Skip to main content

Power Apps

4 CVEs product

Monthly

CVE-2026-20960 HIGH PATCH This Week

Insufficient authorization controls in Microsoft Power Apps enable authenticated attackers to achieve remote code execution through network access. An attacker with valid credentials can bypass permission checks to execute arbitrary code within the affected environment. No patch is currently available for this vulnerability.

Microsoft Power Apps
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-47733 CRITICAL This Week

Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Power Apps
NVD
CVSS 3.1
9.1
EPSS
2.7%
CVE-2023-32052 MEDIUM PATCH This Month

Microsoft Power Apps (online) Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Microsoft Power Apps
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-32024 LOW PATCH Monitor

Microsoft Power Apps Spoofing Vulnerability. Rated low severity (CVSS 3.0), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Power Apps
NVD
CVSS 3.1
3.0
EPSS
1.5%
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Insufficient authorization controls in Microsoft Power Apps enable authenticated attackers to achieve remote code execution through network access. An attacker with valid credentials can bypass permission checks to execute arbitrary code within the affected environment. No patch is currently available for this vulnerability.

Microsoft Power Apps
NVD
EPSS 3% CVSS 9.1
CRITICAL This Week

Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Power Apps
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Microsoft Power Apps (online) Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Microsoft Power Apps
NVD
EPSS 1% CVSS 3.0
LOW PATCH Monitor

Microsoft Power Apps Spoofing Vulnerability. Rated low severity (CVSS 3.0), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Power Apps
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy