cbcvebase.

Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs
1,661
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

Page 49 of 84
CVE-2026-23667P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.67832026-03-10
CVE-2026-23667 [HIGH] CWE-416 CVE-2026-23667: Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-25170P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.67832026-03-10
CVE-2026-25170 [HIGH] CWE-416 CVE-2026-25170: Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-32075P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-32075 [HIGH] CWE-416 CVE-2026-32075: Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker t Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-55678P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-55678 [HIGH] CWE-416 CVE-2025-55678: Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-34347P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12
CVE-2026-34347 [HIGH] CWE-416 CVE-2026-34347: Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-42984P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-42984 [HIGH] CWE-416 CVE-2026-42984: Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-45653P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-45653 [HIGH] CWE-122 CVE-2026-45653: Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-59259P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-59259 [MEDIUM] CWE-1287 CVE-2025-59259: Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an auth Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
nvd
CVE-2026-32151P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-32151 [MEDIUM] CWE-200 CVE-2026-32151: Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized att Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.
nvd
CVE-2025-48802P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.56242025-07-08
CVE-2025-48802 [MEDIUM] CWE-295 CVE-2025-48802: Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing ove Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.
nvd
CVE-2026-42907P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-42907 [MEDIUM] CWE-200 CVE-2026-42907: Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized att Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
nvd
CVE-2024-21433P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.32962024-03-12
CVE-2024-21433 [HIGH] CWE-367 CVE-2024-21433: Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability
nvd
CVE-2025-21181P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.48902025-02-11
CVE-2025-21181 [HIGH] CWE-400 CVE-2025-21181: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
nvd
CVE-2024-38126P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.40372024-08-13
CVE-2024-38126 [HIGH] CWE-476 CVE-2024-38126: Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT) Denial of Service Vulnerability
nvd
CVE-2024-38145P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.40372024-08-13
CVE-2024-38145 [HIGH] CWE-476 CVE-2024-38145: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
nvd
CVE-2024-38146P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.40372024-08-13
CVE-2024-38146 [HIGH] CWE-476 CVE-2024-38146: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
nvd
CVE-2025-21300P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21300 [HIGH] CWE-400 CVE-2025-21300: Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability
nvd
CVE-2024-21348P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.31552024-02-13
CVE-2024-21348 [HIGH] CWE-122 CVE-2024-21348: Internet Connection Sharing (ICS) Denial of Service Vulnerability Internet Connection Sharing (ICS) Denial of Service Vulnerability
nvd
CVE-2023-36004P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.28612023-12-12
CVE-2023-36004 [HIGH] CWE-287 CVE-2023-36004: Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
nvd
CVE-2025-21331P3HIGHCVSS 7.3≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21331 [HIGH] CWE-59 CVE-2025-21331: Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability
nvd
← Previous49 / 84Next →