Microsoft Windows 10 21H2 vulnerabilities
1,830 known vulnerabilities affecting microsoft/windows_10_21h2.
Total CVEs
1,830
CISA KEV
87
actively exploited
Public exploits
54
Exploited in wild
97
Severity breakdown
CRITICAL44HIGH1306MEDIUM473LOW7
Vulnerabilities
Page 87 of 92
CVE-2024-28901P4MEDIUMCVSS 5.5fixed in 10.0.19044.42912024-04-09
CVE-2024-28901 [MEDIUM] CWE-126 CVE-2024-28901: Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows Remote Access Connection Manager Information Disclosure Vulnerability
nvd
CVE-2024-38118P4MEDIUMCVSS 5.5fixed in 10.0.19044.47802024-08-13
CVE-2024-38118 [MEDIUM] CWE-908 CVE-2024-38118: Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
nvd
CVE-2024-38122P4MEDIUMCVSS 5.5fixed in 10.0.19044.47802024-08-13
CVE-2024-38122 [MEDIUM] CWE-908 CVE-2024-38122: Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
nvd
CVE-2023-36724P4MEDIUMCVSS 5.5fixed in 10.0.19041.35702023-10-10
CVE-2023-36724 [MEDIUM] CWE-287 CVE-2023-36724: Windows Power Management Service Information Disclosure Vulnerability
Windows Power Management Service Information Disclosure Vulnerability
nvd
CVE-2026-25168P4MEDIUMCVSS 5.5fixed in 10.0.19044.70582026-03-10
CVE-2026-25168 [MEDIUM] CWE-476 CVE-2026-25168: Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny ser
Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.
nvd
CVE-2023-23394P4MEDIUMCVSS 5.5fixed in 10.0.19044.27282023-03-14
CVE-2023-23394 [MEDIUM] CWE-822 CVE-2023-23394: Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
nvd
CVE-2023-23409P4MEDIUMCVSS 5.5fixed in 10.0.19044.27282023-03-14
CVE-2023-23409 [MEDIUM] CWE-20 CVE-2023-23409: Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
nvd
CVE-2025-59190P4MEDIUMCVSS 5.5fixed in 10.0.19044.64562025-10-14
CVE-2025-59190 [MEDIUM] CWE-20 CVE-2025-59190: Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to d
Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally.
nvd
CVE-2026-45606P4MEDIUMCVSS 5.5fixed in 10.0.19044.74172026-06-09
CVE-2026-45606 [MEDIUM] CWE-125 CVE-2026-45606: Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny
Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.
nvd
CVE-2025-26644P4MEDIUMCVSS 5.1fixed in 10.0.19044.57372025-04-08
CVE-2025-26644 [MEDIUM] CWE-1039 CVE-2025-26644: Automated recognition mechanism with inadequate detection or handling of adversarial input perturbat
Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.
nvd
CVE-2025-21328P4MEDIUMCVSS 4.3fixed in 10.0.19044.53712025-01-14
CVE-2025-21328 [MEDIUM] CWE-41 CVE-2025-21328: MapUrlToZone Security Feature Bypass Vulnerability
MapUrlToZone Security Feature Bypass Vulnerability
nvd
CVE-2025-21329P4MEDIUMCVSS 4.3fixed in 10.0.19044.53712025-01-14
CVE-2025-21329 [MEDIUM] CWE-41 CVE-2025-21329: MapUrlToZone Security Feature Bypass Vulnerability
MapUrlToZone Security Feature Bypass Vulnerability
nvd
CVE-2025-55679P4MEDIUMCVSS 4.7fixed in 10.0.19044.64562025-10-14
CVE-2025-55679 [MEDIUM] CWE-20 CVE-2025-55679: Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information
Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.
nvd
CVE-2025-58719P4MEDIUMCVSS 4.7fixed in 10.0.19044.64562025-10-14
CVE-2025-58719 [MEDIUM] CWE-416 CVE-2025-58719: Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to eleva
Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-26175P4MEDIUMCVSS 4.6fixed in 10.0.19044.71842026-04-14
CVE-2026-26175 [MEDIUM] CWE-908 CVE-2026-26175: Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a se
Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.
nvd
CVE-2026-20825P4MEDIUMCVSS 4.4fixed in 10.0.19044.68092026-01-13
CVE-2026-20825 [MEDIUM] CWE-284 CVE-2026-20825: Improper access control in Windows Hyper-V allows an authorized attacker to disclose information loc
Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.
nvd
CVE-2024-38048P4MEDIUMCVSS 6.5fixed in 10.0.19044.46512024-07-09
CVE-2024-38048 [MEDIUM] CWE-125 CVE-2024-38048: Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability
Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability
nvd
CVE-2025-21212P4MEDIUMCVSS 6.5fixed in 10.0.19044.54872025-02-11
CVE-2025-21212 [MEDIUM] CWE-125 CVE-2025-21212: Internet Connection Sharing (ICS) Denial of Service Vulnerability
Internet Connection Sharing (ICS) Denial of Service Vulnerability
nvd
CVE-2025-21254P4MEDIUMCVSS 6.5fixed in 10.0.19044.54872025-02-11
CVE-2025-21254 [MEDIUM] CWE-125 CVE-2025-21254: Internet Connection Sharing (ICS) Denial of Service Vulnerability
Internet Connection Sharing (ICS) Denial of Service Vulnerability
nvd
CVE-2025-21352P4MEDIUMCVSS 6.5fixed in 10.0.19044.54872025-02-11
CVE-2025-21352 [MEDIUM] CWE-400 CVE-2025-21352: Internet Connection Sharing (ICS) Denial of Service Vulnerability
Internet Connection Sharing (ICS) Denial of Service Vulnerability
nvd