Every CVE whose affected-product data names Microsoft Power Apps, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-47733 — CVSS 9.1 (critical): Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network
CVE-2026-26149 — CVSS 9.0 (critical): Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing…
CVE-2026-20960 — CVSS 8.0 (high): Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.
CVE-2026-32172 — CVSS 8.0 (high): Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.