CVE-2024-38190 — CVSS 8.6 (high): Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.
CVE-2024-35260 — CVSS 8.0 (high): An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network.