Microsoft Windows Server 2022 — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Windows Server 2022, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2025-49708 — CVSS 9.9 (critical): Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
CVE-2026-47291 — CVSS 9.8 (critical): Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
CVE-2025-53766 — CVSS 9.8 (critical): Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
CVE-2025-47981 — CVSS 9.8 (critical): Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
CVE-2023-38545 — CVSS 9.8 (critical): This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the…
CVE-2025-60724 — CVSS 9.8 (critical): Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVE-2026-44815 — CVSS 9.8 (critical): Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42904 — CVSS 9.6 (critical): Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-45602 — CVSS 9.1 (critical): No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
CVE-2025-50171 — CVSS 9.1 (critical): Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-50163 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-49724 — CVSS 8.8 (high): Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.
CVE-2025-49729 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-47998 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-29966 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
CVE-2025-49740 — CVSS 8.8 (high): Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-33064 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-49753 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2022-24487 — CVSS 8.8 (high): Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
CVE-2025-49757 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-33066 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-24051 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2026-20868 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-24056 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.