Microsoft Windows 11 Version 23H2 vulnerabilities
1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.
Total CVEs
1,661
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM458LOW8
Vulnerabilities
Page 74 of 84
CVE-2026-45606P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.72192026-06-09
CVE-2026-45606 [MEDIUM] CWE-125 CVE-2026-45606: Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny
Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.
nvd
CVE-2025-26644P4MEDIUMCVSS 5.1≥ 10.0.22631.0, < 10.0.22631.51892025-04-08
CVE-2025-26644 [MEDIUM] CWE-1039 CVE-2025-26644: Automated recognition mechanism with inadequate detection or handling of adversarial input perturbat
Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.
nvd
CVE-2025-21328P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21328 [MEDIUM] CWE-41 CVE-2025-21328: MapUrlToZone Security Feature Bypass Vulnerability
MapUrlToZone Security Feature Bypass Vulnerability
nvd
CVE-2025-21329P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21329 [MEDIUM] CWE-41 CVE-2025-21329: MapUrlToZone Security Feature Bypass Vulnerability
MapUrlToZone Security Feature Bypass Vulnerability
nvd
CVE-2025-55679P4MEDIUMCVSS 4.7≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-55679 [MEDIUM] CWE-20 CVE-2025-55679: Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information
Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.
nvd
CVE-2025-58719P4MEDIUMCVSS 4.7≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-58719 [MEDIUM] CWE-416 CVE-2025-58719: Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to eleva
Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-26175P4MEDIUMCVSS 4.6≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-26175 [MEDIUM] CWE-908 CVE-2026-26175: Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a se
Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.
nvd
CVE-2026-20825P4MEDIUMCVSS 4.4≥ 10.0.22631.0, < 10.0.22631.64912026-01-13
CVE-2026-20825 [MEDIUM] CWE-284 CVE-2026-20825: Improper access control in Windows Hyper-V allows an authorized attacker to disclose information loc
Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.
nvd
CVE-2024-38048P4MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38048 [MEDIUM] CWE-125 CVE-2024-38048: Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability
Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability
nvd
CVE-2025-21212P4MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.48902025-02-11
CVE-2025-21212 [MEDIUM] CWE-125 CVE-2025-21212: Internet Connection Sharing (ICS) Denial of Service Vulnerability
Internet Connection Sharing (ICS) Denial of Service Vulnerability
nvd
CVE-2025-21254P4MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.48902025-02-11
CVE-2025-21254 [MEDIUM] CWE-125 CVE-2025-21254: Internet Connection Sharing (ICS) Denial of Service Vulnerability
Internet Connection Sharing (ICS) Denial of Service Vulnerability
nvd
CVE-2025-21352P4MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.48902025-02-11
CVE-2025-21352 [MEDIUM] CWE-400 CVE-2025-21352: Internet Connection Sharing (ICS) Denial of Service Vulnerability
Internet Connection Sharing (ICS) Denial of Service Vulnerability
nvd
CVE-2025-21216P4MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.48902025-02-11
CVE-2025-21216 [MEDIUM] CWE-125 CVE-2025-21216: Internet Connection Sharing (ICS) Denial of Service Vulnerability
Internet Connection Sharing (ICS) Denial of Service Vulnerability
nvd
CVE-2024-38105P4MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38105 [MEDIUM] CWE-20 CVE-2024-38105: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
nvd
CVE-2024-38101P4MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38101 [MEDIUM] CWE-125 CVE-2024-38101: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
nvd
CVE-2024-38102P4MEDIUMCVSS 6.5≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38102 [MEDIUM] CWE-125 CVE-2024-38102: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
nvd
CVE-2024-30038HIGHCVSS 7.8PoC≥ 10.0.22631.0, < 10.0.22631.35932024-05-14
CVE-2024-30038 [HIGH] CWE-122 Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
cvelistv5
CVE-2024-30096P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.37372024-06-11
CVE-2024-30096 [MEDIUM] CWE-200 CVE-2024-30096: Windows Cryptographic Services Information Disclosure Vulnerability
Windows Cryptographic Services Information Disclosure Vulnerability
nvd
CVE-2024-38017P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.38802024-07-09
CVE-2024-38017 [MEDIUM] CWE-200 CVE-2024-38017: Microsoft Message Queuing Information Disclosure Vulnerability
Microsoft Message Queuing Information Disclosure Vulnerability
nvd
CVE-2025-21336P4MEDIUMCVSS 5.6≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21336 [MEDIUM] CWE-203 CVE-2025-21336: Windows Cryptographic Information Disclosure Vulnerability
Windows Cryptographic Information Disclosure Vulnerability
nvd