Windows 10 22h2

CVEs (107)

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-0390	Med	0.44	6.7	0.00		Apr 14, 2026	Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
CVE-2026-32151	Med	0.42	6.5	0.00		Apr 14, 2026	Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.
CVE-2026-27925	Med	0.42	6.5	0.00		Apr 14, 2026	Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.
CVE-2026-26155	Med	0.42	6.5	0.00		Apr 14, 2026	Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2026-32202	Med	0.41	4.3	0.08	KEV	Apr 14, 2026	Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32088	Med	0.40	6.1	0.00		Apr 14, 2026	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-32072	Med	0.40	6.2	0.00		Apr 14, 2026	Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.
CVE-2026-26169	Med	0.40	6.1	0.00		Apr 14, 2026	Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
CVE-2026-23670	Med	0.37	5.7	0.00		Apr 14, 2026	Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
CVE-2026-32218	Med	0.36	5.5	0.00		Apr 14, 2026	Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-32217	Med	0.36	5.5	0.00		Apr 14, 2026	Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-32215	Med	0.36	5.5	0.00		Apr 14, 2026	Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-32214	Med	0.36	5.5	0.00		Apr 14, 2026	Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVE-2026-32212	Med	0.36	5.5	0.00		Apr 14, 2026	Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
CVE-2026-32181	Med	0.36	5.5	0.00		Apr 14, 2026	Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.
CVE-2026-32085	Med	0.36	5.5	0.00		Apr 14, 2026	Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.
CVE-2026-32084	Med	0.36	5.5	0.00		Apr 14, 2026	Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32081	Med	0.36	5.5	0.00		Apr 14, 2026	Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-32079	Med	0.36	5.5	0.00		Apr 14, 2026	Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-27931	Med	0.36	5.5	0.00		Apr 14, 2026	Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.

Page 5 of 6