Microsoft Windows 11 Version 23H2 vulnerabilities
1,660 known vulnerabilities affecting microsoft/windows_11_version_23h2.
Total CVEs
1,660
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM457LOW8
Vulnerabilities
Page 10 of 83
CVE-2024-43628P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.44602024-11-12
CVE-2024-43628 [HIGH] CWE-190 CVE-2024-43628: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2024-43635P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.44602024-11-12
CVE-2024-43635 [HIGH] CWE-190 CVE-2024-43635: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2024-43627P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.44602024-11-12
CVE-2024-43627 [HIGH] CWE-122 CVE-2024-43627: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21223P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21223 [HIGH] CWE-122 CVE-2025-21223: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-62549P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.63452025-12-09
CVE-2025-62549 [HIGH] CWE-822 CVE-2025-62549: Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthor
Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-53131P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.57682025-08-12
CVE-2025-53131 [HIGH] CWE-122 CVE-2025-53131: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a n
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-29840P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.53352025-05-13
CVE-2025-29840 [HIGH] CWE-121 CVE-2025-29840: Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a
Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
nvd
CVE-2026-42985P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-42985 [HIGH] CWE-416 CVE-2026-42985: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
nvd
CVE-2026-47289P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-47289 [HIGH] CWE-122 CVE-2026-47289: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
nvd
CVE-2026-40403P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12
CVE-2026-40403 [HIGH] CWE-122 CVE-2026-40403: Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code lo
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
nvd
CVE-2025-54916P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.59092025-09-09
CVE-2025-54916 [HIGH] CWE-121 CVE-2025-54916: Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
nvd
CVE-2026-20860P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20860 [HIGH] CWE-843 CVE-2026-20860: Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver f
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-62452P3HIGHCVSS 8.0≥ 10.0.22631.0, < 10.0.22631.61992025-11-11
CVE-2025-62452 [HIGH] CWE-122 CVE-2025-62452: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
nvd
CVE-2025-60715P3HIGHCVSS 8.0≥ 10.0.22631.0, < 10.0.22631.61992025-11-11
CVE-2025-60715 [HIGH] CWE-122 CVE-2025-60715: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
nvd
CVE-2026-45635P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-45635 [HIGH] CWE-843 CVE-2026-45635: Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
nvd
CVE-2026-45599P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-45599 [HIGH] CWE-416 CVE-2026-45599: Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
nvd
CVE-2024-49104P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.46022024-12-12
CVE-2024-49104 [HIGH] CWE-122 CVE-2024-49104: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
nvd
CVE-2024-49102P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.46022024-12-12
CVE-2024-49102 [HIGH] CWE-122 CVE-2024-49102: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
nvd
CVE-2024-38115P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.40372024-08-13
CVE-2024-38115 [HIGH] CWE-122 CVE-2024-38115: Windows IP Routing Management Snapin Remote Code Execution Vulnerability
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
nvd
CVE-2024-38130P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.40372024-08-13
CVE-2024-38130 [HIGH] CWE-122 CVE-2024-38130: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
nvd