38 matches found
Exploit for CVE-2026-23478
🔐 CVE-2026-23478 — Critical Authentication Bypass !Critical...
CVE-2026-23478
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...
CVE-2026-23478
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...
EUVD-2026-2413
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...
CVE-2026-23478 Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...
CVE-2026-23478 Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...
CVE-2026-23478 Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...
CVE-2026-23478
Cal.com CVE-2026-23478 affects versions 3.1.6–6.0.6. Root cause: improper server-side validation in a custom NextAuth JWT callback that trusts client-supplied data during session.update(), enabling an unauthenticated attacker to fully impersonate any user. Impact: total account takeover with acce...
Cal.com 安全漏洞
Cal.com is an open source scheduling software from Cal.com Open Source. A security vulnerability exists in Cal.com versions 3.1.6 through prior to 6.0.7, which stems from a flaw in the custom NextAuth JWT callback that could allow an attacker to gain full authentication access to any user account...
CVE-2025-66489
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...
CVE-2025-66489
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...
CVE-2025-66489 Cal.com Authentication Bypass via bad TOTP + password checks
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...
CVE-2025-66489 Cal.com Authentication Bypass via bad TOTP + password checks
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...
CVE-2025-66489
Cal.com (open-source scheduling software) versions prior to 5.9.8 are affected by an authentication bypass flaw in the login credentials provider. The issue arises when a non-empty totpCode is supplied, causing the password verification step to be bypassed during login through the /api/auth/callb...
CVE-2025-66489 Cal.com Authentication Bypass via bad TOTP + password checks
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...
Cal.com 安全漏洞
Cal.com is an open source scheduling software from Cal.com Open Source. A security vulnerability exists in Cal.com versions prior to 5.9.8 that stems from a logic flaw in the login credentials provider that could lead to bypassing password authentication and unauthorized access...
EUVD-2025-8796
Malicious code in bioql PyPI...
EUVD-2023-23876
Malicious code in bioql PyPI...
CVE-2023-37919
Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after enabling 2FA. When activating 2FA on a Cal.com account that is logged in on two or more devices, the account stays logged in on the other devices stays logged ...
CVE-2023-1647
Improper Access Control in GitHub repository calcom/cal.com prior to 2.7...