cal.com — Vulnerabilities & Security Advisories 4

All 4 CVE vulnerabilities found in cal.com, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-23478	Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback CWE-602	9.8^AI	Critical^AI	2026-01-13
CVE-2025-66489	Cal.com Authentication Bypass via bad TOTP + password checks CWE-303	9.8^AI	Critical^AI	2025-12-03
CVE-2025-31604	WordPress Cal.com plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability CWE-80	6.5	Medium	2025-03-31
CVE-2023-37919	Cal.com not expiring old sessions after enabling 2FA CWE-613	6.5	Medium	2023-07-25

All 4 known CVE vulnerabilities affecting cal.com with full Chinese analysis, references, and POCs where available.