Microsoft Windows_11_23h2
80 CVEs affecting Microsoft Windows_11_23h2. Latest disclosed: 2026-05-12. Critical: 5, High: 63.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41096 | Critical | 9.8 | 2026-05-12 | Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. |
CVE-2025-60724 | Critical | 9.8 | 2025-11-11 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. |
CVE-2025-53766 | Critical | 9.8 | 2025-08-12 | Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. |
CVE-2023-38545 | Critical | 9.8 | 2023-10-18 | This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow t… |
CVE-2026-40402 | Critical | 9.3 | 2026-05-12 | Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. |
CVE-2026-40403 | High | 8.8 | 2026-05-12 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. |
CVE-2026-34329 | High | 8.8 | 2026-05-12 | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. |
CVE-2026-32157 | High | 8.8 | 2026-04-14 | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
CVE-2026-40415 | High | 8.1 | 2026-05-12 | Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network. |
CVE-2026-20931 | High | 8.0 | 2026-01-13 | External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network. |
CVE-2026-41088 | High | 7.8 | 2026-05-12 | Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privile… |
CVE-2026-40408 | High | 7.8 | 2026-05-12 | Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. |
CVE-2026-40407 | High | 7.8 | 2026-05-12 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
CVE-2026-40399 | High | 7.8 | 2026-05-12 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileg… |
CVE-2026-40398 | High | 7.8 | 2026-05-12 | Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. |
CVE-2026-40397 | High | 7.8 | 2026-05-12 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
CVE-2026-40382 | High | 7.8 | 2026-05-12 | Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. |
CVE-2026-40377 | High | 7.8 | 2026-05-12 | Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. |
CVE-2026-35421 | High | 7.8 | 2026-05-12 | Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. |
CVE-2026-35418 | High | 7.8 | 2026-05-12 | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. |