Power Apps

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-20960 HIGH This Week

Insufficient authorization controls in Microsoft Power Apps enable authenticated attackers to achieve remote code execution through network access. An attacker with valid credentials can bypass permission checks to execute arbitrary code within the affected environment. No patch is currently available for this vulnerability.

Microsoft Power Apps
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-47733 CRITICAL This Week

Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Power Apps
NVD
CVSS 3.1
9.1
EPSS
2.7%
CVE-2026-20960
EPSS 0% CVSS 8.0
HIGH This Week

Insufficient authorization controls in Microsoft Power Apps enable authenticated attackers to achieve remote code execution through network access. An attacker with valid credentials can bypass permission checks to execute arbitrary code within the affected environment. No patch is currently available for this vulnerability.

Microsoft Power Apps
NVD
CVE-2025-47733
EPSS 3% CVSS 9.1
CRITICAL This Week

Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SSRF Power Apps
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy