2 matches found
CVE-2025-29817
CVE-2025-29817 affects Microsoft Power Automate Desktop. The issue is an uncontrolled search path element in Power Automate that an authorized attacker can exploit to disclose information over a network, with Confidentiality impact HIGH per CVSS. The Connected sources (Microsoft MSRC entry and co...
CVE-2026-40374
CVE-2026-40374 concerns Exposure of sensitive information to an unauthorized actor in Power Automate Desktop. The connected documents indicate an information disclosure vulnerability affecting Power Automate Desktop, with a CVSS v3.1 base score of 6.5 (NETWORK, LOW attack complexity, PRIVILEGES R...