Michael Van Leeuwen

**Name of the Vulnerable Software and Affected Versions** Microsoft 365 Copilot's Business Chat (affected versions not specified) **Description** An authorized attacker can elevate privileges over a network due to a server-side request forgery (SSRF) issue in Microsoft 365 Copilot's Business Chat. Server-side request forgery occurs when an application allows an attacker to make requests to unintended locations. This can potentially lead to unauthorized access to internal resources or data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure DevOps Server (affected versions not specified) **Description** The issue is related to insufficient input validation in Azure DevOps Server, which can be exploited by a remote attacker using specially crafted data to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.