CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29817 – Microsoft Power Automate Desktop Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-29817
15 Apr 2025 — Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29817 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21187 – Microsoft Power Automate Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21187
14 Jan 2025 — Microsoft Power Automate Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21187 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43479 – Microsoft Power Automate Desktop Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43479
10 Sep 2024 — Microsoft Power Automate Desktop Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43479 • CWE-284: Improper Access Control •