Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs

1,661

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

SortPage 70 of 84

CVE-2026-32081P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-32081 [MEDIUM] CWE-200 CVE-2026-32081: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

nvd

CVE-2026-24282P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.67832026-03-10

CVE-2026-24282 [MEDIUM] CWE-125 CVE-2026-24282: Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose informa Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally.

nvd

CVE-2026-32084P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-32084 [MEDIUM] CWE-200 CVE-2026-32084: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

nvd

CVE-2026-32079P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-32079 [MEDIUM] CWE-200 CVE-2026-32079: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an author Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.

nvd

CVE-2026-42906P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-42906 [MEDIUM] CWE-200 CVE-2026-42906: Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized att Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.

nvd

CVE-2026-45604P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.72192026-06-09

CVE-2026-45604 [MEDIUM] CWE-125 CVE-2026-45604: Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker t Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.

nvd

CVE-2025-21247P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.50392025-03-11

CVE-2025-21247 [MEDIUM] CWE-41 CVE-2025-21247: Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to b Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

nvd

CVE-2026-21249P4LOWCVSS 3.3≥ 10.0.22631.0, < 10.0.22631.66492026-02-10

CVE-2026-21249 [LOW] CWE-73 CVE-2026-21249: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

nvd

CVE-2025-21272P4MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.47512025-01-14

CVE-2025-21272 [MEDIUM] CWE-908 CVE-2025-21272: Windows COM Server Information Disclosure Vulnerability Windows COM Server Information Disclosure Vulnerability

nvd

CVE-2025-21288P4MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.47512025-01-14

CVE-2025-21288 [MEDIUM] CWE-908 CVE-2025-21288: Windows COM Server Information Disclosure Vulnerability Windows COM Server Information Disclosure Vulnerability

nvd

CVE-2024-38254P4MEDIUMCVSS 6.2≥ 10.0.22631.0, < 10.0.22631.41692024-09-10

CVE-2024-38254 [MEDIUM] CWE-908 CVE-2024-38254: Windows Authentication Information Disclosure Vulnerability Windows Authentication Information Disclosure Vulnerability

nvd

CVE-2025-29957P4MEDIUMCVSS 6.2≥ 10.0.22631.0, < 10.0.22631.53352025-05-13

CVE-2025-29957 [MEDIUM] CWE-400 CVE-2025-29957: Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.

nvd

CVE-2024-21313P4MEDIUMCVSS 5.3≥ 10.0.22631.0, < 10.0.22631.30072024-01-09

CVE-2024-21313 [MEDIUM] CWE-209 CVE-2024-21313: Windows TCP/IP Information Disclosure Vulnerability Windows TCP/IP Information Disclosure Vulnerability

nvd

CVE-2025-49722P4MEDIUMCVSS 5.7≥ 10.0.22631.0, < 10.0.22631.56242025-07-08

CVE-2025-49722 [MEDIUM] CWE-400 CVE-2025-49722: Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.

nvd

CVE-2025-27736P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.51892025-04-08

CVE-2025-27736 [MEDIUM] CWE-200 CVE-2025-27736: Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator a Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally.

nvd

CVE-2025-33052P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.54722025-06-10

CVE-2025-33052 [MEDIUM] CWE-908 CVE-2025-33052: Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

nvd

CVE-2026-27931P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-27931 [MEDIUM] CWE-125 CVE-2026-27931: Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally. Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.

nvd

CVE-2025-48808P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.56242025-07-08

CVE-2025-48808 [MEDIUM] CWE-200 CVE-2025-48808: Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized at Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

nvd

CVE-2025-49658P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.56242025-07-08

CVE-2025-49658 [MEDIUM] CWE-125 CVE-2025-49658: Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally. Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.

nvd

CVE-2025-29829P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.53352025-05-13

CVE-2025-29829 [MEDIUM] CWE-908 CVE-2025-29829: Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attac Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

nvd

← Previous70 / 84Next →