CVE-2025-21189P4MEDIUMCVSS 4.3fixed in 10.0.19044.53712025-01-14

CVE-2025-21189 [MEDIUM] CWE-41 CVE-2025-21189: MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability

nvd

CVE-2025-55333P4MEDIUMCVSS 4.6fixed in 10.0.19044.64562025-10-14

CVE-2025-55333 [MEDIUM] CWE-1023 CVE-2025-55333: Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to b Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

nvd

CVE-2025-58717P4MEDIUMCVSS 4.3fixed in 10.0.19044.64562025-10-14

CVE-2025-58717 [MEDIUM] CWE-125 CVE-2025-58717: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-55700P4MEDIUMCVSS 4.3fixed in 10.0.19044.64562025-10-14

CVE-2025-55700 [MEDIUM] CWE-125 CVE-2025-55700: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-54107P4MEDIUMCVSS 4.3fixed in 10.0.19044.63322025-09-09

CVE-2025-54107 [MEDIUM] CWE-41 CVE-2025-54107: Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to b Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

nvd

CVE-2025-54917P4MEDIUMCVSS 4.3fixed in 10.0.19044.63322025-09-09

CVE-2025-54917 [MEDIUM] CWE-693 CVE-2025-54917: Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a sec Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

nvd

CVE-2023-36908P4MEDIUMCVSS 6.5fixed in 10.0.19044.33242023-08-08

CVE-2023-36908 [MEDIUM] CWE-200 CVE-2023-36908: Windows Hyper-V Information Disclosure Vulnerability Windows Hyper-V Information Disclosure Vulnerability

nvd

← Previous84 / 92Next →