38 matches found
Exploit for CVE-2026-23478
🔐 CVE-2026-23478 — Critical Authentication Bypass !Critical...
CVE-2026-23478
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...
CVE-2026-23478
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...
EUVD-2026-2413
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...
CVE-2026-23478 Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...
CVE-2026-23478 Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...
CVE-2026-23478
Cal.com CVE-2026-23478 affects versions 3.1.6–6.0.6. Root cause: improper server-side validation in a custom NextAuth JWT callback that trusts client-supplied data during session.update(), enabling an unauthenticated attacker to fully impersonate any user. Impact: total account takeover with acce...
CVE-2026-23478 Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...
Cal.com 安全漏洞
Cal.com is an open source scheduling software from Cal.com Open Source. A security vulnerability exists in Cal.com versions 3.1.6 through prior to 6.0.7, which stems from a flaw in the custom NextAuth JWT callback that could allow an attacker to gain full authentication access to any user account...
CVE-2025-66489
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...
CVE-2025-66489
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...
CVE-2025-66489 Cal.com Authentication Bypass via bad TOTP + password checks
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...
CVE-2025-66489 Cal.com Authentication Bypass via bad TOTP + password checks
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...
CVE-2025-66489 Cal.com Authentication Bypass via bad TOTP + password checks
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in...
CVE-2025-66489
Cal.com (open-source scheduling software) versions prior to 5.9.8 are affected by an authentication bypass flaw in the login credentials provider. The issue arises when a non-empty totpCode is supplied, causing the password verification step to be bypassed during login through the /api/auth/callb...
Cal.com 安全漏洞
Cal.com is an open source scheduling software from Cal.com Open Source. A security vulnerability exists in Cal.com versions prior to 5.9.8 that stems from a logic flaw in the login credentials provider that could lead to bypassing password authentication and unauthorized access...
EUVD-2025-8796
Malicious code in bioql PyPI...
EUVD-2023-23876
Malicious code in bioql PyPI...
CVE-2023-37919
Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after enabling 2FA. When activating 2FA on a Cal.com account that is logged in on two or more devices, the account stays logged in on the other devices stays logged ...
CVE-2023-1647
Improper Access Control in GitHub repository calcom/cal.com prior to 2.7...