56 matches found
CVE-2026-9550
A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...
Malicious code in power-platform-playwright-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57967d58233d74f2fc4f9b0dee7c050370eb388050df8d63f29e719f83468d73 On npm install, the package's postinstall script postinstall.js collects host identifiers and CI context — whoami, os.hostname, os.platform, cwd, CI,...
Making opportunistic cyberattacks harder by design
This is part of a series of blogs and interviews conducted with our Microsoft Deputy CISOs , in which we surface a number of mission-critical security recommendations and best practices that businesses can enact right now and derive real meaningful benefits from. In this article, Ilya Grebnov,...
EUVD-2024-42267
Malicious code in bioql PyPI...
EUVD-2024-37801
Malicious code in bioql PyPI...
EUVD-2023-40003
Malicious code in bioql PyPI...
Power Pwn 4.0.1
Power Pwn is a powerful open‑source toolset designed for red‑teaming and security testing within the Microsoft 365 environment, particularly around Copilot, Copilot Studio, and the Power Platform...
CVE-2023-38007
IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browse...
Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform
Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks. This could manifest in the form of...
Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk
A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability, tracked as CVE-2024-9486 CVSS score: 9.8, has been addressed in version 0.1.38. The project maintainers...
CVE-2024-38190
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector...
CVE-2024-38190 Power Platform Information Disclosure Vulnerability
...
CVE-2024-38190
CVE-2024-38190 concerns a missing authorization vulnerability in Microsoft Power Platform (and associated components like Dataverse) that allows an unauthenticated attacker to view sensitive information over a network vector. The provided metrics assign a CVSS3.1 base score of 8.6 (HIGH) with net...
CVE-2024-38190 Power Platform Information Disclosure Vulnerability
...
Power Platform Information Disclosure Vulnerability
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector...
Microsoft Power Platform 安全漏洞
Microsoft Power Platform is a set of low-code tools from Microsoft Corporation. A security vulnerability exists in Microsoft Power Platform that stems from a lack of authorization and allows an unauthenticated attacker to view sensitive information via a network attack vector...
KLA74055 Multiple vulnerabilities in Microsoft Dynamics
Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Microsoft Dataverse can be exploited remotely t...
Information Disclosure
github.com/microsoft/terraform-provider-power-platform is vulnerable to Information Disclosure. The vulnerability is due to improper handling of sensitive data in the logging mechanism, where the clientsecret is not properly masked. This allows an attacker to impersonate the service principal and...
CVE-2024-47083
Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the clientsecret used in the service principal authentication, may be...
CVE-2024-47083
CVE-2024-47083 affects the Microsoft Power Platform Terraform Provider. Versions prior to 3.0.0 contain an issue where the service principal authentication’s sensitive data, notably the client_secret, may be exposed in logs due to a logging code error that fails to mask it when logs are persisted...