This page lists publicly disclosed CVE vulnerabilities affecting microsoft windows_11_22h2 (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-50508 | Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | [email protected] | 6.5 | 0.66% | 2026-06-09 | 2026-06-17 |
| CVE-2025-64680 | Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | [email protected] | 7.8 | 0.36% | 2025-12-09 | 2026-06-17 |
| CVE-2025-64679 | Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | [email protected] | 7.8 | 0.44% | 2025-12-09 | 2026-06-17 |
| CVE-2025-62209 | Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. | [email protected] | 5.5 | 0.49% | 2025-11-11 | 2026-06-17 |
| CVE-2025-62208 | Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally. | [email protected] | 5.5 | 0.49% | 2025-11-11 | 2026-06-17 |
| CVE-2025-59502 | Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. | [email protected] | 7.5 | 0.97% | 2025-10-14 | 2026-06-17 |
| CVE-2025-59295 | Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network. | [email protected] | 8.8 | 1.81% | 2025-10-14 | 2026-06-17 |
| CVE-2025-59294 | Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack. | [email protected] | 2.1 | 0.57% | 2025-10-14 | 2026-06-17 |
| CVE-2025-59290 | Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | [email protected] | 7.8 | 0.36% | 2025-10-14 | 2026-06-17 |
| CVE-2025-59289 | Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | [email protected] | 7.0 | 0.21% | 2025-10-14 | 2026-06-17 |
| CVE-2025-59284 | Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally. | [email protected] | 3.3 | 0.94% | 2025-10-14 | 2026-06-17 |
| CVE-2025-59282 | Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally. | [email protected] | 7.0 | 0.57% | 2025-10-14 | 2026-06-17 |
| CVE-2025-59280 | Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network. | [email protected] | 3.1 | 0.41% | 2025-10-14 | 2026-06-17 |
| CVE-2025-59278 | Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | [email protected] | 7.8 | 0.25% | 2025-10-14 | 2026-06-17 |
| CVE-2025-59277 | Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | [email protected] | 7.8 | 0.34% | 2025-10-14 | 2026-06-17 |
| CVE-2025-59275 | Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | [email protected] | 7.8 | 0.25% | 2025-10-14 | 2026-06-17 |
| CVE-2025-59261 | Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | [email protected] | 7.0 | 0.17% | 2025-10-14 | 2026-06-17 |
| CVE-2025-59259 | Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | [email protected] | 6.5 | 1.37% | 2025-10-14 | 2026-06-17 |
| CVE-2025-59255 | Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | [email protected] | 7.8 | 0.39% | 2025-10-14 | 2026-06-17 |
| CVE-2025-59254 | Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | [email protected] | 7.8 | 1.03% | 2025-10-14 | 2026-06-17 |