cbcvebase.

Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs
1,661
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

Page 35 of 84
CVE-2026-45656P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-45656 [HIGH] CWE-693 CVE-2026-45656: Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feat Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
nvd
CVE-2026-45641P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-45641 [HIGH] CWE-843 CVE-2026-45641: Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally. Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
nvd
CVE-2026-40409P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-40409 [HIGH] CWE-197 CVE-2026-40409: Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
nvd
CVE-2026-33096P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-33096 [HIGH] CWE-125 CVE-2026-33096: Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a networ Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
nvd
CVE-2026-27920P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-27920 [HIGH] CWE-822 CVE-2026-27920: Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an author Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20852P3HIGHCVSS 7.7≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20852 [HIGH] CWE-266 CVE-2026-20852: Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.
nvd
CVE-2026-26170P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-26170 [HIGH] CWE-20 CVE-2026-26170: Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privilege Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-27910P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-27910 [HIGH] CWE-280 CVE-2026-27910: Improper handling of insufficient permissions or privileges in Windows Installer allows an authorize Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32165P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-32165 [HIGH] CWE-362 CVE-2026-32165: Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges lo Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32164P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-32164 [HIGH] CWE-362 CVE-2026-32164: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32163P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-32163 [HIGH] CWE-362 CVE-2026-32163: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-26172P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-26172 [HIGH] CWE-362 CVE-2026-26172: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-27911P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-27911 [HIGH] CWE-362 CVE-2026-27911: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-54103P3HIGHCVSS 7.4≥ 10.0.22631.0, < 10.0.22631.59092025-09-09
CVE-2025-54103 [HIGH] CWE-416 CVE-2025-54103: Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally.
nvd
CVE-2026-20853P3HIGHCVSS 7.4≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20853 [HIGH] CWE-362 CVE-2026-20853: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.
nvd
CVE-2025-62565P3HIGHCVSS 7.3≥ 10.0.22631.0, < 10.0.22631.63452025-12-09
CVE-2025-62565 [HIGH] CWE-416 CVE-2025-62565: Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-38147P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.40372024-08-13
CVE-2024-38147 [HIGH] CWE-416 CVE-2024-38147: Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft DWM Core Library Elevation of Privilege Vulnerability
nvd
CVE-2024-21417P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.38802024-07-10
CVE-2024-21417 [HIGH] CWE-862 CVE-2024-21417: Windows Text Services Framework Elevation of Privilege Vulnerability Windows Text Services Framework Elevation of Privilege Vulnerability
nvd
CVE-2024-20696P3HIGHCVSS 7.3≥ 10.0.22631.0, < 10.0.22631.30072024-01-09
CVE-2024-20696 [HIGH] CWE-122 CVE-2024-20696: Windows libarchive Remote Code Execution Vulnerability Windows libarchive Remote Code Execution Vulnerability
nvd
CVE-2024-38062P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38062 [HIGH] CWE-125 CVE-2024-38062: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
nvd
← Previous35 / 84Next →
Microsoft Windows 11 Version 23H2 vulnerabilities | cvebase