Power Apps
Monthly
Insufficient authorization controls in Microsoft Power Apps enable authenticated attackers to achieve remote code execution through network access. An attacker with valid credentials can bypass permission checks to execute arbitrary code within the affected environment. No patch is currently available for this vulnerability.
Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft Power Apps (online) Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.
Microsoft Power Apps Spoofing Vulnerability. Rated low severity (CVSS 3.0), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Insufficient authorization controls in Microsoft Power Apps enable authenticated attackers to achieve remote code execution through network access. An attacker with valid credentials can bypass permission checks to execute arbitrary code within the affected environment. No patch is currently available for this vulnerability.
Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft Power Apps (online) Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.
Microsoft Power Apps Spoofing Vulnerability. Rated low severity (CVSS 3.0), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.