Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
Friday's vulnerability landscape reveals thirteen critical vulnerabilities (CVSS 9.0+) and 76 high-priority CVEs requiring immediate assessment. The critical CVE count increased by one issue from Thursday, while high-priority disclosures decreased by 24 vulnerabilities. Nine actively exploited vulnerabilities continue to require priority remediation. The overall critical CVE frequency shows a 149% increase compared to historical averages, marking significantly elevated end-of-week disclosure activity. Zero patch availability across all vulnerabilities represents a critical concern requiring organizations to implement compensating controls and risk mitigation strategies.
Thirteen critical vulnerabilities (CVSS 9.0+), representing an 8% increase from Thursday's twelve critical issues
76 high-priority vulnerabilities (CVSS 7.0-8.9), a 24% decrease from Thursday's 100 issues
Nine actively exploited vulnerabilities requiring priority remediation across enterprise and critical infrastructure environments
Critical CVE frequency increased 149% compared to historical average, indicating significantly elevated disclosure activity as the week concludes
Zero patch availability across all vulnerabilities requires immediate focus on compensating controls, network segmentation, and risk mitigation strategies
Notable critical vulnerabilities include pgAdmin database management tools, WordPress plugin privilege escalation, and multiple vendor authentication bypass issues
Immediate action: Security teams should immediately assess all thirteen critical vulnerabilities and prioritize review of the 76 high-priority CVEs for applicability to their environments. Organizations must expedite remediation of the nine actively exploited vulnerabilities. Given the zero percent patch availability, teams should implement compensating controls, network segmentation, access restrictions, and monitoring enhancements where patches are unavailable. Weekend security monitoring should be enhanced given the elevated critical vulnerability activity heading into the weekend period.
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2021-26829
9.5
OpenPLCScadaBR
â° Federal Deadline:December 18, 2025(7 days remaining)
OpenPLC ScadaBR Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-48633
9.5đ
AndroidFramework
â° Federal Deadline:December 22, 2025(11 days remaining)
Android Framework Information Disclosure Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-48572
9.5đ
AndroidFramework
â° Federal Deadline:December 22, 2025(11 days remaining)
Android Framework Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-26828
9.5
OpenPLCScadaBR
â° Federal Deadline:December 23, 2025(12 days remaining)
OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2022-37055
9.5
D-LinkRouters
â° Federal Deadline:December 28, 2025(17 days remaining)
D-Link Routers Buffer Overflow Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-66644
9.5
Array Networks ArrayOS AG
â° Federal Deadline:December 28, 2025(17 days remaining)
Array Networks ArrayOS AG OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-6218
9.5
RARLABWinRAR
â° Federal Deadline:December 29, 2025(18 days remaining)
RARLAB WinRAR Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-62221
9.5đ
MicrosoftWindows
â° Federal Deadline:December 29, 2025(18 days remaining)
Microsoft Windows Use After Free Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-58360
9.5
OSGeoGeoServer
â° Federal Deadline:December 31, 2025(20 days remaining)
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-13780
9.1đ
pgAdmin versions up toMultiple Products
pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-13764
9.8đ
The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions upMultiple Products
The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDealer_User::process_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-66043
9.8đ
SeveralMultiple Products
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 3
CVSS Base9.8
â
CRSSelect profile
CVE-2025-66044
9.8đ
SeveralMultiple Products
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 64
CVSS Base9.8
â
CRSSelect profile
CVE-2025-66045
9.8đ
SeveralMultiple Products
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 65
CVSS Base9.8
â
CRSSelect profile
CVE-2025-66046
9.8đ
SeveralMultiple Products
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 67
CVSS Base9.8
â
CRSSelect profile
CVE-2025-66047
9.8đ
SeveralMultiple Products
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 131
CVSS Base9.8
â
CRSSelect profile
CVE-2025-66048
9.8đ
SeveralMultiple Products
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 133
CVSS Base9.8
â
CRSSelect profile
CVE-2025-65473
9.1đ
An arbitrary file rename vulnerability in theMultiple Products
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name.
CVSS Base9.1
â
CRSSelect profile
CVE-2025-14534
9.8đ
A vulnerability was determined in UTTMultiple Products
A vulnerability was determined in UTT čŋå 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-14535
9.8đ
A vulnerability was identified in UTTMultiple Products
A vulnerability was identified in UTT čŋå 512W up to 3.1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigFastDirectionW. The manipulation of the argument ssid leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-67511
9.6đ
Cybersecurity AIMultiple Products
Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials() function, which is available to AI agents. Only password and command inputs are escaped in run_ssh_command_with_credentials to prevent shell injection; while username, host and port values are injectable. This issue does not have a fix at the time of publication.
CVSS Base9.6
â
CRSSelect profile
CVE-2025-14265
9.1đ
In versions ofMultiple Products
In versions of ScreenConnectâĸ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of custom code on the server or unauthorized access to application configuration data. This issue affects only the ScreenConnect server component; host and guest clients are not impacted. ScreenConnect 25.8 introduces enhanced server-side configuration handling and integrity checks to ensure only trusted extensions can be installed.
CVSS Base9.1
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-67644
7.3đ
LangGraphMultiple Products
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite)
CVSS Base7.3
â
CRSSelect profile
CVE-2025-67505
8.4đ
OktaMultiple Products
Okta Java Management SDK facilitates interactions with the Okta management API
CVSS Base8.4
â
CRSSelect profile
CVE-2025-13339
7.5đ
WordPressMultiple Products
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1
CVSS Base7.5
â
CRSSelect profile
CVE-2025-14390
8.8đ
WordPressMultiple Products
The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version <= 5
CVSS Base8.8
â
CRSSelect profile
CVE-2025-67509
8.2đ
NeuronMultiple Products
Neuron is a PHP framework for creating and orchestrating AI Agents
CVSS Base8.2
â
CRSSelect profile
CVE-2025-67460
7.8đ
ZoomMultiple Products
Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6
CVSS Base7.8
â
CRSSelect profile
CVE-2025-55312
7.8đ
WindowsMultiple Products
An issue was discovered in Foxit PDF and Editor for Windows before 13
CVSS Base7.8
â
CRSSelect profile
CVE-2025-55313
7.8đ
macOSMultiple Products
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13
CVSS Base7.8
â
CRSSelect profile
CVE-2025-55314
7.8đ
macOSMultiple Products
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13
CVSS Base7.8
â
CRSSelect profile
CVE-2025-64669
7.8đ
ImproperMultiple Products
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally
CVSS Base7.8
â
CRSSelect profile
CVE-2025-36918
7.8đ
InMultiple Products
In aoc_service_read_message of aoc_ipc_core
CVSS Base7.8
â
CRSSelect profile
CVE-2025-63895
7.5đ
issueMultiple Products
An issue in the Bluetooth firmware of JXL 9 Inch Car Android Double Din Player Android v12
CVSS Base7.5
â
CRSSelect profile
CVE-2025-65821
7.5đ
UARTMultiple Products
As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition
CVSS Base7.5
â
CRSSelect profile
CVE-2025-59802
7.5đ
ReaderMultiple Products
Foxit PDF Editor and Reader before 2025
CVSS Base7.5
â
CRSSelect profile
CVE-2025-55310
7.3đ
macOSMultiple Products
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13
CVSS Base7.3
â
CRSSelect profile
CVE-2025-64986
7.2
withinMultiple Products
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21
CVSS Base7.2
â
CRSSelect profile
CVE-2025-64987
7.2
withinMultiple Products
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction
CVSS Base7.2
â
CRSSelect profile
CVE-2025-64989
7.2
withinMultiple Products
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior V21
CVSS Base7.2
â
CRSSelect profile
CVE-2025-13072
7.1
WordPressMultiple Products
The HandL UTM Grabber / Tracker WordPress plugin before 2
CVSS Base7.1
â
CRSSelect profile
CVE-2025-13073
7.1
WordPressMultiple Products
The HandL UTM Grabber / Tracker WordPress plugin before 2
CVSS Base7.1
â
CRSSelect profile
CVE-2025-66675
8.2
Apache Denial ofMultiple Products
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion
CVSS Base8.2
â
CRSSelect profile
CVE-2025-67641
8
JenkinsMultiple Products
Jenkins Coverage Plugin 2
CVSS Base8
â
CRSSelect profile
CVE-2025-67635
7.5
JenkinsMultiple Products
Jenkins 2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-1161
7.1
NomySoft InformationMultiple Products
Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc
CVSS Base7.1
â
CRSSelect profile
CVE-2024-2104
8.8
GATTMultiple Products
Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable
CVSS Base8.8
â
CRSSelect profile
CVE-2025-65824
8.8
unauthenticatedMultiple Products
An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmware upgrade using Bluetooth Low Energy (BLE), resulting in the firmware on the device being overwritten with the attacker's code
CVSS Base8.8
â
CRSSelect profile
CVE-2025-44016
8.8
DEXMultiple Products
A vulnerability in TeamViewer DEX Client (former 1E client) - Content Distribution Service (NomadBranch
CVSS Base8.8
â
CRSSelect profile
CVE-2025-14526
8.8
securityMultiple Products
A security flaw has been discovered in Tenda CH22 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-66918
8.8
UnknownMultiple Products
edoc-doctor-appointment-system v1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-13481
8.8
IBMMultiple Products
IBM Aspera Orchestrator 4
CVSS Base8.8
â
CRSSelect profile
CVE-2025-66419
8.8
MaxKBMultiple Products
MaxKB is an open-source AI assistant for enterprise
CVSS Base8.8
â
CRSSelect profile
CVE-2025-66446
8.8
MaxKBMultiple Products
MaxKB is an open-source AI assistant for enterprise
CVSS Base8.8
â
CRSSelect profile
CVE-2025-12716
8.7
versionsMultiple Products
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18
CVSS Base8.7
â
CRSSelect profile
CVE-2025-8405
8.7
versionsMultiple Products
GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17
CVSS Base8.7
â
CRSSelect profile
CVE-2025-67738
8.5
UnknownMultiple Products
squid/cachemgr
CVSS Base8.5
â
CRSSelect profile
CVE-2025-65807
8.4đ
issueMultiple Products
An issue in sd command v1
CVSS Base8.4
â
CRSSelect profile
CVE-2025-14523
8.2
forMultiple Products
A flaw in libsoupâs HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing
CVSS Base8.2
â
CRSSelect profile
CVE-2025-10451
8.2
UncheckedMultiple Products
Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption
CVSS Base8.2
â
CRSSelect profile
CVE-2025-65295
8.1
MultipleMultiple Products
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4
CVSS Base8.1
â
CRSSelect profile
CVE-2025-13148
8.1
IBMMultiple Products
IBM Aspera Orchestrator 4
CVSS Base8.1
â
CRSSelect profile
CVE-2025-12029
8
versionsMultiple Products
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15
CVSS Base8
â
CRSSelect profile
CVE-2025-36923
8
InMultiple Products
In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder
CVSS Base8
â
CRSSelect profile
CVE-2025-36924
8
InMultiple Products
In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement
CVSS Base8
â
CRSSelect profile
CVE-2025-12046
7.8
DLLMultiple Products
A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions
CVSS Base7.8
â
CRSSelect profile
CVE-2025-13152
7.8
OneMultiple Products
A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges
CVSS Base7.8
â
CRSSelect profile
CVE-2025-13155
7.8
BaiyingMultiple Products
An improper permissions vulnerability was reported in Lenovo Baiying Client that could allow a local authenticated user to execute code with elevated privileges
CVSS Base7.8
â
CRSSelect profile
CVE-2025-65199
7.8
commandMultiple Products
A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function
CVSS Base7.8
â
CRSSelect profile
CVE-2025-64701
7.8
QNDMultiple Products
QND Premium/Advance/Standard Ver
CVSS Base7.8
â
CRSSelect profile
CVE-2025-36919
7.8
InMultiple Products
In aocc_read of aoc_channel_dev
CVSS Base7.8
â
CRSSelect profile
CVE-2025-36925
7.8
InMultiple Products
In WAVES_send_data_to_dsp of libaoc_waves
CVSS Base7.8
â
CRSSelect profile
CVE-2025-36927
7.8
GetTachyonCommandMultiple Products
In GetTachyonCommand of tachyon_server_common
CVSS Base7.8
â
CRSSelect profile
CVE-2025-36928
7.8
GetHostAddressMultiple Products
In GetHostAddress of gxp_buffer
CVSS Base7.8
â
CRSSelect profile
CVE-2025-36930
7.8
GetHostAddressMultiple Products
In GetHostAddress of gxp_buffer
CVSS Base7.8
â
CRSSelect profile
CVE-2025-36931
7.8
GetHostAddressMultiple Products
In GetHostAddress of gxp_buffer
CVSS Base7.8
â
CRSSelect profile
CVE-2025-24857
7.6
ImproperMultiple Products
Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017
CVSS Base7.6
â
CRSSelect profile
CVE-2025-13003
7.6
Aksis ComputerMultiple Products
Authorization Bypass Through User-Controlled Key vulnerability in Aksis Computer Services and Consulting Inc
CVSS Base7.6
â
CRSSelect profile
CVE-2025-13124
7.6
Netiket InformationMultiple Products
Authorization Bypass Through User-Controlled Key vulnerability in Netiket Information Technologies Ltd
CVSS Base7.6
â
CRSSelect profile
CVE-2025-13214
7.6
IBMMultiple Products
IBM Aspera Orchestrator 4
CVSS Base7.6
â
CRSSelect profile
CVE-2025-65512
7.5
AMultiple Products
A Server-Side Request Forgery (SSRF) vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0
CVSS Base7.5
â
CRSSelect profile
CVE-2025-65831
7.5
applicationMultiple Products
The application uses an insecure hashing algorithm (MD5) to hash passwords
CVSS Base7.5
â
CRSSelect profile
CVE-2025-65297
7.5
AqaraMultiple Products
Aqara Hub devices including Camera Hub G3 4
CVSS Base7.5
â
CRSSelect profile
CVE-2025-66628
7.5
ImageMagickMultiple Products
ImageMagick is a software suite to create, edit, compose, or convert bitmap images
CVSS Base7.5
â
CRSSelect profile
CVE-2025-12562
7.5
versionsMultiple Products
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11
CVSS Base7.5
â
CRSSelect profile
CVE-2025-55184
7.5
ReactMultiple Products
A pre-authentication denial of service vulnerability exists in React Server Components versions 19
CVSS Base7.5
â
CRSSelect profile
CVE-2025-67779
7.5
ReactMultiple Products
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case
CVSS Base7.5
â
CRSSelect profile
CVE-2025-65290
7.4
AqaraMultiple Products
Aqara Hub devices including Camera Hub G3 4
CVSS Base7.4
â
CRSSelect profile
CVE-2025-65292
7.3
Aqara Hub devicesMultiple Products
Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14514
7.3
ManagementMultiple Products
A flaw has been found in Campcodes Supplier Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14515
7.3
ManagementMultiple Products
A vulnerability has been found in Campcodes Supplier Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14527
7.3
ManagementMultiple Products
A weakness has been identified in projectworlds Advanced Library Management System 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14529
7.3
OnlineMultiple Products
A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14536
7.3
TimetableMultiple Products
A security flaw has been discovered in code-projects Class and Exam Timetable Management 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-14537
7.3
TimetableMultiple Products
A weakness has been identified in code-projects Class and Exam Timetable Management 1
CVSS Base7.3
â
CRSSelect profile
CVE-2025-64988
7.2
withinMultiple Products
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-GetCmContentLocations instruction prior V19