CVE-2026-23478
- EPSS 0.1%
- Veröffentlicht 13.01.2026 21:37:35
- Zuletzt bearbeitet 03.02.2026 19:29:07
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via s...
CVE-2025-66489
- EPSS 0.15%
- Veröffentlicht 03.12.2025 19:44:35
- Zuletzt bearbeitet 13.02.2026 16:03:36
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue...
CVE-2023-37919
- EPSS 0.11%
- Veröffentlicht 25.07.2023 21:15:10
- Zuletzt bearbeitet 21.11.2024 08:12:28
Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after enabling 2FA. When activating 2FA on a Cal.com account that is logged in on two or more devices, the account sta...
CVE-2023-1647
- EPSS 0.1%
- Veröffentlicht 27.03.2023 01:15:07
- Zuletzt bearbeitet 21.11.2024 07:39:37
Improper Access Control in GitHub repository calcom/cal.com prior to 2.7.