Every CVE whose affected-product data names Cal Cal.com, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-66489 — CVSS 9.8 (critical): Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password…
CVE-2026-23478 — CVSS 9.8 (critical): Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that…
CVE-2023-37919 — CVSS 6.5 (medium): Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after…