Microsoft Windows 10 Version 21H2 vulnerabilities
2,449 known vulnerabilities affecting microsoft/windows_10_version_21h2.
Total CVEs
2,449
CISA KEV
94
actively exploited
Public exploits
36
Exploited in wild
75
Severity breakdown
CRITICAL60HIGH1758MEDIUM621LOW10
Vulnerabilities
Page 30 of 123
CVE-2025-32724HIGHCVSS 7.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-32724 [HIGH] CWE-400 CVE-2025-32724: Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allo
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
nvd
CVE-2025-33063MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-33063 [MEDIUM] CWE-125 CVE-2025-33063: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
nvd
CVE-2025-33061MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-33061 [MEDIUM] CWE-125 CVE-2025-33061: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
nvd
CVE-2025-24069MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-24069 [MEDIUM] CWE-125 CVE-2025-24069: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
nvd
CVE-2025-32719MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-32719 [MEDIUM] CWE-125 CVE-2025-32719: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
nvd
CVE-2025-24068MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-24068 [MEDIUM] CWE-126 CVE-2025-24068: Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose in
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
nvd
CVE-2025-33055MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-33055 [MEDIUM] CWE-125 CVE-2025-33055: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
nvd
CVE-2025-33062MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-33062 [MEDIUM] CWE-125 CVE-2025-33062: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
nvd
CVE-2025-47160MEDIUMCVSS 5.4≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-47160 [MEDIUM] CWE-693 CVE-2025-47160: Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security f
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
nvd
CVE-2025-32722MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-32722 [MEDIUM] CWE-284 CVE-2025-32722: Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose inf
Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.
nvd
CVE-2025-33058MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-33058 [MEDIUM] CWE-125 CVE-2025-33058: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
nvd
CVE-2025-33060MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-33060 [MEDIUM] CWE-125 CVE-2025-33060: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
nvd
CVE-2025-24065MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-24065 [MEDIUM] CWE-125 CVE-2025-24065: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
nvd
CVE-2025-33052MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-33052 [MEDIUM] CWE-908 CVE-2025-33052: Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose
Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.
nvd
CVE-2025-33057MEDIUMCVSS 6.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-33057 [MEDIUM] CWE-476 CVE-2025-33057: Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
nvd
CVE-2025-33059MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-33059 [MEDIUM] CWE-125 CVE-2025-33059: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
nvd
CVE-2025-32715MEDIUMCVSS 6.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-32715 [MEDIUM] CWE-125 CVE-2025-32715: Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
nvd
CVE-2025-33065MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-33065 [MEDIUM] CWE-125 CVE-2025-33065: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
nvd
CVE-2025-32720MEDIUMCVSS 5.5≥ 10.0.19044.0, < 10.0.19044.59652025-06-10
CVE-2025-32720 [MEDIUM] CWE-125 CVE-2025-32720: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
nvd
CVE-2025-29842HIGHCVSS 7.5≥ 10.0.19044.0, < 10.0.19044.58542025-05-13
CVE-2025-29842 [HIGH] CWE-349 CVE-2025-29842: Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.
nvd