Windows 11 23h2
by Microsoft
Source repositories
CVEs (2,235)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-21536 | Med | 0.31 | 4.7 | 0.00 | Jan 10, 2023 | Event Tracing for Windows Information Disclosure Vulnerability | ||
| CVE-2026-26175 | Med | 0.30 | 4.6 | 0.00 | Apr 14, 2026 | Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2026-20928 | Med | 0.30 | 4.6 | 0.00 | Apr 14, 2026 | Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2022-41099 | Med | 0.30 | 4.6 | 0.04 | Nov 9, 2022 | BitLocker Security Feature Bypass Vulnerability | ||
| CVE-2026-32209 | Med | 0.29 | 4.4 | 0.00 | May 12, 2026 | Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2026-27906 | Med | 0.29 | 4.4 | 0.00 | Apr 14, 2026 | Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2024-21305 | Med | 0.29 | 4.4 | 0.01 | Jan 9, 2024 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | ||
| CVE-2023-36722 | Med | 0.29 | 4.4 | 0.01 | Oct 10, 2023 | Active Directory Domain Services Information Disclosure Vulnerability | ||
| CVE-2023-36698 | Med | 0.29 | 4.4 | 0.00 | Oct 10, 2023 | Windows Kernel Security Feature Bypass Vulnerability | ||
| CVE-2023-28276 | Med | 0.29 | 4.4 | 0.00 | Apr 11, 2023 | Windows Group Policy Security Feature Bypass Vulnerability | ||
| CVE-2023-21729 | Med | 0.28 | 4.3 | 0.01 | Apr 11, 2023 | Remote Procedure Call Runtime Information Disclosure Vulnerability | ||
| CVE-2023-24911 | Med | 0.28 | 4.3 | 0.01 | Mar 14, 2023 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | ||
| CVE-2022-38030 | Med | 0.28 | 4.3 | 0.01 | Oct 11, 2022 | Windows USB Serial Driver Information Disclosure Vulnerability | ||
| CVE-2022-37981 | Med | 0.28 | 4.3 | 0.02 | Oct 11, 2022 | Windows Event Logging Service Denial of Service Vulnerability | ||
| CVE-2024-21338 | 0.27 | — | 0.52 | KEV | Feb 13, 2024 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2024-21412 | 0.26 | — | 0.95 | KEV | Feb 13, 2024 | Internet Shortcut Files Security Feature Bypass Vulnerability | ||
| CVE-2026-45642 | Low | 0.25 | 3.9 | 0.00 | Jun 9, 2026 | Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack. | ||
| CVE-2025-26633 | 0.25 | — | 0.32 | KEV | Mar 11, 2025 | Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2024-30088 | 0.25 | — | 0.68 | KEV | Jun 11, 2024 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2024-49039 | 0.23 | — | 0.14 | KEV | Nov 12, 2024 | Windows Task Scheduler Elevation of Privilege Vulnerability |
- risk 0.31cvss 4.7epss 0.00
Event Tracing for Windows Information Disclosure Vulnerability
- risk 0.30cvss 4.6epss 0.00
Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.30cvss 4.6epss 0.00
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.30cvss 4.6epss 0.04
BitLocker Security Feature Bypass Vulnerability
- risk 0.29cvss 4.4epss 0.00
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
- risk 0.29cvss 4.4epss 0.00
Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.
- risk 0.29cvss 4.4epss 0.01
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
- risk 0.29cvss 4.4epss 0.01
Active Directory Domain Services Information Disclosure Vulnerability
- risk 0.29cvss 4.4epss 0.00
Windows Kernel Security Feature Bypass Vulnerability
- risk 0.29cvss 4.4epss 0.00
Windows Group Policy Security Feature Bypass Vulnerability
- risk 0.28cvss 4.3epss 0.01
Remote Procedure Call Runtime Information Disclosure Vulnerability
- risk 0.28cvss 4.3epss 0.01
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
- risk 0.28cvss 4.3epss 0.01
Windows USB Serial Driver Information Disclosure Vulnerability
- risk 0.28cvss 4.3epss 0.02
Windows Event Logging Service Denial of Service Vulnerability
- risk 0.27cvss —epss 0.52
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.26cvss —epss 0.95
Internet Shortcut Files Security Feature Bypass Vulnerability
- risk 0.25cvss 3.9epss 0.00
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.
- risk 0.25cvss —epss 0.32
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
- risk 0.25cvss —epss 0.68
Windows Kernel Elevation of Privilege Vulnerability
- risk 0.23cvss —epss 0.14
Windows Task Scheduler Elevation of Privilege Vulnerability
Page 47 of 112