All 3 CVE vulnerabilities found in cal.diy, with AI-generated Chinese analysis, references, and POCs.
Vendor: calcom
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-9349 | calcom cal.diy Generic React API bookings-single-view.getServerSideProps.tsx getServerSideProps information disclosure CWE-200 | 5.3 | Medium | 2026-05-24 |
| CVE-2026-9304 | calcom cal.diy Logo API route.ts validateUrlForSSRF server-side request forgery CWE-918 | 5.0 | Medium | 2026-05-23 |
| CVE-2026-9303 | calcom cal.diy cross-site request forgery CWE-352 | 4.3 | Medium | 2026-05-23 |
All 3 known CVE vulnerabilities affecting cal.diy with full Chinese analysis, references, and POCs where available.