cbcvebase.

Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs
1,661
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

Page 32 of 84
CVE-2024-38257P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.41692024-09-10
CVE-2024-38257 [HIGH] CWE-908 CVE-2024-38257: Microsoft AllJoyn API Information Disclosure Vulnerability Microsoft AllJoyn API Information Disclosure Vulnerability
nvd
CVE-2024-38150P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.40372024-08-13
CVE-2024-38150 [HIGH] CWE-416 CVE-2024-38150: Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability
nvd
CVE-2024-30035P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.35932024-05-14
CVE-2024-30035 [HIGH] CWE-416 CVE-2024-30035: Windows DWM Core Library Elevation of Privilege Vulnerability Windows DWM Core Library Elevation of Privilege Vulnerability
nvd
CVE-2025-21420P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.48902025-02-11
CVE-2025-21420 [HIGH] CWE-59 CVE-2025-21420: Windows Disk Cleanup Tool Elevation of Privilege Vulnerability Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
nvd
CVE-2026-35422P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12
CVE-2026-35422 [MEDIUM] CWE-288 CVE-2026-35422: Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized atta Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
nvd
CVE-2025-21370P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21370 [HIGH] CWE-20 CVE-2025-21370: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
nvd
CVE-2023-36425P3HIGHCVSS 8.0≥ 10.0.22631.0, < 10.0.22631.27152023-11-14
CVE-2023-36425 [HIGH] CWE-122 CVE-2023-36425: Windows Distributed File System (DFS) Remote Code Execution Vulnerability Windows Distributed File System (DFS) Remote Code Execution Vulnerability
nvd
CVE-2025-26678P3HIGHCVSS 8.4≥ 10.0.22631.0, < 10.0.22631.51892025-04-08
CVE-2025-26678 [HIGH] CWE-284 CVE-2025-26678: Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attack Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.
nvd
CVE-2026-48573P3HIGHCVSS 7.9≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-48573 [HIGH] CWE-1329 CVE-2026-48573: Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a securi Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
nvd
CVE-2026-48576P3HIGHCVSS 7.9≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-48576 [HIGH] CWE-1329 CVE-2026-48576: Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a securi Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
nvd
CVE-2025-27727P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.51892025-04-08
CVE-2025-27727 [HIGH] CWE-59 CVE-2025-27727: Improper link resolution before file access ('link following') in Windows Installer allows an author Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-20682P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.30072024-01-09
CVE-2024-20682 [HIGH] CWE-822 CVE-2024-20682: Windows Cryptographic Services Remote Code Execution Vulnerability Windows Cryptographic Services Remote Code Execution Vulnerability
nvd
CVE-2024-38061P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38061 [HIGH] CWE-284 CVE-2024-38061: DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability
nvd
CVE-2024-37982P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.43172024-10-08
CVE-2024-37982 [HIGH] CWE-822 CVE-2024-37982: Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
nvd
CVE-2025-27731P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.51892025-04-08
CVE-2025-27731 [HIGH] CWE-20 CVE-2025-27731: Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-24044P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.50392025-03-11
CVE-2025-24044 [HIGH] CWE-416 CVE-2025-24044: Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-24058P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.51892025-04-08
CVE-2025-24058 [HIGH] CWE-20 CVE-2025-24058: Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privi Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-24074P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.51892025-04-08
CVE-2025-24074 [HIGH] CWE-20 CVE-2025-24074: Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privi Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-24073P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.51892025-04-08
CVE-2025-24073 [HIGH] CWE-20 CVE-2025-24073: Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privi Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-33075P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.54722025-06-10
CVE-2025-33075 [HIGH] CWE-59 CVE-2025-33075: Improper link resolution before file access ('link following') in Windows Installer allows an author Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
nvd
← Previous32 / 84Next →
Microsoft Windows 11 Version 23H2 vulnerabilities | cvebase