Windows 11 24h2
by Microsoft
CVEs (1,332)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-38106 | 0.12 | — | 0.06 | KEV | Aug 13, 2024 | Windows Kernel Elevation of Privilege Vulnerability | ||
| CVE-2025-24071 | 0.09 | — | 0.25 | Mar 11, 2025 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-21293 | 0.09 | — | 0.18 | Jan 14, 2025 | Active Directory Domain Services Elevation of Privilege Vulnerability | |||
| CVE-2024-49113 | 0.07 | — | 0.84 | Dec 10, 2024 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | |||
| CVE-2024-49112 | 0.07 | — | 0.71 | Dec 10, 2024 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |||
| CVE-2024-38063 | 0.07 | — | 0.71 | Aug 13, 2024 | Windows TCP/IP Remote Code Execution Vulnerability | |||
| CVE-2025-21298 | 0.06 | — | 0.81 | Jan 14, 2025 | Windows OLE Remote Code Execution Vulnerability | |||
| CVE-2024-38144 | 0.06 | — | 0.32 | Aug 13, 2024 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | |||
| CVE-2025-50154 | 0.05 | — | 0.26 | Aug 12, 2025 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2024-43532 | 0.05 | — | 0.12 | Oct 8, 2024 | Remote Registry Service Elevation of Privilege Vulnerability | |||
| CVE-2024-38148 | 0.05 | — | 0.32 | Aug 13, 2024 | Windows Secure Channel Denial of Service Vulnerability | |||
| CVE-2025-47987 | 0.04 | — | 0.02 | Jul 8, 2025 | Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-32724 | 0.04 | — | 0.02 | Jun 10, 2025 | Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. | |||
| CVE-2026-21244 | 0.03 | — | 0.01 | Feb 10, 2026 | Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | |||
| CVE-2026-21250 | 0.03 | — | 0.01 | Feb 10, 2026 | Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-21248 | 0.03 | — | 0.01 | Feb 10, 2026 | Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | |||
| CVE-2025-59254 | 0.03 | — | 0.01 | Oct 14, 2025 | Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-53722 | 0.03 | — | 0.17 | Aug 12, 2025 | Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. | |||
| CVE-2025-50172 | 0.03 | — | 0.01 | Aug 12, 2025 | Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network. | |||
| CVE-2025-49744 | 0.03 | — | 0.01 | Jul 8, 2025 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
- risk 0.12cvss —epss 0.06
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2025-24071Mar 11, 2025risk 0.09cvss —epss 0.25
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-21293Jan 14, 2025risk 0.09cvss —epss 0.18
Active Directory Domain Services Elevation of Privilege Vulnerability
- CVE-2024-49113Dec 10, 2024risk 0.07cvss —epss 0.84
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
- CVE-2024-49112Dec 10, 2024risk 0.07cvss —epss 0.71
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
- CVE-2024-38063Aug 13, 2024risk 0.07cvss —epss 0.71
Windows TCP/IP Remote Code Execution Vulnerability
- CVE-2025-21298Jan 14, 2025risk 0.06cvss —epss 0.81
Windows OLE Remote Code Execution Vulnerability
- CVE-2024-38144Aug 13, 2024risk 0.06cvss —epss 0.32
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
- CVE-2025-50154Aug 12, 2025risk 0.05cvss —epss 0.26
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
- CVE-2024-43532Oct 8, 2024risk 0.05cvss —epss 0.12
Remote Registry Service Elevation of Privilege Vulnerability
- CVE-2024-38148Aug 13, 2024risk 0.05cvss —epss 0.32
Windows Secure Channel Denial of Service Vulnerability
- CVE-2025-47987Jul 8, 2025risk 0.04cvss —epss 0.02
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
- CVE-2025-32724Jun 10, 2025risk 0.04cvss —epss 0.02
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
- CVE-2026-21244Feb 10, 2026risk 0.03cvss —epss 0.01
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
- CVE-2026-21250Feb 10, 2026risk 0.03cvss —epss 0.01
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
- CVE-2026-21248Feb 10, 2026risk 0.03cvss —epss 0.01
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
- CVE-2025-59254Oct 14, 2025risk 0.03cvss —epss 0.01
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2025-53722Aug 12, 2025risk 0.03cvss —epss 0.17
Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.
- CVE-2025-50172Aug 12, 2025risk 0.03cvss —epss 0.01
Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.
- CVE-2025-49744Jul 8, 2025risk 0.03cvss —epss 0.01
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Page 17 of 67