cbcvebase.

Microsoft Windows 11 Version 23H2 vulnerabilities

1,660 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs
1,660
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM457LOW8

Vulnerabilities

Page 16 of 83
CVE-2024-26218P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.34472024-04-09
CVE-2024-26218 [HIGH] CWE-367 CVE-2024-26218: Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability
nvd
CVE-2024-38148P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.40372024-08-13
CVE-2024-38148 [HIGH] CWE-125 CVE-2024-38148: Windows Secure Channel Denial of Service Vulnerability Windows Secure Channel Denial of Service Vulnerability
nvd
CVE-2025-62458P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.63452025-12-09
CVE-2025-62458 [HIGH] CWE-122 CVE-2025-62458: Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privile Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20926P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20926 [HIGH] CWE-362 CVE-2026-20926: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2026-20919P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20919 [HIGH] CWE-362 CVE-2026-20919: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2026-20934P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20934 [HIGH] CWE-362 CVE-2026-20934: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2026-20848P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20848 [HIGH] CWE-362 CVE-2026-20848: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2024-21310P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.30072024-01-09
CVE-2024-21310 [HIGH] CWE-197 CVE-2024-21310: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
nvd
CVE-2025-55681P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-55681 [HIGH] CWE-125 CVE-2025-55681: Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally. Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20817P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20817 [HIGH] CWE-280 CVE-2026-20817: Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an aut Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-38054P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38054 [HIGH] CWE-122 CVE-2024-38054: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
nvd
CVE-2024-21369P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.31552024-02-13
CVE-2024-21369 [HIGH] CWE-122 CVE-2024-21369: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-21350P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.31552024-02-13
CVE-2024-21350 [HIGH] CWE-190 CVE-2024-21350: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-43519P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.43172024-10-08
CVE-2024-43519 [HIGH] CWE-197 CVE-2024-43519: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
nvd
CVE-2024-38131P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.40372024-08-13
CVE-2024-38131 [HIGH] CWE-591 CVE-2024-38131: Clipboard Virtual Channel Extension Remote Code Execution Vulnerability Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
nvd
CVE-2026-20843P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20843 [HIGH] CWE-284 CVE-2026-20843: Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized att Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-21238P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.66492026-02-10
CVE-2026-21238 [HIGH] CWE-284 CVE-2026-21238: Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attack Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-59199P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-59199 [HIGH] CWE-284 CVE-2025-59199: Improper access control in Software Protection Platform (SPP) allows an authorized attacker to eleva Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-27914P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-27914 [HIGH] CWE-284 CVE-2026-27914: Improper access control in Microsoft Management Console allows an authorized attacker to elevate pri Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-42980P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-42980 [HIGH] CWE-122 CVE-2026-42980: Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elev Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
nvd
← Previous16 / 83Next →
Microsoft Windows 11 Version 23H2 vulnerabilities | cvebase