cbcvebase.

Microsoft Windows 11 Version 23H2 vulnerabilities

1,660 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs
1,660
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM457LOW8

Vulnerabilities

Page 12 of 83
CVE-2025-48817P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.56242025-07-08
CVE-2025-48817 [HIGH] CWE-23 CVE-2025-48817: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code ove Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
nvd
CVE-2026-32225P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-32225 [HIGH] CWE-693 CVE-2026-32225: Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security f Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
nvd
CVE-2026-47653P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-47653 [HIGH] CWE-416 CVE-2026-47653: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-26663P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.51892025-04-08
CVE-2025-26663 [HIGH] CWE-416 CVE-2025-26663: Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attack Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-21294P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21294 [HIGH] CWE-591 CVE-2025-21294: Microsoft Digest Authentication Remote Code Execution Vulnerability Microsoft Digest Authentication Remote Code Execution Vulnerability
nvd
CVE-2026-40415P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12
CVE-2026-40415 [HIGH] CWE-416 CVE-2026-40415: Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network. Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-21204P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.51892025-04-08
CVE-2025-21204 [HIGH] CWE-59 CVE-2025-21204: Improper link resolution before file access ('link following') in Windows Update Stack allows an aut Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-58726P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-58726 [HIGH] CWE-284 CVE-2025-58726: Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges ov Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2026-33829P4MEDIUMCVSS 4.3PoC≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-33829 [MEDIUM] CWE-200 CVE-2026-33829: Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauth Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2023-35639P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.28612023-12-12
CVE-2023-35639 [HIGH] CWE-122 CVE-2023-35639: Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability
nvd
CVE-2024-26166P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.32962024-03-12
CVE-2024-26166 [HIGH] CWE-122 CVE-2024-26166: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-21450P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.32962024-03-12
CVE-2024-21450 [HIGH] CWE-190 CVE-2024-21450: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-21440P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.32962024-03-12
CVE-2024-21440 [HIGH] CWE-197 CVE-2024-21440: Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability
nvd
CVE-2024-26162P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.32962024-03-12
CVE-2024-26162 [HIGH] CWE-681 CVE-2024-26162: Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability
nvd
CVE-2024-26210P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.34472024-04-09
CVE-2024-26210 [HIGH] CWE-122 CVE-2024-26210: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-26244P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.34472024-04-09
CVE-2024-26244 [HIGH] CWE-191 CVE-2024-26244: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-26159P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.32962024-03-12
CVE-2024-26159 [HIGH] CWE-122 CVE-2024-26159: Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability
nvd
CVE-2024-21451P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.32962024-03-12
CVE-2024-21451 [HIGH] CWE-197 CVE-2024-21451: Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability
nvd
CVE-2024-21444P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.32962024-03-12
CVE-2024-21444 [HIGH] CWE-190 CVE-2024-21444: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-21441P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.32962024-03-12
CVE-2024-21441 [HIGH] CWE-190 CVE-2024-21441: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
← Previous12 / 83Next →