Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization
Tendenci
NVD
GitHub
CVSS 3.1
9.8
EPSS
1.3%