18 matches found
CVE-2026-7023
A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...
CVE-2026-7023
A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...
CVE-2026-7023
CVE-2026-7023 : ByteDance coze-studio
CVE-2026-7023 ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection
A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...
EUVD-2026-25698
A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...
CVE-2026-7023 ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection
A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...
CVE-2026-7023
A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/databaseimpl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...
PT-2026-35204
A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be...
coze-studio 注入漏洞
Coze-Studio is an open-source one-stop AI intelligent agent development tool developed by Coze-Dev. Versions of Coze-Studio prior to 0.5.1 had a injection vulnerability. This vulnerability stems from the ExecuteSQL operation in the databaseTool component’s file...
EUVD-2025-26161
Malicious code in bioql PyPI...
CVE-2025-9604
A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...
CVE-2025-9604
A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...
CVE-2025-9604
A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...
CVE-2025-9604 coze-studio aes.go hard-coded key
A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...
CVE-2025-9604 coze-studio aes.go hard-coded key
A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible ...
CVE-2025-9604
CVE-2025-9604 affects coze-studio up to 0.2.4. The vulnerability is in an unknown function within backend/domain/plugin/encrypt/aes.go where manipulation of AuthSecretKey, StateSecretKey, or OAuthTokenSecretKey can lead to use of a hard-coded cryptographic key. Attackers could initiate remotely; ...
PT-2025-35169
Name of the Vulnerable Software and Affected Versions: coze-studio versions up to 0.2.4 Description: A vulnerability exists due to the use of hard-coded cryptographic keys. The issue is located in an unknown function within the backend/domain/plugin/encrypt/aes.go file. Manipulation of the...
Coze Studio 安全漏洞
Coze Studio is an AI Agent visualization and development platform open-sourced by Coze Studio. A security vulnerability exists in Coze Studio 0.2.4 and earlier versions, which originates from the use of hard-coded encryption keys for the parameters AuthSecretKey/StateSecretKey/OAuthTokenSecretKey...