cbcvebase.

Microsoft Windows 11 Version 23H2 vulnerabilities

1,660 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs
1,660
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM457LOW8

Vulnerabilities

Page 15 of 83
CVE-2024-21359P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.31552024-02-13
CVE-2024-21359 [HIGH] CWE-122 CVE-2024-21359: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-21391P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.31552024-02-13
CVE-2024-21391 [HIGH] CWE-197 CVE-2024-21391: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-21352P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.31552024-02-13
CVE-2024-21352 [HIGH] CWE-197 CVE-2024-21352: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2026-40402P3CRITICALCVSS 9.3≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12
CVE-2026-40402 [CRITICAL] CWE-416 CVE-2026-40402: Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
nvd
CVE-2026-20872P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20872 [MEDIUM] CWE-73 CVE-2026-20872: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2024-43517P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.43172024-10-08
CVE-2024-43517 [HIGH] CWE-122 CVE-2024-43517: Microsoft ActiveX Data Objects Remote Code Execution Vulnerability Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
nvd
CVE-2024-38053P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38053 [HIGH] CWE-416 CVE-2024-38053: Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
nvd
CVE-2025-29966P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.53352025-05-13
CVE-2025-29966 [HIGH] CWE-122 CVE-2025-29966: Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
nvd
CVE-2026-32162P3HIGHCVSS 8.4≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-32162 [HIGH] CWE-349 CVE-2026-32162: Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized atta Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.
nvd
CVE-2024-43518P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.43172024-10-08
CVE-2024-43518 [HIGH] CWE-122 CVE-2024-43518: Windows Telephony Server Remote Code Execution Vulnerability Windows Telephony Server Remote Code Execution Vulnerability
nvd
CVE-2025-29964P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.53352025-05-13
CVE-2025-29964 [HIGH] CWE-122 CVE-2025-29964: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a n Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-29963P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.53352025-05-13
CVE-2025-29963 [HIGH] CWE-122 CVE-2025-29963: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a n Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
nvd
CVE-2025-49740P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.56242025-07-08
CVE-2025-49740 [HIGH] CWE-693 CVE-2025-49740: Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a secu Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
nvd
CVE-2025-21224P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21224 [HIGH] CWE-416 CVE-2025-21224: Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
nvd
CVE-2024-38045P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.41692024-09-10
CVE-2024-38045 [HIGH] CWE-122 CVE-2024-38045: Windows TCP/IP Remote Code Execution Vulnerability Windows TCP/IP Remote Code Execution Vulnerability
nvd
CVE-2025-59516P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.63452025-12-09
CVE-2025-59516 [HIGH] CWE-73 CVE-2025-59516: Missing authentication for critical function in Windows Storage VSP Driver allows an authorized atta Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-49124P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.46022024-12-12
CVE-2024-49124 [HIGH] CWE-362 CVE-2024-49124: Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
nvd
CVE-2025-62472P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.63452025-12-09
CVE-2025-62472 [HIGH] CWE-416 CVE-2025-62472: Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attac Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-49127P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.46022024-12-12
CVE-2024-49127 [HIGH] CWE-416 CVE-2024-49127: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
nvd
CVE-2025-29810P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.51892025-04-08
CVE-2025-29810 [HIGH] CWE-284 CVE-2025-29810: Improper access control in Active Directory Domain Services allows an authorized attacker to elevate Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
nvd
← Previous15 / 83Next →
Microsoft Windows 11 Version 23H2 vulnerabilities | cvebase