VYPR

Coze Studio

by Coze

Source repositories

CVEs (2)

  • CVE-2026-7023MedApr 26, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the component databaseTool. Performing a manipulation results in sql injection. The…

  • CVE-2025-9604LowAug 29, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic…