cbcvebase.

Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs
1,661
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

Page 26 of 84
CVE-2026-26163P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-26163 [HIGH] CWE-415 CVE-2026-26163: Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20874P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20874 [HIGH] CWE-362 CVE-2026-20874: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20918P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20918 [HIGH] CWE-362 CVE-2026-20918: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20873P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20873 [HIGH] CWE-362 CVE-2026-20873: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-38019P3HIGHCVSS 7.2≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38019 [HIGH] CWE-190 CVE-2024-38019: Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
nvd
CVE-2025-53768P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-53768 [HIGH] CWE-362 CVE-2025-53768: Use after free in Xbox allows an authorized attacker to elevate privileges locally. Use after free in Xbox allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20861P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20861 [HIGH] CWE-362 CVE-2026-20861: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20867P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20867 [HIGH] CWE-362 CVE-2026-20867: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20866P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20866 [HIGH] CWE-362 CVE-2026-20866: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-27924P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-27924 [HIGH] CWE-416 CVE-2026-27924: Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-59187P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-59187 [HIGH] CWE-20 CVE-2025-59187: Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges loca Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-49732P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.56242025-07-08
CVE-2025-49732 [HIGH] CWE-122 CVE-2025-49732: Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-41092P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-41092 [HIGH] CWE-284 CVE-2026-41092: Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges loca Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-26181P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-26181 [HIGH] CWE-362 CVE-2026-26181: Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privilege Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-59502P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.59092025-10-14
CVE-2025-59502 [HIGH] CWE-400 CVE-2025-59502: Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker t Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.
nvd
CVE-2026-49160P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-49160 [HIGH] CWE-400 CVE-2026-49160: Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a n Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
nvd
CVE-2026-48583P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-48583 [HIGH] CWE-416 CVE-2026-48583: Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-27484P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.51892025-04-08
CVE-2025-27484 [HIGH] CWE-591 CVE-2025-27484: Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2024-30032P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.35932024-05-14
CVE-2024-30032 [HIGH] CWE-416 CVE-2024-30032: Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability
nvd
CVE-2024-43629P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.44602024-11-12
CVE-2024-43629 [HIGH] CWE-822 CVE-2024-43629: Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability
nvd
← Previous26 / 84Next →
Microsoft Windows 11 Version 23H2 vulnerabilities | cvebase