Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs

1,661

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

SortPage 71 of 84

CVE-2026-32218P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-32218 [MEDIUM] CWE-532 CVE-2026-32218: Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

nvd

CVE-2026-32215P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-32215 [MEDIUM] CWE-532 CVE-2026-32215: Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

nvd

CVE-2026-32217P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-32217 [MEDIUM] CWE-532 CVE-2026-32217: Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.

nvd

CVE-2025-59203P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.60602025-10-14

CVE-2025-59203 [MEDIUM] CWE-532 CVE-2025-59203: Insertion of sensitive information into log file in Windows StateRepository API allows an authorized Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.

nvd

CVE-2025-59197P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.60602025-10-14

CVE-2025-59197 [MEDIUM] CWE-532 CVE-2025-59197: Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacke Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally.

nvd

CVE-2026-27930P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.69362026-04-14

CVE-2026-27930 [MEDIUM] CWE-125 CVE-2026-27930: Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally. Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.

nvd

CVE-2025-59253P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.60602025-10-14

CVE-2025-59253 [MEDIUM] CWE-284 CVE-2025-59253: Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.

nvd

CVE-2024-21320MEDIUMCVSS 6.5PoC≥ 10.0.22631.0, < 10.0.22631.30072024-01-09

CVE-2024-21320 [MEDIUM] CWE-200 Windows Themes Spoofing Vulnerability Windows Themes Spoofing Vulnerability Windows Themes Spoofing Vulnerability

cvelistv5

CVE-2025-21219P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.47512025-01-14

CVE-2025-21219 [MEDIUM] CWE-41 CVE-2025-21219: MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability

nvd

CVE-2025-21189P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.47512025-01-14

CVE-2025-21189 [MEDIUM] CWE-41 CVE-2025-21189: MapUrlToZone Security Feature Bypass Vulnerability MapUrlToZone Security Feature Bypass Vulnerability

nvd

CVE-2025-55333P4MEDIUMCVSS 4.6≥ 10.0.22631.0, < 10.0.22631.60602025-10-14

CVE-2025-55333 [MEDIUM] CWE-1023 CVE-2025-55333: Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to b Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

nvd

CVE-2025-58717P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.60602025-10-14

CVE-2025-58717 [MEDIUM] CWE-125 CVE-2025-58717: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-55700P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.60602025-10-14

CVE-2025-55700 [MEDIUM] CWE-125 CVE-2025-55700: Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attack Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2025-54107P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.59092025-09-09

CVE-2025-54107 [MEDIUM] CWE-41 CVE-2025-54107: Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to b Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

nvd

CVE-2025-54917P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.59092025-09-09

CVE-2025-54917 [MEDIUM] CWE-693 CVE-2025-54917: Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a sec Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

nvd

CVE-2024-38041P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.38802024-07-09

CVE-2024-38041 [MEDIUM] CWE-200 CVE-2024-38041: Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability

nvd

CVE-2025-24992P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.50392025-03-11

CVE-2025-24992 [MEDIUM] CWE-126 CVE-2025-24992: Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally. Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.

nvd

CVE-2024-43554P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.43172024-10-08

CVE-2024-43554 [MEDIUM] CWE-212 CVE-2024-43554: Windows Kernel-Mode Driver Information Disclosure Vulnerability Windows Kernel-Mode Driver Information Disclosure Vulnerability

nvd

CVE-2025-32720P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.54722025-06-10

CVE-2025-32720 [MEDIUM] CWE-125 CVE-2025-32720: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

nvd

CVE-2025-33055P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.54722025-06-10

CVE-2025-33055 [MEDIUM] CWE-125 CVE-2025-33055: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

nvd

← Previous71 / 84Next →