cbcvebase.

Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs
1,661
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

Page 69 of 84
CVE-2024-43547P4MEDIUMCVSS 5.9≥ 10.0.22631.0, < 10.0.22631.43172024-10-08
CVE-2024-43547 [MEDIUM] CWE-325 CVE-2024-43547: Windows Kerberos Information Disclosure Vulnerability Windows Kerberos Information Disclosure Vulnerability
nvd
CVE-2025-21269P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21269 [MEDIUM] CWE-41 CVE-2025-21269: Windows HTML Platforms Security Feature Bypass Vulnerability Windows HTML Platforms Security Feature Bypass Vulnerability
nvd
CVE-2026-20838P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20838 [MEDIUM] CWE-209 CVE-2026-20838: Generation of error message containing sensitive information in Windows Kernel allows an authorized Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
nvd
CVE-2025-53804P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.59092025-09-09
CVE-2025-53804 [MEDIUM] CWE-200 CVE-2025-53804: Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized at Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
nvd
CVE-2025-53803P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.59092025-09-09
CVE-2025-53803 [MEDIUM] CWE-209 CVE-2025-53803: Generation of error message containing sensitive information in Windows Kernel allows an authorized Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
nvd
CVE-2026-21222P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.66492026-02-10
CVE-2026-21222 [MEDIUM] CWE-532 CVE-2026-21222: Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
nvd
CVE-2025-49664P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.56242025-07-08
CVE-2025-49664 [MEDIUM] CWE-200 CVE-2025-49664: Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Hos Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.
nvd
CVE-2025-29837P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.53352025-05-13
CVE-2025-29837 [MEDIUM] CWE-59 CVE-2025-29837: Improper link resolution before file access ('link following') in Windows Installer allows an author Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.
nvd
CVE-2025-62209P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.60602025-11-11
CVE-2025-62209 [MEDIUM] CWE-532 CVE-2025-62209: Insertion of sensitive information into log file in Windows License Manager allows an authorized att Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
nvd
CVE-2025-62208P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.60602025-11-11
CVE-2025-62208 [MEDIUM] CWE-532 CVE-2025-62208: Insertion of sensitive information into log file in Windows License Manager allows an authorized att Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
nvd
CVE-2025-55699P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-55699 [MEDIUM] CWE-200 CVE-2025-55699: Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized at Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
nvd
CVE-2025-59510P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.61992025-11-11
CVE-2025-59510 [MEDIUM] CWE-59 CVE-2025-59510: Improper link resolution before file access ('link following') in Windows Routing and Remote Access Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.
nvd
CVE-2026-20939P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20939 [MEDIUM] CWE-200 CVE-2026-20939: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
nvd
CVE-2026-20937P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20937 [MEDIUM] CWE-200 CVE-2026-20937: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
nvd
CVE-2025-24068P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.54722025-06-10
CVE-2025-24068 [MEDIUM] CWE-126 CVE-2025-24068: Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose in Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
nvd
CVE-2025-21340P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21340 [MEDIUM] CWE-284 CVE-2025-21340: Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
nvd
CVE-2026-32085P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-32085 [MEDIUM] CWE-200 CVE-2026-32085: Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows a Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.
nvd
CVE-2025-60706P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.61992025-11-11
CVE-2025-60706 [MEDIUM] CWE-125 CVE-2025-60706: Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally. Out-of-bounds read in Windows Hyper-V allows an authorized attacker to disclose information locally.
nvd
CVE-2025-59209P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-59209 [MEDIUM] CWE-200 CVE-2025-59209: Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.
nvd
CVE-2024-21362P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.31552024-02-13
CVE-2024-21362 [MEDIUM] CWE-367 CVE-2024-21362: Windows Kernel Security Feature Bypass Vulnerability Windows Kernel Security Feature Bypass Vulnerability
nvd
← Previous69 / 84Next →
Microsoft Windows 11 Version 23H2 vulnerabilities | cvebase