CVE-2024-35260

An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network.

CVE-2024-38190

Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.