cbcvebase.

Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs
1,661
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

Page 38 of 84
CVE-2026-26184P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-26184 [HIGH] CWE-126 CVE-2026-26184: Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privilege Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-45592P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-45592 [HIGH] CWE-190 CVE-2026-45592: Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to el Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-38119P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.41692024-09-10
CVE-2024-38119 [HIGH] CWE-416 CVE-2024-38119: Windows Network Address Translation (NAT) Remote Code Execution Vulnerability Windows Network Address Translation (NAT) Remote Code Execution Vulnerability
nvd
CVE-2024-30092P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.43172024-10-08
CVE-2024-30092 [HIGH] CWE-20 CVE-2024-30092: Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability
nvd
CVE-2023-24932MEDIUMCVSS 6.7Exploited≥ 10.0.22631.0, < 10.0.22631.56242023-05-09
CVE-2023-24932 [MEDIUM] Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability Secure Boot Security Feature Bypass Vulnerability
cvelistv5
CVE-2025-48004P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-48004 [HIGH] CWE-416 CVE-2025-48004: Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privile Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
nvd
CVE-2025-64658P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.63452025-12-09
CVE-2025-64658 [HIGH] CWE-362 CVE-2025-64658: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-54911P3HIGHCVSS 7.3≥ 10.0.22631.0, < 10.0.22631.59092025-09-09
CVE-2025-54911 [HIGH] CWE-416 CVE-2025-54911: Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-21247P3HIGHCVSS 7.3≥ 10.0.22631.0, < 10.0.22631.66492026-02-10
CVE-2026-21247 [HIGH] CWE-20 CVE-2026-21247: Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
nvd
CVE-2024-21371P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.31552024-02-13
CVE-2024-21371 [HIGH] CWE-367 CVE-2024-21371: Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability
nvd
CVE-2024-43584P3HIGHCVSS 8.4≥ 10.0.22631.0, < 10.0.22631.43172024-10-08
CVE-2024-43584 [HIGH] CWE-693 CVE-2024-43584: Windows Scripting Engine Security Feature Bypass Vulnerability Windows Scripting Engine Security Feature Bypass Vulnerability
nvd
CVE-2023-36407P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.27152023-11-14
CVE-2023-36407 [HIGH] CWE-20 CVE-2023-36407: Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability
nvd
CVE-2023-36396P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.27152023-11-14
CVE-2023-36396 [HIGH] CWE-41 CVE-2023-36396: Windows Compressed Folder Remote Code Execution Vulnerability Windows Compressed Folder Remote Code Execution Vulnerability
nvd
CVE-2026-23668P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.67832026-03-10
CVE-2026-23668 [HIGH] CWE-362 CVE-2026-23668: Concurrent execution using shared resource with improper synchronization ('race condition') in Micro Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-38127P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.40372024-08-13
CVE-2024-38127 [HIGH] CWE-126 CVE-2024-38127: Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability
nvd
CVE-2024-38184P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.38802024-08-13
CVE-2024-38184 [HIGH] CWE-125 CVE-2024-38184: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
nvd
CVE-2023-36047P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.27152023-11-14
CVE-2023-36047 [HIGH] CWE-59 CVE-2023-36047: Windows Authentication Elevation of Privilege Vulnerability Windows Authentication Elevation of Privilege Vulnerability
nvd
CVE-2025-27473P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.51892025-04-08
CVE-2025-27473 [HIGH] CWE-400 CVE-2025-27473: Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny servic Uncontrolled resource consumption in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
nvd
CVE-2024-49090P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.46022024-12-12
CVE-2024-49090 [HIGH] CWE-822 CVE-2024-49090: Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability
nvd
CVE-2024-49088P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.46022024-12-12
CVE-2024-49088 [HIGH] CWE-126 CVE-2024-49088: Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability
nvd
← Previous38 / 84Next →