Windows 11 23h2
by Microsoft
Source repositories
CVEs (2,235)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-50172 | 0.03 | — | 0.01 | Aug 12, 2025 | Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network. | |||
| CVE-2025-49744 | 0.03 | — | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-49730 | 0.03 | — | 0.01 | Jul 8, 2025 | Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-49683 | 0.03 | — | 0.02 | Jul 8, 2025 | Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-49677 | 0.03 | — | 0.01 | Jul 8, 2025 | Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-24076 | 0.03 | — | 0.03 | Mar 11, 2025 | Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-21420 | 0.03 | — | 0.03 | Feb 11, 2025 | Windows Disk Cleanup Tool Elevation of Privilege Vulnerability | |||
| CVE-2025-21285 | 0.03 | — | 0.55 | Jan 14, 2025 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | |||
| CVE-2024-43642 | 0.03 | — | 0.62 | Nov 12, 2024 | Windows SMB Denial of Service Vulnerability | |||
| CVE-2024-38054 | 0.03 | — | 0.10 | Jul 9, 2024 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | |||
| CVE-2024-29050 | 0.03 | — | 0.01 | Apr 9, 2024 | Windows Cryptographic Services Remote Code Execution Vulnerability | |||
| CVE-2024-26256 | 0.03 | — | 0.88 | Apr 9, 2024 | Libarchive Remote Code Execution Vulnerability | |||
| CVE-2024-26160 | 0.03 | — | 0.11 | Mar 12, 2024 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | |||
| CVE-2023-36003 | 0.03 | — | 0.03 | Dec 12, 2023 | XAML Diagnostics Elevation of Privilege Vulnerability | |||
| CVE-2023-28302 | 0.03 | — | 0.94 | Apr 11, 2023 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | |||
| CVE-2023-21758 | 0.03 | — | 0.92 | Jan 10, 2023 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | |||
| CVE-2023-21683 | 0.03 | — | 0.02 | Jan 10, 2023 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | |||
| CVE-2022-41076 | 0.03 | — | 0.62 | Dec 13, 2022 | PowerShell Remote Code Execution Vulnerability | |||
| CVE-2025-53145 | 0.02 | — | 0.06 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | |||
| CVE-2025-53144 | 0.02 | — | 0.06 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. |
- CVE-2025-50172Aug 12, 2025risk 0.03cvss —epss 0.01
Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.
- CVE-2025-49744Jul 8, 2025risk 0.03cvss —epss 0.01
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- CVE-2025-49730Jul 8, 2025risk 0.03cvss —epss 0.01
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
- CVE-2025-49683Jul 8, 2025risk 0.03cvss —epss 0.02
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
- CVE-2025-49677Jul 8, 2025risk 0.03cvss —epss 0.01
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
- CVE-2025-24076Mar 11, 2025risk 0.03cvss —epss 0.03
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-21420Feb 11, 2025risk 0.03cvss —epss 0.03
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
- CVE-2025-21285Jan 14, 2025risk 0.03cvss —epss 0.55
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
- CVE-2024-43642Nov 12, 2024risk 0.03cvss —epss 0.62
Windows SMB Denial of Service Vulnerability
- CVE-2024-38054Jul 9, 2024risk 0.03cvss —epss 0.10
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
- CVE-2024-29050Apr 9, 2024risk 0.03cvss —epss 0.01
Windows Cryptographic Services Remote Code Execution Vulnerability
- CVE-2024-26256Apr 9, 2024risk 0.03cvss —epss 0.88
Libarchive Remote Code Execution Vulnerability
- CVE-2024-26160Mar 12, 2024risk 0.03cvss —epss 0.11
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
- CVE-2023-36003Dec 12, 2023risk 0.03cvss —epss 0.03
XAML Diagnostics Elevation of Privilege Vulnerability
- CVE-2023-28302Apr 11, 2023risk 0.03cvss —epss 0.94
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
- CVE-2023-21758Jan 10, 2023risk 0.03cvss —epss 0.92
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
- CVE-2023-21683Jan 10, 2023risk 0.03cvss —epss 0.02
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
- CVE-2022-41076Dec 13, 2022risk 0.03cvss —epss 0.62
PowerShell Remote Code Execution Vulnerability
- CVE-2025-53145Aug 12, 2025risk 0.02cvss —epss 0.06
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
- CVE-2025-53144Aug 12, 2025risk 0.02cvss —epss 0.06
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
Page 20 of 112