This page lists publicly disclosed CVE vulnerabilities affecting microsoft power_pages (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-23652 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. | [email protected] | 10.0 | 0.07% | 2026-05-22 | 2026-05-27 |
| CVE-2025-24989 KEV | An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vuln | [email protected] | 8.2 | 31.62% | 2025-02-19 | 2025-10-27 |