Microsoft Windows 11 Version 23H2 vulnerabilities

CVE-2025-53155 [HIGH] CWE-122 CVE-2025-53155: Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges lo Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

CVE-2026-21246 [HIGH] CWE-122 CVE-2026-21246: Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

CVE-2025-59242 [HIGH] CWE-122 CVE-2025-59242: Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized att Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-40407 [HIGH] CWE-122 CVE-2026-40407: Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-59191 [HIGH] CWE-122 CVE-2025-59191: Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attac Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

CVE-2025-29969 [HIGH] CWE-367 CVE-2025-29969: Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attac Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

CVE-2026-44810 [HIGH] CWE-287 CVE-2026-44810: Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.

CVE-2026-40406 [HIGH] CWE-416 CVE-2026-40406: Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a netw Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

CVE-2026-48563 [HIGH] CWE-416 CVE-2026-48563: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-42913 [HIGH] CWE-362 CVE-2026-42913: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-44801 [HIGH] CWE-416 CVE-2026-44801: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-42992 [HIGH] CWE-122 CVE-2026-42992: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-44799 [HIGH] CWE-122 CVE-2026-44799: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-42993 [HIGH] CWE-122 CVE-2026-42993: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2026-42909 [HIGH] CWE-362 CVE-2026-42909: Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2025-26669 [HIGH] CWE-125 CVE-2025-26669: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2024-20700 [HIGH] CWE-362 CVE-2024-20700: Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability

CVE-2025-49723 [HIGH] CWE-862 CVE-2025-49723: Missing authorization in Windows StateRepository API allows an authorized attacker to perform tamper Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.

CVE-2024-20654 [HIGH] CWE-190 CVE-2024-20654: Microsoft ODBC Driver Remote Code Execution Vulnerability Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2024-21437 [HIGH] CWE-416 CVE-2024-21437: Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability