Microsoft Windows 11 Version 23H2 vulnerabilities
1,660 known vulnerabilities affecting microsoft/windows_11_version_23h2.
Total CVEs
1,660
CISA KEV
59
actively exploited
Public exploits
42
Exploited in wild
71
Severity breakdown
CRITICAL25HIGH1170MEDIUM457LOW8
Vulnerabilities
Page 9 of 83
CVE-2026-34329P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12
CVE-2026-34329 [HIGH] CWE-122 CVE-2026-34329: Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute cod
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
nvd
CVE-2026-40398P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12
CVE-2026-40398 [HIGH] CWE-122 CVE-2026-40398: Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privil
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-58722P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.60602025-10-14
CVE-2025-58722 [HIGH] CWE-122 CVE-2025-58722: Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locall
Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-33837P3HIGHCVSS 7.8≥ 10.0.22631.0, < 10.0.22631.7079≥ 10.0.22631.0, < 10.0.22631.72192026-05-12
CVE-2026-33837 [HIGH] CWE-122 CVE-2026-33837: Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges loc
Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
nvd
CVE-2025-47984P3HIGHCVSS 7.5≥ 10.0.22631.0, < 10.0.22631.56242025-07-08
CVE-2025-47984 [HIGH] CWE-693 CVE-2025-47984: Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
nvd
CVE-2026-33827P3HIGHCVSS 8.1≥ 10.0.22631.0, < 10.0.22631.69362026-04-14
CVE-2026-33827 [HIGH] CWE-362 CVE-2026-33827: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
nvd
CVE-2024-26205P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.34472024-04-09
CVE-2024-26205 [HIGH] CWE-122 CVE-2024-26205: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
nvd
CVE-2024-26200P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.34472024-04-09
CVE-2024-26200 [HIGH] CWE-122 CVE-2024-26200: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
nvd
CVE-2024-26179P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.34472024-04-09
CVE-2024-26179 [HIGH] CWE-122 CVE-2024-26179: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
nvd
CVE-2024-30009P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.35932024-05-14
CVE-2024-30009 [HIGH] CWE-197 CVE-2024-30009: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
nvd
CVE-2025-21244P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21244 [HIGH] CWE-190 CVE-2025-21244: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21240P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21240 [HIGH] CWE-122 CVE-2025-21240: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21237P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21237 [HIGH] CWE-122 CVE-2025-21237: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21236P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21236 [HIGH] CWE-122 CVE-2025-21236: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21245P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21245 [HIGH] CWE-122 CVE-2025-21245: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21250P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21250 [HIGH] CWE-122 CVE-2025-21250: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21243P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21243 [HIGH] CWE-190 CVE-2025-21243: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21238P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21238 [HIGH] CWE-122 CVE-2025-21238: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21233P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21233 [HIGH] CWE-122 CVE-2025-21233: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21246P3HIGHCVSS 8.8≥ 10.0.22631.0, < 10.0.22631.47512025-01-14
CVE-2025-21246 [HIGH] CWE-122 CVE-2025-21246: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd