cbcvebase.

Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs
1,661
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

Page 24 of 84
CVE-2023-36391P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.28612023-12-12
CVE-2023-36391 [HIGH] CWE-59 CVE-2023-36391: Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
nvd
CVE-2025-47972P3HIGHCVSS 8.0≥ 10.0.22631.0, < 10.0.22631.56242025-07-08
CVE-2025-47972 [HIGH] CWE-362 CVE-2025-47972: Concurrent execution using shared resource with improper synchronization ('race condition') in Micro Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2025-49691P3HIGHCVSS 8.0≥ 10.0.22631.0, < 10.0.22631.56242025-07-08
CVE-2025-49691 [HIGH] CWE-122 CVE-2025-49691: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over an adjacent network.
nvd
CVE-2025-50168P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.57682025-08-12
CVE-2025-50168 [HIGH] CWE-122 CVE-2025-50168: Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an au Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-30022P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.35932024-05-14
CVE-2024-30022 [HIGH] CWE-197 CVE-2024-30022: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
nvd
CVE-2024-30024P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.35932024-05-14
CVE-2024-30024 [HIGH] CWE-197 CVE-2024-30024: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
nvd
CVE-2024-30023P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.35932024-05-14
CVE-2024-30023 [HIGH] CWE-197 CVE-2024-30023: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
nvd
CVE-2026-25181P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.67832026-03-10
CVE-2026-25181 [HIGH] CWE-125 CVE-2026-25181: Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a ne Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network.
nvd
CVE-2025-32713P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.54722025-06-10
CVE-2025-32713 [HIGH] CWE-122 CVE-2025-32713: Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32183P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-32183 [HIGH] CWE-77 CVE-2026-32183: Improper neutralization of special elements used in a command ('command injection') in Windows Snipp Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.
nvd
CVE-2024-38028P3HIGHCVSS 7.2≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38028 [HIGH] CWE-125 CVE-2024-38028: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
nvd
CVE-2024-38025P3HIGHCVSS 7.2≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38025 [HIGH] CWE-122 CVE-2024-38025: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
nvd
CVE-2025-24995P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.50392025-03-11
CVE-2025-24995 [HIGH] CWE-122 CVE-2025-24995: Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacke Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-24048P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.50392025-03-11
CVE-2025-24048 [HIGH] CWE-122 CVE-2025-24048: Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privile Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-24050P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.50392025-03-11
CVE-2025-24050 [HIGH] CWE-122 CVE-2025-24050: Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privile Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20811P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20811 [HIGH] CWE-822 CVE-2026-20811: Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an au Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-54912P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.59092025-09-09
CVE-2025-54912 [HIGH] CWE-416 CVE-2025-54912: Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32152P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-32152 [HIGH] CWE-416 CVE-2026-32152: Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-50173P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.57682025-08-12
CVE-2025-50173 [HIGH] CWE-1390 CVE-2025-50173: Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.
nvd
CVE-2023-36401P3HIGHCVSS 7.2≥ 10.0.22631.0, < 10.0.22631.27152023-11-14
CVE-2023-36401 [HIGH] CWE-190 CVE-2023-36401: Microsoft Remote Registry Service Remote Code Execution Vulnerability Microsoft Remote Registry Service Remote Code Execution Vulnerability
nvd
← Previous24 / 84Next →
Microsoft Windows 11 Version 23H2 vulnerabilities | cvebase