ByteOS Network

ByteDance

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-7023

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.3||MEDIUM

EPSS-0.03% / 7.32%

7 Day CHG~0.00%

Published-26 Apr, 2026 | 06:30

Updated-26 Apr, 2026 | 07:16

ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection

A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-ByteDance

Product-coze-studio

CWE ID-CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2026-6878

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-6.3||MEDIUM

EPSS-0.04% / 11.69%

7 Day CHG~0.00%

Published-23 Apr, 2026 | 00:00

Updated-23 Apr, 2026 | 14:28

ByteDance verl grader.py math_equal sandbox

A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-ByteDance

Product-verl