cbcvebase.

Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs
1,661
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

Page 40 of 84
CVE-2025-24059P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.50392025-03-11
CVE-2025-24059 [HIGH] CWE-125 CVE-2025-24059: Incorrect conversion between numeric types in Windows Common Log File System Driver allows an author Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-21359P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.48902025-02-11
CVE-2025-21359 [HIGH] CWE-284 CVE-2025-21359: Windows Kernel Security Feature Bypass Vulnerability Windows Kernel Security Feature Bypass Vulnerability
nvd
CVE-2026-21241P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.66492026-02-10
CVE-2026-21241 [HIGH] CWE-416 CVE-2026-21241: Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to ele Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-26639P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.51892025-04-08
CVE-2025-26639 [HIGH] CWE-122 CVE-2025-26639: Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-59200P3HIGHCVSS 7.7≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-59200 [HIGH] CWE-73 CVE-2025-59200: Concurrent execution using shared resource with improper synchronization ('race condition') in Data Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.
nvd
CVE-2025-32716P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.54722025-06-10
CVE-2025-32716 [HIGH] CWE-125 CVE-2025-32716: Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally. Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-32718P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.54722025-06-10
CVE-2025-32718 [HIGH] CWE-122 CVE-2025-32718: Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges lo Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-59194P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-59194 [HIGH] CWE-908 CVE-2025-59194: Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-30385P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.53352025-05-13
CVE-2025-30385 [HIGH] CWE-416 CVE-2025-30385: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate pri Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-53154P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.57682025-08-12
CVE-2025-53154 [HIGH] CWE-476 CVE-2025-53154: Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attac Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-53141P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.57682025-08-12
CVE-2025-53141 [HIGH] CWE-476 CVE-2025-53141: Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attac Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-49686P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.56242025-07-08
CVE-2025-49686 [HIGH] CWE-476 CVE-2025-49686: Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges local Null pointer dereference in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-47985P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.56242025-07-08
CVE-2025-47985 [HIGH] CWE-822 CVE-2025-47985: Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate priv Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-49661P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.56242025-07-08
CVE-2025-49661 [HIGH] CWE-822 CVE-2025-49661: Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-55230P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22621.56242025-08-21
CVE-2025-55230 [HIGH] CWE-822 CVE-2025-55230: Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to eleva Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-26161P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-26161 [HIGH] CWE-20 CVE-2026-26161: Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevat Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
nvd
CVE-2024-38239P3HIGHCVSS 7.2≥ 10.0.22631.0, < 10.0.22631.41692024-09-10
CVE-2024-38239 [HIGH] CWE-1390 CVE-2024-38239: Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability
nvd
CVE-2024-26234MEDIUMCVSS 6.7Exploited≥ 10.0.22631.0, < 10.0.22631.34472024-04-09
CVE-2024-26234 [MEDIUM] CWE-284 Proxy Driver Spoofing Vulnerability Proxy Driver Spoofing Vulnerability Proxy Driver Spoofing Vulnerability
cvelistv5
CVE-2024-38198P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.40372024-08-13
CVE-2024-38198 [HIGH] CWE-345 CVE-2024-38198: Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability
nvd
CVE-2024-38078P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38078 [HIGH] CWE-416 CVE-2024-38078: Xbox Wireless Adapter Remote Code Execution Vulnerability Xbox Wireless Adapter Remote Code Execution Vulnerability
nvd
← Previous40 / 84Next →
Microsoft Windows 11 Version 23H2 vulnerabilities | cvebase