Windows 10 22h2@* Security Vulnerabilities and Issues — Page 4 of Windows 10 22h2@* CVE List

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process o...

7.8CVSS7.7AI score0.00187EPSS

CVE•added 2025/01/14 6:15 p.m.•319 views

CVE-2025-21189

MapUrlToZone Security Feature Bypass Vulnerability

4.3CVSS4.6AI score0.00174EPSS

CVE•added 2025/06/10 5:22 p.m.•318 views

CVE-2025-33053

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

8.8CVSS8.8AI score0.27947EPSS

In wild

CVE•added 2025/03/11 5:16 p.m.•316 views

CVE-2025-26633

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

7CVSS6.8AI score0.04655EPSS

In wild

CVE•added 2023/05/09 6:15 p.m.•314 views

CVE-2023-29325

Windows OLE Remote Code Execution Vulnerability

8.1CVSS8.8AI score0.2384EPSS

CVE•added 2025/02/11 6:15 p.m.•309 views

CVE-2025-21418

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.8CVSS8.2AI score0.11464EPSS

In wild

CVE•added 2023/11/14 6:15 p.m.•307 views

CVE-2023-36705

Windows Installer Elevation of Privilege Vulnerability

7.8CVSS8.6AI score0.00162EPSS

CVE•added 2024/05/14 5:17 p.m.•305 views

CVE-2024-30040

Windows MSHTML Platform Security Feature Bypass Vulnerability

8.8CVSS6.3AI score0.50556EPSS

In wild

CVE•added 2025/06/10 5:22 p.m.•303 views

CVE-2025-33065

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00056EPSS

CVE•added 2025/06/10 5:22 p.m.•299 views

CVE-2025-33052

Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

5.5CVSS5.3AI score0.00144EPSS

CVE•added 2023/05/09 6:15 p.m.•297 views

CVE-2023-24943

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

9.8CVSS9.6AI score0.01302EPSS

CVE•added 2025/01/14 6:15 p.m.•296 views

CVE-2025-21335

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.05766EPSS

In wild

CVE•added 2024/03/12 5:15 p.m.•294 views

CVE-2024-21408

Windows Hyper-V Denial of Service Vulnerability

5.5CVSS6.8AI score0.00478EPSS

CVE•added 2025/01/14 6:15 p.m.•294 views

CVE-2025-21334

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.04579EPSS

In wild

CVE•added 2023/11/14 6:15 p.m.•292 views

CVE-2023-36394

Windows Search Service Elevation of Privilege Vulnerability

7CVSS8.1AI score0.01054EPSS

CVE•added 2023/11/28 7:15 a.m.•288 views

CVE-2023-24023

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.

6.8CVSS6.8AI score0.00203EPSS

CVE•added 2024/08/14 12:15 a.m.•288 views

CVE-2024-38163

Windows Update Stack Elevation of Privilege Vulnerability

7.8CVSS8.3AI score0.00996EPSS

CVE•added 2025/03/11 5:16 p.m.•282 views

CVE-2025-24054

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS6.5AI score0.31507EPSS

In wildWeb

CVE•added 2024/04/09 5:15 p.m.•281 views

CVE-2024-26229

Windows CSC Service Elevation of Privilege Vulnerability

7.8CVSS8.1AI score0.85832EPSS

CVE•added 2023/05/09 6:15 p.m.•279 views

CVE-2023-29324

Windows MSHTML Platform Security Feature Bypass Vulnerability

6.5CVSS8AI score0.02256EPSS

CVE•added 2024/01/09 6:15 p.m.•279 views

CVE-2024-20674

Windows Kerberos Security Feature Bypass Vulnerability

8.8CVSS8.4AI score0.15936EPSS

CVE•added 2024/08/13 6:15 p.m.•279 views

CVE-2024-38193

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.6447EPSS

In wild

CVE•added 2024/08/13 6:15 p.m.•279 views

CVE-2024-38213

Windows Mark of the Web Security Feature Bypass Vulnerability

6.5CVSS6.5AI score0.73855EPSS

In wild

CVE•added 2024/03/12 5:15 p.m.•277 views

CVE-2024-21407

Windows Hyper-V Remote Code Execution Vulnerability

8.1CVSS8.5AI score0.05403EPSS

CVE•added 2023/11/14 6:15 p.m.•274 views

CVE-2023-36719

Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

7.8CVSS8.5AI score0.00134EPSS

CVE•added 2024/08/13 6:15 p.m.•272 views

CVE-2024-38178

Scripting Engine Memory Corruption Vulnerability

7.5CVSS7.4AI score0.18494EPSS

In wild

CVE•added 2024/03/12 5:15 p.m.•270 views

CVE-2024-21438

Microsoft AllJoyn API Denial of Service Vulnerability

7.5CVSS7.6AI score0.03412EPSS

CVE•added 2024/09/10 5:15 p.m.•268 views

CVE-2024-21416

Windows TCP/IP Remote Code Execution Vulnerability

9.8CVSS9AI score0.05048EPSS

CVE•added 2023/02/28 6:15 p.m.•262 views

CVE-2023-1018

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

5.5CVSS6.5AI score0.00151EPSS

CVE•added 2023/04/11 9:15 p.m.•262 views

CVE-2023-28293

Windows Kernel Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.06346EPSS

CVE•added 2024/04/09 5:15 p.m.•259 views

CVE-2024-26207

Windows Remote Access Connection Manager Information Disclosure Vulnerability

5.5CVSS6.6AI score0.00465EPSS

CVE•added 2023/11/14 6:15 p.m.•257 views

CVE-2023-36405

Windows Kernel Elevation of Privilege Vulnerability