Windows 11 24h2@* Security Vulnerabilities and Issues — Page 4 of Windows 11 24h2@* CVE List

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

7CVSS7.2AI score0.00036EPSS

CVE•added 2025/04/08 6:15 p.m.•98 views

CVE-2025-21191

Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.

7CVSS7.1AI score0.00036EPSS

CVE•added 2025/01/14 6:15 p.m.•98 views

CVE-2025-21241

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS9AI score0.00626EPSS

CVE•added 2025/01/14 6:15 p.m.•98 views

CVE-2025-21295

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

8.1CVSS8.3AI score0.01027EPSS

CVE•added 2025/01/14 6:15 p.m.•98 views

CVE-2025-21307

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

9.8CVSS9.8AI score0.07545EPSS

CVE•added 2025/04/08 6:16 p.m.•98 views

CVE-2025-27731

Improper input validation in OpenSSH for Windows allows an authorized attacker to elevate privileges locally.

7.8CVSS7.1AI score0.001EPSS

CVE•added 2024/11/12 6:15 p.m.•97 views

CVE-2024-43627

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.01284EPSS

CVE•added 2024/12/12 2:4 a.m.•97 views

CVE-2024-49079

Input Method Editor (IME) Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00187EPSS

CVE•added 2025/02/11 6:15 p.m.•97 views

CVE-2025-21349

Windows Remote Desktop Configuration Service Tampering Vulnerability

6.8CVSS7.5AI score0.00091EPSS

CVE•added 2025/02/11 6:15 p.m.•97 views

CVE-2025-21419

Windows Setup Files Cleanup Elevation of Privilege Vulnerability

7.1CVSS7.6AI score0.00167EPSS

CVE•added 2025/06/10 5:22 p.m.•97 views

CVE-2025-33059

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

5.5CVSS5.2AI score0.00048EPSS

CVE•added 2024/11/12 6:15 p.m.•96 views

CVE-2024-43629

Windows DWM Core Library Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.0051EPSS

CVE•added 2025/01/14 6:15 p.m.•96 views

CVE-2025-21270

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

7.5CVSS7.4AI score0.01023EPSS

CVE•added 2025/01/14 6:15 p.m.•96 views

CVE-2025-21324

Windows Digital Media Elevation of Privilege Vulnerability

6.6CVSS6.5AI score0.00133EPSS

CVE•added 2025/02/11 6:15 p.m.•96 views

CVE-2025-21368

Microsoft Digest Authentication Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.00487EPSS

CVE•added 2025/04/08 6:15 p.m.•96 views

CVE-2025-26644

Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.

5.1CVSS7AI score0.00056EPSS

CVE•added 2025/03/11 5:16 p.m.•96 views

CVE-2025-26645

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

8.8CVSS8.8AI score0.00608EPSS

CVE•added 2024/10/08 6:15 p.m.•95 views

CVE-2024-43550

Windows Secure Channel Spoofing Vulnerability

7.4CVSS7.8AI score0.01016EPSS

CVE•added 2024/11/12 6:15 p.m.•95 views

CVE-2024-43628

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.01382EPSS

CVE•added 2024/11/12 6:15 p.m.•95 views

CVE-2024-43635

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.01382EPSS

CVE•added 2024/11/12 6:15 p.m.•95 views

CVE-2024-43636

Win32k Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.0036EPSS

CVE•added 2025/02/11 6:15 p.m.•95 views

CVE-2025-21190

Windows Telephony Service Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.00381EPSS

CVE•added 2025/02/11 6:15 p.m.•95 views

CVE-2025-21254

Internet Connection Sharing (ICS) Denial of Service Vulnerability

6.5CVSS7.3AI score0.00134EPSS

CVE•added 2025/01/14 6:15 p.m.•95 views

CVE-2025-21308

Windows Themes Spoofing Vulnerability

6.5CVSS6.5AI score0.00466EPSS

CVE•added 2025/03/11 5:16 p.m.•95 views

CVE-2025-24035

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

8.1CVSS8.2AI score0.00284EPSS

CVE•added 2025/04/08 6:15 p.m.•95 views

CVE-2025-24058

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

7.8CVSS7.1AI score0.001EPSS

CVE•added 2025/04/08 6:15 p.m.•95 views

CVE-2025-24074

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

7.8CVSS7.1AI score0.001EPSS

CVE•added 2025/04/08 6:16 p.m.•95 views

CVE-2025-27728

Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

7.8CVSS7AI score0.00066EPSS

CVE•added 2024/08/13 6:15 p.m.•94 views

CVE-2024-38125

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.01533EPSS

CVE•added 2024/08/13 6:15 p.m.•94 views

CVE-2024-38135

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.00588EPSS

CVE•added 2024/08/13 6:15 p.m.•94 views

CVE-2024-38143

Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability

4.2CVSS4.6AI score0.02126EPSS

CVE•added 2024/08/13 6:15 p.m.•94 views

CVE-2024-38196

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.8CVSS7.7AI score0.02794EPSS

CVE•added 2024/09/10 5:15 p.m.•94 views

CVE-2024-38240

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

9.8CVSS8.8AI score0.05048EPSS

CVE•added 2024/12/12 2:4 a.m.•94 views

CVE-2024-49076

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

7.8CVSS7.6AI score0.00173EPSS

CVE•added 2024/12/12 2:4 a.m.•94 views

CVE-2024-49117

Windows Hyper-V Remote Code Execution Vulnerability

8.8CVSS8.9AI score0.00299EPSS

CVE•added 2024/12/12 2:4 a.m.•94 views

CVE-2024-49126

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

8.1CVSS8.3AI score0.00334EPSS

CVE•added 2025/04/08 6:15 p.m.•94 views

CVE-2025-21222

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

8.8CVSS8AI score0.00083EPSS

CVE•added 2025/01/14 6:15 p.m.•94 views

CVE-2025-21255

Windows Digital Media Elevation of Privilege Vulnerability

6.6CVSS6.5AI score0.00133EPSS

CVE•added 2025/01/14 6:15 p.m.•94 views

CVE-2025-21276

Windows MapUrlToZone Denial of Service Vulnerability

7.5CVSS7.5AI score0.02161EPSS

CVE•added 2025/04/08 6:15 p.m.•94 views

CVE-2025-26678

Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.

8.4CVSS7.2AI score0.00064EPSS

CVE•added 2025/04/08 6:15 p.m.•94 views

CVE-2025-27481

Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

8.8CVSS8AI score0.00083EPSS

CVE•added 2025/04/08 6:16 p.m.•94 views

CVE-2025-27742

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.

5.5CVSS6.6AI score0.00058EPSS

CVE•added 2024/08/13 6:15 p.m.•93 views

CVE-2024-38116

Windows IP Routing Management Snapin Remote Code Execution Vulnerability

8.8CVSS9AI score0.12398EPSS

CVE•added 2024/08/13 6:15 p.m.•93 views

CVE-2024-38130

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

8.8CVSS9AI score0.05008EPSS

Total number of security vulnerabilities624