Lucene search
K
MicrosoftPower Automate For Desktop

4 matches found

CVE
CVE
added 2025/04/15 4:10 p.m.173 views

CVE-2025-29817

CVE-2025-29817 affects Microsoft Power Automate Desktop. The issue is an uncontrolled search path element in Power Automate that an authorized attacker can exploit to disclose information over a network, with Confidentiality impact HIGH per CVSS. The Connected sources (Microsoft MSRC entry and co...

5.7CVSS5.3AI score0.00724EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.144 views

CVE-2025-21187

CVE-2025-21187 corresponds to a Microsoft Power Automate Remote Code Execution vulnerability. Connected sources indicate exploitation requires a user to open a rogue file, enabling code execution in the caller’s context. A fix has been released and Microsoft states the vulnerability was addressed...

7.8CVSS7.8AI score0.00732EPSS
CVE
CVE
added 2025/06/05 8:59 p.m.144 views

CVE-2025-47966

CVE-2025-47966 affects Microsoft Power Automate. The vulnerability is described as an exposure of sensitive information to an unauthenticated actor that could elevate privileges over a network. The issue is rated CVSSv3.1 base score 9.8 (critical), with attack vector: NETWORK, attack complexity: ...

9.8CVSS9.2AI score0.01022EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.28 views

CVE-2026-40374

CVE-2026-40374 concerns Exposure of sensitive information to an unauthorized actor in Power Automate Desktop. The connected documents indicate an information disclosure vulnerability affecting Power Automate Desktop, with a CVSS v3.1 base score of 6.5 (NETWORK, LOW attack complexity, PRIVILEGES R...

6.5CVSS5.8AI score0.00868EPSS