Microsoft Windows 11 Version 23H2 vulnerabilities

1,661 known vulnerabilities affecting microsoft/windows_11_version_23h2.

Total CVEs

1,661

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL25HIGH1170MEDIUM458LOW8

Vulnerabilities

SortPage 77 of 84

CVE-2025-49760P4LOWCVSS 3.5≥ 10.0.22631.0, < 10.0.22631.56242025-07-08

CVE-2025-49760 [LOW] CWE-73 CVE-2025-49760: External control of file name or path in Windows Storage allows an authorized attacker to perform sp External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.

nvd

CVE-2025-21274P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.47512025-01-14

CVE-2025-21274 [MEDIUM] CWE-59 CVE-2025-21274: Windows Event Tracing Denial of Service Vulnerability Windows Event Tracing Denial of Service Vulnerability

nvd

CVE-2024-26172P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.34472024-04-09

CVE-2024-26172 [MEDIUM] CWE-125 CVE-2024-26172: Windows DWM Core Library Information Disclosure Vulnerability Windows DWM Core Library Information Disclosure Vulnerability

nvd

CVE-2025-21284P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.47512025-01-14

CVE-2025-21284 [MEDIUM] CWE-20 CVE-2025-21284: Windows Virtual Trusted Platform Module Denial of Service Vulnerability Windows Virtual Trusted Platform Module Denial of Service Vulnerability

nvd

CVE-2025-21280P4MEDIUMCVSS 5.5≥ 10.0.22631.0, < 10.0.22631.47512025-01-14

CVE-2025-21280 [MEDIUM] CWE-20 CVE-2025-21280: Windows Virtual Trusted Platform Module Denial of Service Vulnerability Windows Virtual Trusted Platform Module Denial of Service Vulnerability

nvd

CVE-2024-26220P4MEDIUMCVSS 5.0≥ 10.0.22631.0, < 10.0.22631.34472024-04-09

CVE-2024-26220 [MEDIUM] CWE-908 CVE-2024-26220: Windows Mobile Hotspot Information Disclosure Vulnerability Windows Mobile Hotspot Information Disclosure Vulnerability

nvd

CVE-2025-47969P4MEDIUMCVSS 4.4≥ 10.0.22631.0, < 10.0.22621.53352025-06-10

CVE-2025-47969 [MEDIUM] CWE-200 CVE-2025-47969: Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized att Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.

nvd

CVE-2026-20936P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.64912026-01-13

CVE-2026-20936 [MEDIUM] CWE-125 CVE-2026-20936: Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a phys Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.

nvd

CVE-2024-35270P4MEDIUMCVSS 5.3≥ 10.0.22631.0, < 10.0.22631.38802024-07-09

CVE-2024-35270 [MEDIUM] CWE-400 CVE-2024-35270: Windows iSCSI Service Denial of Service Vulnerability Windows iSCSI Service Denial of Service Vulnerability

nvd

CVE-2024-49098P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.46022024-12-12

CVE-2024-49098 [MEDIUM] CWE-125 CVE-2024-49098: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

nvd

CVE-2024-49099P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.46022024-12-12

CVE-2024-49099 [MEDIUM] CWE-125 CVE-2024-49099: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

nvd

CVE-2024-49103P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.46022024-12-12

CVE-2024-49103 [MEDIUM] CWE-125 CVE-2024-49103: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

nvd

CVE-2025-24055P4MEDIUMCVSS 4.3≥ 10.0.22631.0, < 10.0.22631.50392025-03-11

CVE-2025-24055 [MEDIUM] CWE-125 CVE-2025-24055: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.

nvd

CVE-2024-49087P4MEDIUMCVSS 4.6≥ 10.0.22631.0, < 10.0.22631.46022024-12-12

CVE-2024-49087 [MEDIUM] CWE-20 CVE-2024-49087: Windows Mobile Broadband Driver Information Disclosure Vulnerability Windows Mobile Broadband Driver Information Disclosure Vulnerability

nvd

CVE-2024-20691P4MEDIUMCVSS 4.7≥ 10.0.22631.0, < 10.0.22631.30072024-01-09

CVE-2024-20691 [MEDIUM] CWE-125 CVE-2024-20691: Windows Themes Information Disclosure Vulnerability Windows Themes Information Disclosure Vulnerability

nvd

CVE-2025-24997P4MEDIUMCVSS 4.4≥ 10.0.22631.0, < 10.0.22631.50392025-03-11

CVE-2025-24997 [MEDIUM] CWE-476 CVE-2025-24997: Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service loca Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.

nvd

CVE-2024-26256HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.34472024-04-09

CVE-2024-26256 [HIGH] CWE-122 Libarchive Remote Code Execution Vulnerability Libarchive Remote Code Execution Vulnerability Libarchive Remote Code Execution Vulnerability

cvelistv5

CVE-2024-21304P4MEDIUMCVSS 4.1≥ 10.0.22631.0, < 10.0.22631.31552024-02-13

CVE-2024-21304 [MEDIUM] CWE-20 CVE-2024-21304: Trusted Compute Base Elevation of Privilege Vulnerability Trusted Compute Base Elevation of Privilege Vulnerability

nvd

CVE-2025-21298CRITICALCVSS 9.8≥ 10.0.22631.0, < 10.0.22631.47512025-01-14

CVE-2025-21298 [CRITICAL] CWE-416 Windows OLE Remote Code Execution Vulnerability Windows OLE Remote Code Execution Vulnerability Windows OLE Remote Code Execution Vulnerability

cvelistv5

CVE-2024-21340P4MEDIUMCVSS 4.6≥ 10.0.22631.0, < 10.0.22631.31552024-02-13

CVE-2024-21340 [MEDIUM] CWE-126 CVE-2024-21340: Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability

nvd

← Previous77 / 84Next →