Microsoft Windows 11 Version 23H2 vulnerabilities
1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.
Total CVEs
1,661
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM458LOW8
Vulnerabilities
Page 41 of 84
CVE-2025-54919P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.59092025-09-09
CVE-2025-54919 [HIGH] CWE-362 CVE-2025-54919: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
nvd
CVE-2026-21235P3HIGHCVSS 7.3≥ 10.0.22631.0, < 10.0.22631.66492026-02-10
CVE-2026-21235 [HIGH] CWE-416 CVE-2026-21235: Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges l
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-49690P3HIGHCVSS 7.4≥ 10.0.22631.0, < 10.0.22631.56242025-07-08
CVE-2025-49690 [HIGH] CWE-362 CVE-2025-49690: Concurrent execution using shared resource with improper synchronization ('race condition') in Capab
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.
nvd
CVE-2025-25004P3HIGHCVSS 7.3≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-25004 [HIGH] CWE-284 CVE-2025-25004: Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges
Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32149P3HIGHCVSS 7.3≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-32149 [HIGH] CWE-20 CVE-2026-32149: Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
nvd
CVE-2024-20666MEDIUMCVSS 6.6Exploited≥ 10.0.22631.0, < 10.0.22631.30072024-01-09
CVE-2024-20666 [MEDIUM] CWE-20 BitLocker Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
cvelistv5
CVE-2026-20812P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20812 [MEDIUM] CWE-20 CVE-2026-20812: Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authoriz
Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network.
nvd
CVE-2024-38064P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38064 [HIGH] CWE-908 CVE-2024-38064: Windows TCP/IP Information Disclosure Vulnerability
Windows TCP/IP Information Disclosure Vulnerability
nvd
CVE-2024-43625P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.44602024-11-12
CVE-2024-43625 [HIGH] CWE-416 CVE-2024-43625: Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
nvd
CVE-2026-47652P3HIGHCVSS 8.2≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-47652 [HIGH] CWE-122 CVE-2026-47652: Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
nvd
CVE-2024-29050P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.34472024-04-09
CVE-2024-29050 [HIGH] CWE-197 CVE-2024-29050: Windows Cryptographic Services Remote Code Execution Vulnerability
Windows Cryptographic Services Remote Code Execution Vulnerability
nvd
CVE-2024-49076P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.46022024-12-12
CVE-2024-49076 [HIGH] CWE-287 CVE-2024-49076: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
nvd
CVE-2024-38051P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38051 [HIGH] CWE-122 CVE-2024-38051: Windows Graphics Component Remote Code Execution Vulnerability
Windows Graphics Component Remote Code Execution Vulnerability
nvd
CVE-2024-38185P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.38802024-08-13
CVE-2024-38185 [HIGH] CWE-822 CVE-2024-38185: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
nvd
CVE-2024-38187P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.38802024-08-13
CVE-2024-38187 [HIGH] CWE-822 CVE-2024-38187: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
nvd
CVE-2024-30086P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.37372024-06-11
CVE-2024-30086 [HIGH] CWE-416 CVE-2024-30086: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
nvd
CVE-2024-30095P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.37372024-06-11
CVE-2024-30095 [HIGH] CWE-122 CVE-2024-30095: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
nvd
CVE-2024-38249P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.41692024-09-10
CVE-2024-38249 [HIGH] CWE-416 CVE-2024-38249: Windows Graphics Component Elevation of Privilege Vulnerability
Windows Graphics Component Elevation of Privilege Vulnerability
nvd
CVE-2024-49079P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.46022024-12-12
CVE-2024-49079 [HIGH] CWE-416 CVE-2024-49079: Input Method Editor (IME) Remote Code Execution Vulnerability
Input Method Editor (IME) Remote Code Execution Vulnerability
nvd
CVE-2024-30094P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.37372024-06-11
CVE-2024-30094 [HIGH] CWE-122 CVE-2024-30094: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
nvd