Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs

1,661

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

SortPage 58 of 84

CVE-2026-27929P4HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-27929 [HIGH] CWE-367 CVE-2026-27929: Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-47648P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-47648 [HIGH] CWE-426 CVE-2026-47648: Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-45487P4HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-45487 [HIGH] CWE-367 CVE-2026-45487: Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-29960P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.53352025-05-13

CVE-2025-29960 [MEDIUM] CWE-125 CVE-2025-29960: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-29959P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.53352025-05-13

CVE-2025-29959 [MEDIUM] CWE-908 CVE-2025-29959: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthor Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-29958P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.53352025-05-13

CVE-2025-29958 [MEDIUM] CWE-908 CVE-2025-29958: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthor Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-29961P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.53352025-05-13

CVE-2025-29961 [MEDIUM] CWE-125 CVE-2025-29961: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-29836P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.53352025-05-13

CVE-2025-29836 [MEDIUM] CWE-125 CVE-2025-29836: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-29830P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.53352025-05-13

CVE-2025-29830 [MEDIUM] CWE-908 CVE-2025-29830: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthor Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-29832P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.53352025-05-13

CVE-2025-29832 [MEDIUM] CWE-125 CVE-2025-29832: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-29835P3MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.53352025-05-13

CVE-2025-29835 [MEDIUM] CWE-125 CVE-2025-29835: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-54915P3MEDIUMCVSS 6.7≥ 10.0.22631.0, < 10.0.22631.59092025-09-09

CVE-2025-54915 [MEDIUM] CWE-843 CVE-2025-54915: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-54109P3MEDIUMCVSS 6.7≥ 10.0.22631.0, < 10.0.22631.59092025-09-09

CVE-2025-54109 [MEDIUM] CWE-843 CVE-2025-54109: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-54104P3MEDIUMCVSS 6.7≥ 10.0.22631.0, < 10.0.22631.59092025-09-09

CVE-2025-54104 [MEDIUM] CWE-843 CVE-2025-54104: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-53808P3MEDIUMCVSS 6.7≥ 10.0.22631.0, < 10.0.22631.59092025-09-09

CVE-2025-53808 [MEDIUM] CWE-843 CVE-2025-53808: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-53810P3MEDIUMCVSS 6.7≥ 10.0.22631.0, < 10.0.22631.59092025-09-09

CVE-2025-53810 [MEDIUM] CWE-843 CVE-2025-53810: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-54094P3MEDIUMCVSS 6.7≥ 10.0.22631.0, < 10.0.22631.59092025-09-09

CVE-2025-54094 [MEDIUM] CWE-843 CVE-2025-54094: Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service a Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2026-27925P4MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-27925 [MEDIUM] CWE-416 CVE-2026-27925: Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.

nvd

CVE-2023-36427P3HIGHCVSS 7.0≥ 10.0.22631.0, < 10.0.22631.27152023-11-14

CVE-2023-36427 [HIGH] CVE-2023-36427: Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability

nvd

CVE-2024-20659P4HIGHCVSS 7.1≥ 10.0.22631.0, < 10.0.22631.43172024-10-08

CVE-2024-20659 [HIGH] CWE-20 CVE-2024-20659: Windows Hyper-V Security Feature Bypass Vulnerability Windows Hyper-V Security Feature Bypass Vulnerability

nvd

← Previous58 / 84Next →