2 matches found
CVE-2023-1647
CVE-2023-1647 affects calcom/cal.com versions prior to 2.7, due to Improper Access Control. Public sources (Red Hat, PRION/PT-Security, OSV/NVD) describe high-severity impact on confidentiality, integrity, and availability. Mitigation: upgrade to version 2.7 or later as recommended by PT-Security...
CVE-2025-66489
Cal.com (open-source scheduling software) versions prior to 5.9.8 are affected by an authentication bypass flaw in the login credentials provider. The issue arises when a non-empty totpCode is supplied, causing the password verification step to be bypassed during login through the /api/auth/callb...