📦 Windows 10
by Microsoft
🔍 What is Windows 10?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary code on systems running Microsoft Message Queuing (MSMQ) by sending specially crafted packets. Attackers can gain SYSTEM privileges with...
This critical vulnerability in Windows LDAP allows remote attackers to execute arbitrary code on affected systems without authentication. It affects Windows servers and workstations running vulnerable...
This is a critical remote code execution vulnerability in Windows LDAP services that allows unauthenticated attackers to execute arbitrary code on vulnerable systems. It affects Windows servers runnin...
CVE-2022-26809 is a critical Remote Procedure Call Runtime vulnerability in Windows that allows unauthenticated attackers to execute arbitrary code remotely. Attackers can exploit this vulnerability b...
This is a critical remote code execution vulnerability in Windows Network File System (NFS) that allows unauthenticated attackers to execute arbitrary code on vulnerable systems. It affects Windows se...
This is a critical remote code execution vulnerability in Windows Network File System (NFS) that allows unauthenticated attackers to execute arbitrary code on vulnerable systems. It affects Windows se...
This vulnerability allows an authenticated attacker on a guest virtual machine to execute arbitrary code with elevated privileges on the Hyper-V host. It affects Windows systems running Hyper-V virtua...
CVE-2022-21907 is a critical remote code execution vulnerability in the Windows HTTP Protocol Stack (http.sys) that allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges by...
This is a critical remote code execution vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions. Attackers can exploit this vulnerability by sending specially crafted packets to vuln...
CVE-2021-43215 is a critical memory corruption vulnerability in Microsoft's iSNS Server that allows remote attackers to execute arbitrary code on affected systems. This vulnerability affects Windows S...
CVE-2021-26443 is a remote code execution vulnerability in Microsoft's Virtual Machine Bus (VMBus) that allows an authenticated attacker to execute arbitrary code with SYSTEM privileges on a target Hy...
This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by sending specially crafted TCP/IP packets. It affects Windows operating systems with vulnerable TCP/I...
CVE-2021-26432 is a remote code execution vulnerability in the Windows Services for NFS ONCRPC XDR Driver. An attacker can exploit this by sending specially crafted requests to an affected system, pot...
This vulnerability allows attackers to bypass Kerberos AppContainer security features in Windows, potentially enabling unauthorized access to enterprise authentication capabilities. It affects Windows...
CVE-2021-28476 is a critical remote code execution vulnerability in Windows Hyper-V's vmswitch.sys driver. It allows attackers to execute arbitrary code with SYSTEM privileges on Hyper-V host systems ...
This vulnerability allows an authenticated attacker on a guest virtual machine to execute arbitrary code on the Hyper-V host. It affects Windows systems running Hyper-V with specific configurations, p...
This is a critical remote code execution vulnerability in the Windows TCP/IP stack that allows an unauthenticated attacker to execute arbitrary code with SYSTEM privileges by sending specially crafted...
This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by sending specially crafted TCP/IP packets. It affects Windows operating systems with TCP/IP networkin...
CVE-2021-24077 is a critical remote code execution vulnerability in the Windows Fax Service that allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges on affected systems. ...
CVE-2020-1467 is a critical Windows privilege escalation vulnerability that allows authenticated attackers to overwrite system files by exploiting improper hard link handling. This enables attackers t...
CVE-2023-36606 is a denial-of-service vulnerability in Microsoft Message Queuing (MSMQ) where an unauthenticated attacker could send specially crafted packets to cause the MSMQ service to stop respond...
This vulnerability in Microsoft Message Queuing (MSMQ) allows remote attackers to execute arbitrary code on affected systems by sending specially crafted packets. It affects Windows systems with MSMQ ...
This vulnerability allows remote attackers to execute arbitrary code on systems running Microsoft Message Queuing (MSMQ) by sending specially crafted packets. It affects Windows systems with MSMQ enab...
This vulnerability allows remote attackers to execute arbitrary code on systems running Microsoft Message Queuing (MSMQ) by sending specially crafted packets. It affects Windows systems with MSMQ enab...
This vulnerability in Microsoft Message Queuing (MSMQ) allows attackers to cause a denial of service by sending specially crafted malicious packets. It affects Windows systems with MSMQ enabled, poten...
This vulnerability in the Windows Common Log File System (CLFS) driver allows an authenticated attacker to gain SYSTEM-level privileges through integer overflow. It affects Windows systems where an at...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems by exploiting a flaw in the Point-to-Point Tunneling Protocol (PPTP) implementation. Attackers could gain SYSTEM...
This vulnerability in Microsoft PostScript and PCL6 Class Printer Drivers allows an attacker to read sensitive information from kernel memory. It affects systems using these printer drivers, potential...
This Windows kernel vulnerability allows an authenticated attacker to execute arbitrary code with elevated SYSTEM privileges by exploiting a use-after-free condition. It affects Windows 10, Windows 11...
This Windows kernel vulnerability allows an authenticated attacker to execute arbitrary code with elevated SYSTEM privileges. It affects Windows operating systems and requires an attacker to have init...
This vulnerability allows remote code execution on systems using Microsoft's Protected Extensible Authentication Protocol (PEAP) for network authentication. Attackers can exploit heap-based buffer ove...
CVE-2022-33644 is an elevation of privilege vulnerability in the Xbox Live Save Service on Windows systems. It allows authenticated attackers to gain SYSTEM-level privileges by exploiting improper han...
This vulnerability in Windows Advanced Local Procedure Call (ALPC) allows an authenticated attacker to execute code with SYSTEM privileges by exploiting improper object handling. It affects Windows sy...
This vulnerability allows attackers to gain SYSTEM-level privileges on Windows systems by exploiting the Print Spooler service. It affects Windows servers and workstations where the Print Spooler serv...
CVE-2022-30209 is an elevation of privilege vulnerability in Windows IIS Server that allows authenticated attackers to execute arbitrary code with SYSTEM privileges. This affects organizations running...
CVE-2022-30220 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver. It allows authenticated attackers to gain SYSTEM-level privileges on affected Windows sys...
CVE-2022-30222 is a remote code execution vulnerability in Windows Shell that allows attackers to execute arbitrary code on affected systems. Attackers can exploit this vulnerability by tricking users...
This vulnerability allows an authenticated attacker to exploit a flaw in Windows Advanced Local Procedure Call (ALPC) to elevate privileges from a lower-privileged account to SYSTEM level. It affects ...
This vulnerability allows attackers to gain SYSTEM-level privileges on Windows systems by exploiting the Print Spooler service. It affects Windows servers and workstations where the Print Spooler serv...
This vulnerability in the Windows Fast FAT File System Driver allows an authenticated attacker to execute arbitrary code with SYSTEM privileges. It affects Windows systems with the vulnerable driver c...
This vulnerability allows an authenticated attacker to execute arbitrary code with SYSTEM privileges on affected Windows systems by exploiting a flaw in the Client Server Run-time Subsystem (CSRSS). I...
CVE-2022-22024 is a remote code execution vulnerability in the Windows Fax Service that allows an attacker to execute arbitrary code with SYSTEM privileges on affected systems. This affects Windows se...
CVE-2022-22026 is a privilege escalation vulnerability in Windows Client Server Run-time Subsystem (CSRSS) that allows authenticated attackers to gain SYSTEM-level privileges on affected systems. This...
CVE-2022-22034 is an elevation of privilege vulnerability in the Windows Graphics Component that allows an authenticated attacker to execute arbitrary code with SYSTEM privileges. This affects Windows...
This vulnerability allows an authenticated attacker to exploit a flaw in Windows Advanced Local Procedure Call (ALPC) to elevate privileges from a lower-privileged account to SYSTEM level. It affects ...
CVE-2022-22022 is an elevation of privilege vulnerability in the Windows Print Spooler service that allows authenticated attackers to execute code with SYSTEM privileges. This affects Windows systems ...
This vulnerability in the Windows Ancillary Function Driver for WinSock allows an authenticated attacker to execute arbitrary code with SYSTEM privileges. It affects Windows systems where an attacker ...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running vulnerable LDAP implementations. It affects Windows servers and clients with LDAP services enabled, pote...
This vulnerability allows an authenticated attacker to exploit the Windows Advanced Local Procedure Call (ALPC) mechanism to elevate privileges from a lower-privileged account to SYSTEM level. It affe...
This vulnerability allows an authenticated attacker on a guest virtual machine to execute arbitrary code on the Hyper-V host. It affects Windows systems running Hyper-V with virtual machines that have...
This vulnerability allows attackers to escalate privileges on Windows systems by exploiting a flaw in Kerberos authentication. Attackers can gain SYSTEM-level access by manipulating redirected logon b...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running vulnerable LDAP implementations. Attackers can exploit this by sending specially crafted requests to LDA...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services. Attackers can exploit this without authentication by sending specially crafted requests t...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services. Attackers can exploit this by sending specially crafted requests to vulnerable LDAP serve...
This vulnerability allows remote code execution on Windows systems running LDAP services. Attackers can exploit it by sending specially crafted requests to a vulnerable LDAP server, potentially gainin...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services. Attackers can exploit this by sending specially crafted requests to vulnerable LDAP serve...
CVE-2022-32230 is a denial-of-service vulnerability in Microsoft Windows SMBv3 where a malformed FileNormalizedNameInformation request causes a null pointer dereference, leading to a Blue Screen of De...
This vulnerability allows an authenticated attacker to gain SYSTEM-level privileges on Windows systems by exploiting the Print Spooler service. It affects Windows servers and workstations where the Pr...
This vulnerability allows an attacker to elevate privileges on Windows systems by exploiting a flaw in Windows Push Notifications Apps. Attackers could gain SYSTEM-level access by running specially cr...
This vulnerability allows remote attackers to execute arbitrary code on Windows systems running LDAP services by sending specially crafted requests. It affects Windows servers with LDAP enabled, poten...
This CVE describes a privilege escalation vulnerability in Windows Error Reporting (WER) where improper file handling could allow attackers to gain elevated system privileges. Attackers could exploit ...
This Windows vulnerability allows attackers to bypass digital signature validation, enabling them to load malicious files that appear legitimate. It affects Windows systems where file signature checki...
CVE-2020-16897 is an information disclosure vulnerability in Windows NetBIOS over TCP (NetBT) that allows attackers to read sensitive memory contents. Attackers could use leaked information to facilit...
This is a Windows privilege escalation vulnerability in the Universal Plug and Play (UPnP) service. An attacker with local access can exploit it to execute arbitrary code with SYSTEM privileges, poten...
CVE-2020-1590 is an elevation of privilege vulnerability in Windows' Connected User Experiences and Telemetry Service (DiagTrack) that allows attackers to gain higher system privileges. Attackers must...
This Windows privilege escalation vulnerability allows attackers who can run code on a system to gain elevated privileges by exploiting improper handling in the Win32k.sys kernel driver. It affects Wi...
This is a local privilege escalation vulnerability in Microsoft's Diagnostics Hub Standard Collector component. An attacker with local access can exploit it to run arbitrary code with elevated system ...
CVE-2020-1250 is a Windows kernel information disclosure vulnerability in the win32k component. An attacker with local access can run a specially crafted application to leak kernel memory information,...
CVE-2020-1033 is a Windows kernel information disclosure vulnerability that allows authenticated attackers to read kernel memory contents. This could leak sensitive information like passwords, encrypt...
CVE-2020-1038 is a denial of service vulnerability in Windows Routing Utilities where improper memory handling allows an authenticated attacker to crash the system. It affects Windows systems with vul...
This Windows GDI vulnerability allows attackers to read sensitive memory contents, potentially exposing credentials or system information. It affects Windows users who open malicious documents or visi...
CVE-2020-1119 is an information disclosure vulnerability in Windows StartTileData.dll that could allow an attacker to read sensitive memory contents. This affects Windows systems where an attacker has...
This CVE describes an information disclosure vulnerability in Windows Mobile Device Management (MDM) Diagnostics that allows authenticated attackers to bypass access restrictions and read files throug...
A denial of service vulnerability in Microsoft Hyper-V allows an attacker with privileged access on a guest virtual machine to crash the host server by sending malicious data. This affects organizatio...
CVE-2020-0941 is an information disclosure vulnerability in the Windows win32k component that leaks kernel information, potentially aiding attackers in further system compromise. It affects Windows us...
CVE-2020-1379 is a memory corruption vulnerability in Windows Media Foundation that allows attackers to execute arbitrary code with user privileges. It affects Windows systems and can be exploited thr...
CVE-2020-1417 is a Windows kernel privilege escalation vulnerability that allows authenticated attackers to execute arbitrary code with kernel-level permissions. This affects Windows systems where an ...
CVE-2019-1125 is a Spectre Variant 1 speculative execution side-channel vulnerability in AMD, ARM, and Intel CPUs that allows attackers to read privileged memory across trust boundaries. It affects sy...
This is a denial of service vulnerability in Microsoft's XmlLite runtime library that improperly parses XML input. An attacker can crash XML applications by sending specially crafted XML requests. Any...
CVE-2019-1198 is an elevation of privilege vulnerability in SyncController.dll that allows attackers to run arbitrary code with elevated privileges when combined with other vulnerabilities. This affec...
CVE-2019-1171 is an information disclosure vulnerability in SymCrypt's OAEP decryption implementation. Attackers with local access can exploit this to obtain sensitive information that could facilitat...
This CVE-2019-1153 is an information disclosure vulnerability in Microsoft Windows Graphics Component that allows an attacker to read memory contents they shouldn't access. It affects Windows systems ...
This Windows GDI vulnerability allows attackers to read sensitive memory contents, potentially exposing system information that could enable further attacks. It affects Windows users who open maliciou...
CVE-2019-1148 is an information disclosure vulnerability in Microsoft Windows Graphics Component that allows authenticated attackers to read memory contents they shouldn't access. This affects Windows...
This vulnerability allows a privileged attacker on a Hyper-V guest virtual machine to crash the host server by sending specially crafted network packets. It affects Microsoft Hyper-V hosts running Win...
A denial-of-service vulnerability in Microsoft Hyper-V Network Switch allows a privileged attacker on a guest virtual machine to crash the host server by sending specially crafted input. This affects ...