cbcvebase.

Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs
1,661
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

Page 23 of 84
CVE-2025-50173P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.57682025-08-12
CVE-2025-50173 [HIGH] CWE-1390 CVE-2025-50173: Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-59201P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-59201 [HIGH] CWE-284 CVE-2025-59201: Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-62474P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.63452025-12-09
CVE-2025-62474 [HIGH] CWE-284 CVE-2025-62474: Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-48806P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.56242025-07-08
CVE-2025-48806 [HIGH] CWE-416 CVE-2025-48806: Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code loc Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally.
nvd
CVE-2026-35417P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12
CVE-2026-35417 [HIGH] CWE-843 CVE-2026-35417: Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-40399P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12
CVE-2026-40399 [HIGH] CWE-121 CVE-2026-40399: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-45636P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-45636 [HIGH] CWE-20 CVE-2026-45636: Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
nvd
CVE-2026-34330P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12
CVE-2026-34330 [HIGH] CWE-190 CVE-2026-34330: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-34333P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12
CVE-2026-34333 [HIGH] CWE-190 CVE-2026-34333: Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-26159P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-26159 [HIGH] CWE-306 CVE-2026-26159: Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an a Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
nvd
CVE-2023-35644P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.28612023-12-12
CVE-2023-35644 [HIGH] CWE-190 CVE-2023-35644: Windows Sysmain Service Elevation of Privilege Vulnerability Windows Sysmain Service Elevation of Privilege Vulnerability
nvd
CVE-2026-26176P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-26176 [HIGH] CWE-122 CVE-2026-26176: Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized atta Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-48583P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-48583 [HIGH] CWE-416 CVE-2026-48583: Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32161P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12
CVE-2026-32161 [HIGH] CWE-362 CVE-2026-32161: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
nvd
CVE-2024-38085P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38085 [HIGH] CWE-416 CVE-2024-38085: Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability
nvd
CVE-2024-20653P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.30072024-01-09
CVE-2024-20653 [HIGH] CWE-125 CVE-2024-20653: Microsoft Common Log File System Elevation of Privilege Vulnerability Microsoft Common Log File System Elevation of Privilege Vulnerability
nvd
CVE-2024-30025P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.35932024-05-14
CVE-2024-30025 [HIGH] CWE-125 CVE-2024-30025: Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability
nvd
CVE-2024-29996P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.35932024-05-14
CVE-2024-29996 [HIGH] CWE-125 CVE-2024-29996: Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability
nvd
CVE-2024-30068P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.37372024-06-11
CVE-2024-30068 [HIGH] CWE-125 CVE-2024-30068: Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability
nvd
CVE-2024-38237P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.41692024-09-10
CVE-2024-38237 [HIGH] CWE-122 CVE-2024-38237: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
nvd
← Previous23 / 84Next →