Microsoft Windows 10
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows 10.
Recent Microsoft Windows 10 Security Advisories
Advisory | Title | Published |
---|---|---|
CVE-2021-42297 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | November 16, 2021 |
CVE-2021-43211 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | November 16, 2021 |
CVE-2021-36945 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | August 10, 2021 |
By the Year
In 2025 there have been 275 vulnerabilities in Microsoft Windows 10 with an average score of 7.2 out of ten. Last year, in 2024 Windows 10 had 525 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Windows 10 in 2025 could surpass last years number. Last year, the average CVE base score was greater by 0.18
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 275 | 7.18 |
2024 | 525 | 7.36 |
2023 | 525 | 7.53 |
2022 | 525 | 7.42 |
2021 | 488 | 7.35 |
2020 | 804 | 7.36 |
2019 | 448 | 7.27 |
2018 | 259 | 6.59 |
It may take a day or so for new Windows 10 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows 10 Security Vulnerabilities
Improper privilege management in Windows Remote Access Connection Manager
CVE-2025-47955
7.8 - High
- June 10, 2025
Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Improper Privilege Management
Protection mechanism failure in Windows Shell
CVE-2025-47160
5.4 - Medium
- June 10, 2025
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Protection Mechanism Failure
Improper link resolution before file access ('link following') in Windows Installer
CVE-2025-33075
7.8 - High
- June 10, 2025
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
insecure temporary file
External control of file name or path in Internet Shortcut Files
CVE-2025-33053
8.8 - High
- June 10, 2025
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
External Control of File Name or Path
Use of uninitialized resource in Windows Netlogon
CVE-2025-33070
8.1 - High
- June 10, 2025
Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.
Use of Uninitialized Resource
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33065
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33063
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33062
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33061
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33060
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33059
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33058
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-33055
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-32720
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-32719
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Remote Desktop Client
CVE-2025-32715
6.5 - Medium
- June 10, 2025
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Buffer over-read in Windows Storage Management Provider
CVE-2025-24068
5.5 - Medium
- June 10, 2025
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Buffer Over-read
Out-of-bounds read in Windows Storage Management Provider
CVE-2025-24065
5.5 - Medium
- June 10, 2025
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Out-of-bounds read in Windows NTFS
CVE-2025-32707
7.8 - High
- May 13, 2025
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
Out-of-bounds Read
Heap-based buffer overflow in Windows Win32K - GRFX
CVE-2025-30388
7.8 - High
- May 13, 2025
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
Memory Corruption
Use after free in Windows Common Log File System Driver
CVE-2025-30385
7.8 - High
- May 13, 2025
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Dangling pointer
Use after free in Windows Ancillary Function Driver for WinSock
CVE-2025-32709
7.8 - High
- May 13, 2025
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Improper input validation in Windows Common Log File System Driver
CVE-2025-32706
7.8 - High
- May 13, 2025
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Improper Input Validation
Use after free in Windows Common Log File System Driver
CVE-2025-32701
7.8 - High
- May 13, 2025
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Dangling pointer
Use after free in Windows DWM
CVE-2025-30400
7.8 - High
- May 13, 2025
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
Dangling pointer
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine
CVE-2025-30397
7.5 - High
- May 13, 2025
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
Object Type Confusion
Use of uninitialized resource in Windows Trusted Runtime Interface Driver
CVE-2025-29829
5.5 - Medium
- May 13, 2025
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
Use of Uninitialized Resource
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS)
CVE-2025-29835
6.5 - Medium
- May 13, 2025
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS)
CVE-2025-29836
6.5 - Medium
- May 13, 2025
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Improper privilege management in Microsoft Office SharePoint
CVE-2025-29976
7.8 - High
- May 13, 2025
Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
Improper Privilege Management
Integer underflow (wrap or wraparound) in Windows Kernel
CVE-2025-29974
5.7 - Medium
- May 13, 2025
Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.
Integer underflow
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals
CVE-2025-29969
7.5 - High
- May 13, 2025
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.
TOCTTOU
Heap-based buffer overflow in Remote Desktop Gateway Service
CVE-2025-29967
8.8 - High
- May 13, 2025
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
Memory Corruption
Heap-based buffer overflow in Windows Remote Desktop
CVE-2025-29966
8.8 - High
- May 13, 2025
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
Memory Corruption
Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus
CVE-2025-29833
7.7 - High
- May 13, 2025
Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.
TOCTTOU
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS)
CVE-2025-29832
6.5 - Medium
- May 13, 2025
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Heap-based buffer overflow in Windows Media
CVE-2025-29962
8.8 - High
- May 13, 2025
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
Memory Corruption
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS)
CVE-2025-29960
6.5 - Medium
- May 13, 2025
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS)
CVE-2025-29959
6.5 - Medium
- May 13, 2025
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Use of Uninitialized Resource
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS)
CVE-2025-29958
6.5 - Medium
- May 13, 2025
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Use of Uninitialized Resource
Uncontrolled resource consumption in Windows Deployment Services
CVE-2025-29957
6.2 - Medium
- May 13, 2025
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.
Allocation of Resources Without Limits or Throttling
Buffer over-read in Windows SMB
CVE-2025-29956
5.4 - Medium
- May 13, 2025
Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.
Out-of-bounds Read
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol
CVE-2025-29954
5.9 - Medium
- May 13, 2025
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
Allocation of Resources Without Limits or Throttling
Acceptance of extraneous untrusted data with trusted data in UrlMon
CVE-2025-29842
7.5 - High
- May 13, 2025
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.
Insufficient Verification of Data Authenticity
Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service
CVE-2025-29841
7 - High
- May 13, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
Race Condition
Improper privilege management in Windows Secure Kernel Mode
CVE-2025-27468
7 - High
- May 13, 2025
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
Race Condition
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS)
CVE-2025-29830
6.5 - Medium
- May 13, 2025
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Use of Uninitialized Resource
Heap-based buffer overflow in Windows Kernel
CVE-2025-24063
7.8 - High
- May 13, 2025
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
Memory Corruption
Improper link resolution before file access ('link following') in Windows Installer
CVE-2025-29837
5.5 - Medium
- May 13, 2025
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.
insecure temporary file
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS)
CVE-2025-29961
6.5 - Medium
- May 13, 2025
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows 11 24h2 or by Microsoft? Click the Watch button to subscribe.
