cbcvebase.

Microsoft Windows 11 Version 23H2 vulnerabilities

1,660 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs
1,660
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM457LOW8

Vulnerabilities

Page 18 of 83
CVE-2025-21332P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21332 [HIGH] CWE-41 CVE-2025-21332: MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability
nvd
CVE-2025-29967P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.53352025-05-13
CVE-2025-29967 [HIGH] CWE-122 CVE-2025-29967: Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to exec Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
nvd
CVE-2024-49117P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.46022024-12-12
CVE-2024-49117 [HIGH] CWE-393 CVE-2024-49117: Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability
nvd
CVE-2023-35634P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.28612023-12-12
CVE-2023-35634 [HIGH] CWE-121 CVE-2023-35634: Windows Bluetooth Driver Remote Code Execution Vulnerability Windows Bluetooth Driver Remote Code Execution Vulnerability
nvd
CVE-2026-24291P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.67832026-03-10
CVE-2026-24291 [HIGH] CWE-732 CVE-2026-24291: Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBro Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-55692P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-55692 [HIGH] CWE-20 CVE-2025-55692: Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privil Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-20652P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.30072024-01-09
CVE-2024-20652 [HIGH] CWE-73 CVE-2024-20652: Windows HTML Platforms Security Feature Bypass Vulnerability Windows HTML Platforms Security Feature Bypass Vulnerability
nvd
CVE-2025-59512P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.61992025-11-11
CVE-2025-59512 [HIGH] CWE-284 CVE-2025-59512: Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attac Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-20698P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.30072024-01-09
CVE-2024-20698 [HIGH] CWE-190 CVE-2024-20698: Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability
nvd
CVE-2026-21231P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.66492026-02-10
CVE-2026-21231 [HIGH] CWE-362 CVE-2026-21231: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-33835P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12
CVE-2026-33835 [HIGH] CWE-416 CVE-2026-33835: Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate pr Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-30020P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.35932024-05-14
CVE-2024-30020 [HIGH] CWE-122 CVE-2024-30020: Windows Cryptographic Services Remote Code Execution Vulnerability Windows Cryptographic Services Remote Code Execution Vulnerability
nvd
CVE-2024-49126P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.46022024-12-12
CVE-2024-49126 [HIGH] CWE-416 CVE-2024-49126: Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
nvd
CVE-2025-29828P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.54722025-06-10
CVE-2025-29828 [HIGH] CWE-401 CVE-2025-29828: Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unaut Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.
nvd
CVE-2024-49123P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.46022024-12-12
CVE-2024-49123 [HIGH] CWE-591 CVE-2024-49123: Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability
nvd
CVE-2024-49132P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.46022024-12-12
CVE-2024-49132 [HIGH] CWE-416 CVE-2024-49132: Windows Remote Desktop Services Remote Code Execution Vulnerability Windows Remote Desktop Services Remote Code Execution Vulnerability
nvd
CVE-2025-27487P3HIGHCVSS 8.0≥ 10.0.22631.0, < 10.0.22631.51892025-04-08
CVE-2025-27487 [HIGH] CWE-122 CVE-2025-27487: Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code ov Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.
nvd
CVE-2026-42905P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-42905 [HIGH] CWE-416 CVE-2026-42905: Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges local Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-38052P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38052 [HIGH] CWE-20 CVE-2024-38052: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
nvd
CVE-2023-36400P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.27152023-11-14
CVE-2023-36400 [HIGH] CWE-122 CVE-2023-36400: Windows HMAC Key Derivation Elevation of Privilege Vulnerability Windows HMAC Key Derivation Elevation of Privilege Vulnerability
nvd
← Previous18 / 83Next →
Microsoft Windows 11 Version 23H2 vulnerabilities | cvebase