Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs

1,661

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

SortPage 67 of 84

CVE-2025-53799P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.59092025-09-09

CVE-2025-53799 [MEDIUM] CWE-908 CVE-2025-53799: Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclo Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

nvd

CVE-2026-20932P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.64912026-01-13

CVE-2026-20932 [MEDIUM] CWE-200 CVE-2026-20932: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

nvd

CVE-2026-20823P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.64912026-01-13

CVE-2026-20823 [MEDIUM] CWE-200 CVE-2026-20823: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

nvd

CVE-2026-20862P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.64912026-01-13

CVE-2026-20862 [MEDIUM] CWE-200 CVE-2026-20862: Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.

nvd

CVE-2025-59211P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.60602025-10-14

CVE-2025-59211 [MEDIUM] CWE-200 CVE-2025-59211: Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.

nvd

CVE-2026-20829P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.64912026-01-13

CVE-2026-20829 [MEDIUM] CWE-125 CVE-2026-20829: Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally. Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.

nvd

CVE-2025-59509P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.61992025-11-11

CVE-2025-59509 [MEDIUM] CWE-201 CVE-2025-59509: Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.

nvd

CVE-2025-62468P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.63452025-12-09

CVE-2025-62468 [MEDIUM] CWE-125 CVE-2025-62468: Out-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose in Out-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose information locally.

nvd

CVE-2024-43585P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.43172024-10-08

CVE-2024-43585 [MEDIUM] CWE-693 CVE-2024-43585: Code Integrity Guard Security Feature Bypass Vulnerability Code Integrity Guard Security Feature Bypass Vulnerability

nvd

CVE-2025-59204P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.60602025-10-14

CVE-2025-59204 [MEDIUM] CWE-908 CVE-2025-59204: Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclo Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.

nvd

CVE-2025-59513P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.61992025-11-11

CVE-2025-59513 [MEDIUM] CWE-125 CVE-2025-59513: Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to discl Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.

nvd

CVE-2025-49684P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.56242025-07-08

CVE-2025-49684 [MEDIUM] CWE-126 CVE-2025-49684: Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locall Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.

nvd

CVE-2026-42972P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-42972 [MEDIUM] CWE-200 CVE-2026-42972: Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized a Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.

nvd

CVE-2026-42968P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-42968 [MEDIUM] CWE-125 CVE-2026-42968: Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose informatio Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.

nvd

CVE-2026-45594P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-45594 [MEDIUM] CWE-200 CVE-2026-45594: Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) S Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

nvd

CVE-2026-32212P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-32212 [MEDIUM] CWE-59 CVE-2026-32212: Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

nvd

CVE-2026-45634P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-45634 [MEDIUM] CWE-125 CVE-2026-45634: Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information loca Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.

nvd

CVE-2026-32214P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-32214 [MEDIUM] CWE-284 CVE-2026-32214: Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to discl Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

nvd

CVE-2025-21226P4MEDIUMCVSS 6.6≥ 10.0.22631.0, < 10.0.22631.47512025-01-14

CVE-2025-21226 [MEDIUM] CWE-125 CVE-2025-21226: Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability

nvd

CVE-2025-21260P4MEDIUMCVSS 6.6≥ 10.0.22631.0, < 10.0.22631.47512025-01-14

CVE-2025-21260 [MEDIUM] CWE-125 CVE-2025-21260: Windows Digital Media Elevation of Privilege Vulnerability Windows Digital Media Elevation of Privilege Vulnerability

nvd

← Previous67 / 84Next →