Yanir_With

**Name of the Vulnerable Software and Affected Versions** Microsoft Planetary Computer Pro (affected versions not specified) **Description** Deserialization of untrusted data allows an unauthorized attacker to disclose information over a network. Deserialization is the process of converting a data stream back into an object, which can be exploited if the input is not properly validated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure SRE Agent (affected versions not specified) **Description** Improper authentication in the Azure SRE Agent allows an unauthorized attacker to disclose information over a network. A multi-tenant design oversight occurred where authentication checks validated tokens without ensuring the caller was authorized for the target tenant. This gap allowed individuals from different Entra ID tenants to silently eavesdrop on real-time command streams, AI chat streams, internal LLM reasoning, tool calls, and sensitive credentials. This issue specifically affected the Azure SRE Agent Gateway - SignalR Hub. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.