VYPR

Power Pages

by Microsoft

CVEs (2)

  • CVE-2026-23652CriMay 22, 2026
    risk 0.65cvss 10.0epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.

  • CVE-2025-24989HigKEVFeb 19, 2025
    risk 0.65cvss 8.2epss 0.02

    An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been…