Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

RedhatCVE
RedhatCVEadded 2026/05/26 8:14 p.m.13 views

CVE-2026-9303

A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...

5.3CVSS5.3AI score0.00191EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/24 2:30 a.m.5 views

CVE-2026-9349 calcom cal.diy Generic React API bookings-single-view.getServerSideProps.tsx getServerSideProps information disclosure

A vulnerability was determined in calcom cal.diy up to 4.9.4. Affected by this issue is the function getServerSideProps of the file apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the component Generic React API. This manipulation of the argument...

6.9CVSS5.7AI score0.004EPSS
Exploits0References4
CVE
CVEadded 2026/05/24 2:30 a.m.34 views

CVE-2026-9349

CVE-2026-9349 affects cal.com (cal.diy) up to version 4.9.4, specifically the function getServerSideProps in apps/web/modules/bookings/views/bookings-single-view.getServerSideProps.tsx of the Generic React API. The issue arises from manipulation of the arguments cancelledBy and rescheduledBy, lea...

6.9CVSS5.7AI score0.004EPSS
Exploits0References4
CVE
CVEadded 2026/05/23 1:30 p.m.27 views

CVE-2026-9303

The CVE-2026-9303 entry concerns calcom cal.diy up to version 4.9.4. The vulnerability affects an unknown function and enables cross-site request forgery. It can be triggered remotely, and a public exploit is available. The vendor was contacted but did not respond. No remediation details are prov...

5.3CVSS5.3AI score0.00191EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/05/23 1:30 p.m.12 views

CVE-2026-9303 calcom cal.diy cross-site request forgery

A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...

5.3CVSS0.00191EPSS
Exploits0References6
Rows per page
Query Builder