VYPR
Vendor

Nationalsecurityagency

Products
4
CVEs
39
Across products
39
Status
Private

Products

4

Recent CVEs

39
View all 39 CVEs →
  • CVE-2020-6958CriJan 14, 2020
    risk 0.59cvss 9.1epss 0.02

    An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.

  • CVE-2019-13625CriJul 17, 2019
    risk 0.59cvss 9.1epss 0.02

    NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.

  • CVE-2026-52758HigJun 10, 2026
    risk 0.57cvss 8.8epss 0.00

    Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or…

  • CVE-2026-49498HigJun 10, 2026
    risk 0.57cvss 8.8epss 0.00

    Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username…

  • CVE-2021-32096HigMay 7, 2021
    risk 0.57cvss 8.8epss 0.01

    The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter.

  • CVE-2021-32094HigMay 7, 2021
    risk 0.57cvss 8.8epss 0.01

    U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files.

  • CVE-2019-16941CriSep 28, 2019
    risk 0.57cvss 9.8epss 0.05

    NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoR…

  • CVE-2019-13623HigJul 17, 2019
    risk 0.54cvss 7.8epss 0.05

    In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an…

  • CVE-2021-32095HigMay 7, 2021
    risk 0.53cvss 8.1epss 0.01

    U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files.

  • CVE-2026-35580CriApr 7, 2026
    risk 0.52cvss 9.1epss 0.01

    Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflow_dispatch inputs were interpolated directly into shell commands via ${{ }} expression syntax. An attacker with…

  • CVE-2021-32647HigJun 1, 2021
    risk 0.52cvss 8.0epss 0.03

    Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution (RCE). The [`CreatePlace`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a929939fb9f66868382/src/main/java…

  • CVE-2026-52755HigJun 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code…

  • CVE-2026-52752HigJun 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended…

  • CVE-2026-52750HigJun 10, 2026
    risk 0.51cvss 7.8epss 0.01

    Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments…

  • CVE-2019-17665HigOct 16, 2019
    risk 0.51cvss 7.8epss 0.00

    NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.

  • CVE-2019-17664HigOct 16, 2019
    risk 0.51cvss 7.8epss 0.00

    NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try…

  • CVE-2026-52754HigJun 10, 2026
    risk 0.50cvss 8.8epss 0.00

    Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate…

  • CVE-2026-52751HigJun 10, 2026
    risk 0.50cvss 8.8epss 0.01

    Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project,…

  • CVE-2026-35582HigApr 18, 2026
    risk 0.50cvss 8.8epss 0.01

    Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The…

  • CVE-2021-32639HigJul 2, 2021
    risk 0.47cvss 7.2epss 0.01

    Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDirectoryAction` endpoint are vulnerable to SSRF. This vulnerability may lead to…