Windows 10 Microsoft Windows 10

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Windows 10.

Recent Microsoft Windows 10 Security Advisories

Advisory Title Published
CVE-2021-42297 Windows 10 Update Assistant Elevation of Privilege Vulnerability November 16, 2021
CVE-2021-43211 Windows 10 Update Assistant Elevation of Privilege Vulnerability November 16, 2021
CVE-2021-36945 Windows 10 Update Assistant Elevation of Privilege Vulnerability August 10, 2021

By the Year

In 2025 there have been 218 vulnerabilities in Microsoft Windows 10 with an average score of 7.2 out of ten. Last year, in 2024 Windows 10 had 525 security vulnerabilities published. Right now, Windows 10 is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.17




Year Vulnerabilities Average Score
2025 218 7.20
2024 525 7.36
2023 525 7.53
2022 525 7.42
2021 488 7.35
2020 804 7.36
2019 448 7.27
2018 259 6.59

It may take a day or so for new Windows 10 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows 10 Security Vulnerabilities

External control of file name or path in Internet Shortcut Files

CVE-2025-33053 8.8 - High - June 10, 2025

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

External Control of File Name or Path

Out-of-bounds read in Windows NTFS

CVE-2025-32707 7.8 - High - May 13, 2025

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

Out-of-bounds Read

Heap-based buffer overflow in Windows Win32K - GRFX

CVE-2025-30388 7.8 - High - May 13, 2025

Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

Memory Corruption

Use after free in Windows Common Log File System Driver

CVE-2025-30385 7.8 - High - May 13, 2025

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Dangling pointer

Use after free in Windows Ancillary Function Driver for WinSock

CVE-2025-32709 7.8 - High - May 13, 2025

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Dangling pointer

Improper input validation in Windows Common Log File System Driver

CVE-2025-32706 7.8 - High - May 13, 2025

Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Improper Input Validation

Use after free in Windows Common Log File System Driver

CVE-2025-32701 7.8 - High - May 13, 2025

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Dangling pointer

Use after free in Windows DWM

CVE-2025-30400 7.8 - High - May 13, 2025

Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

Dangling pointer

Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine

CVE-2025-30397 7.5 - High - May 13, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

Object Type Confusion

Heap-based buffer overflow in Windows Media

CVE-2025-29964 8.8 - High - May 13, 2025

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

Memory Corruption

Heap-based buffer overflow in Windows Media

CVE-2025-29963 8.8 - High - May 13, 2025

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

Memory Corruption

Heap-based buffer overflow in Windows Media

CVE-2025-29962 8.8 - High - May 13, 2025

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

Memory Corruption

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS)

CVE-2025-29961 6.5 - Medium - May 13, 2025

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Out-of-bounds Read

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS)

CVE-2025-29960 6.5 - Medium - May 13, 2025

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Out-of-bounds Read

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS)

CVE-2025-29959 6.5 - Medium - May 13, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS)

CVE-2025-29958 6.5 - Medium - May 13, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Uncontrolled resource consumption in Windows Deployment Services

CVE-2025-29957 6.2 - Medium - May 13, 2025

Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.

Allocation of Resources Without Limits or Throttling

Buffer over-read in Windows SMB

CVE-2025-29956 5.4 - Medium - May 13, 2025

Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.

Out-of-bounds Read

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol

CVE-2025-29954 5.9 - Medium - May 13, 2025

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.

Allocation of Resources Without Limits or Throttling

Acceptance of extraneous untrusted data with trusted data in UrlMon

CVE-2025-29842 7.5 - High - May 13, 2025

Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.

Insufficient Verification of Data Authenticity

Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service

CVE-2025-29841 7 - High - May 13, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Race Condition

Stack-based buffer overflow in Windows Media

CVE-2025-29840 8.8 - High - May 13, 2025

Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

Memory Corruption

Out-of-bounds read in Windows File Server

CVE-2025-29839 4 - Medium - May 13, 2025

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.

Out-of-bounds Read

Improper link resolution before file access ('link following') in Windows Installer

CVE-2025-29837 5.5 - Medium - May 13, 2025

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.

insecure temporary file

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS)

CVE-2025-29836 6.5 - Medium - May 13, 2025

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Out-of-bounds Read

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS)

CVE-2025-29835 6.5 - Medium - May 13, 2025

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Out-of-bounds Read

Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus

CVE-2025-29833 7.7 - High - May 13, 2025

Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.

TOCTTOU

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS)

CVE-2025-29832 6.5 - Medium - May 13, 2025

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Out-of-bounds Read

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS)

CVE-2025-29830 6.5 - Medium - May 13, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Use of uninitialized resource in Windows Trusted Runtime Interface Driver

CVE-2025-29829 5.5 - Medium - May 13, 2025

Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.

Use of Uninitialized Resource

Heap-based buffer overflow in Windows Kernel

CVE-2025-24063 7.8 - High - May 13, 2025

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

Memory Corruption

Heap-based buffer overflow in Windows Remote Desktop

CVE-2025-29966 8.8 - High - May 13, 2025

Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.

Memory Corruption

Heap-based buffer overflow in Remote Desktop Gateway Service

CVE-2025-29967 8.8 - High - May 13, 2025

Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

Memory Corruption

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals

CVE-2025-29969 7.5 - High - May 13, 2025

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

TOCTTOU

Integer underflow (wrap or wraparound) in Windows Kernel

CVE-2025-29974 5.7 - Medium - May 13, 2025

Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.

Integer underflow

Improper privilege management in Microsoft Office SharePoint

CVE-2025-29976 7.8 - High - May 13, 2025

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

Improper Privilege Management

Improper privilege management in Windows Secure Kernel Mode

CVE-2025-27468 7 - High - May 13, 2025

Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.

Race Condition

Use after free in Windows Common Log File System Driver

CVE-2025-29824 7.8 - High - April 08, 2025

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Dangling pointer

Improper input validation in Windows DWM Core Library

CVE-2025-24073 7.8 - High - April 08, 2025

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Improper Input Validation

Heap-based buffer overflow in Windows Telephony Service

CVE-2025-21222 8.8 - High - April 08, 2025

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Improper input validation in Windows DWM Core Library

CVE-2025-24060 7.8 - High - April 08, 2025

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Improper Input Validation

Improper input validation in Windows DWM Core Library

CVE-2025-24062 7.8 - High - April 08, 2025

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Improper Input Validation

Weak authentication in Windows Hello

CVE-2025-26635 6.5 - Medium - April 08, 2025

Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.

1390

Improper input validation in Windows DWM Core Library

CVE-2025-24074 7.8 - High - April 08, 2025

Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

Improper Input Validation

Integer overflow or wraparound in Windows USB Print Driver

CVE-2025-26639 7.8 - High - April 08, 2025

Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.

Integer Overflow or Wraparound

Protection mechanism failure in Windows BitLocker

CVE-2025-26637 6.8 - Medium - April 08, 2025

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Protection Mechanism Failure

Heap-based buffer overflow in Windows NTFS

CVE-2025-24993 7.8 - High - March 11, 2025

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Insertion of sensitive information into log file in Windows NTFS

CVE-2025-24984 4.6 - Medium - March 11, 2025

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

Insertion of Sensitive Information into Log File

Out-of-bounds read in Windows NTFS

CVE-2025-24991 5.5 - Medium - March 11, 2025

Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Improper neutralization in Microsoft Management Console

CVE-2025-26633 7 - High - March 11, 2025

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

Improper Neutralization

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2022 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe