VYPR

Vendor CVEs

Nationalsecurityagency

All CVEs

39 total · sorted by risk
  • CVE-2020-6958CriJan 14, 2020
    risk 0.59cvss 9.1epss 0.02

    An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.

  • CVE-2019-13625CriJul 17, 2019
    risk 0.59cvss 9.1epss 0.02

    NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.

  • CVE-2026-52758HigJun 10, 2026
    risk 0.57cvss 8.8epss 0.00

    Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or…

  • CVE-2026-49498HigJun 10, 2026
    risk 0.57cvss 8.8epss 0.00

    Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username…

  • CVE-2021-32096HigMay 7, 2021
    risk 0.57cvss 8.8epss 0.01

    The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter.

  • CVE-2021-32094HigMay 7, 2021
    risk 0.57cvss 8.8epss 0.01

    U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files.

  • CVE-2019-16941CriSep 28, 2019
    risk 0.57cvss 9.8epss 0.05

    NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoR…

  • CVE-2019-13623HigJul 17, 2019
    risk 0.54cvss 7.8epss 0.05

    In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an…

  • CVE-2021-32095HigMay 7, 2021
    risk 0.53cvss 8.1epss 0.01

    U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files.

  • CVE-2026-35580CriApr 7, 2026
    risk 0.52cvss 9.1epss 0.01

    Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflow_dispatch inputs were interpolated directly into shell commands via ${{ }} expression syntax. An attacker with…

  • CVE-2021-32647HigJun 1, 2021
    risk 0.52cvss 8.0epss 0.03

    Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution (RCE). The [`CreatePlace`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a929939fb9f66868382/src/main/java…

  • CVE-2026-52755HigJun 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code…

  • CVE-2026-52752HigJun 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended…

  • CVE-2026-52750HigJun 10, 2026
    risk 0.51cvss 7.8epss 0.01

    Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments…

  • CVE-2019-17665HigOct 16, 2019
    risk 0.51cvss 7.8epss 0.00

    NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.

  • CVE-2019-17664HigOct 16, 2019
    risk 0.51cvss 7.8epss 0.00

    NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try…

  • CVE-2026-52754HigJun 10, 2026
    risk 0.50cvss 8.8epss 0.00

    Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate…

  • CVE-2026-52751HigJun 10, 2026
    risk 0.50cvss 8.8epss 0.01

    Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project,…

  • CVE-2026-35582HigApr 18, 2026
    risk 0.50cvss 8.8epss 0.01

    Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The…

  • CVE-2021-32639HigJul 2, 2021
    risk 0.47cvss 7.2epss 0.01

    Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDirectoryAction` endpoint are vulnerable to SSRF. This vulnerability may lead to…

  • CVE-2025-27508HigMar 5, 2025
    risk 0.42cvss 7.5epss 0.00

    Emissary is a P2P based data-driven workflow engine. The ChecksumCalculator class within allows for hashing and checksum generation, but it includes or defaults to algorithms that are no longer recommended for secure cryptographic use cases (e.g., SHA-1, CRC32, and SSDEEP).…

  • CVE-2021-32093MedMay 7, 2021
    risk 0.42cvss 6.5epss 0.01

    The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files via the ConfigName parameter.

  • CVE-2026-35581HigApr 7, 2026
    risk 0.40cvss 7.2epss 0.01

    Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACE_NAME parameter — with insufficient sanitization. Only spaces were replaced with…

  • CVE-2021-32092MedMay 7, 2021
    risk 0.40cvss 6.1epss 0.01

    A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid parameter.

  • CVE-2026-52759MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser…

  • CVE-2026-52753MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes…

  • CVE-2026-49495MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth…

  • CVE-2026-49496MedJun 10, 2026
    risk 0.33cvss 6.1epss 0.00

    Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries…

  • CVE-2026-52756MedJun 10, 2026
    risk 0.31cvss 4.8epss 0.00

    Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send…

  • CVE-2026-35583MedApr 7, 2026
    risk 0.27cvss 5.3epss 0.00

    Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint (/api/configuration/{name}) validated configuration names using a blacklist approach that checked for \, /, .., and trailing .. This could potentially be bypassed using…

  • CVE-2026-35571MedApr 7, 2026
    risk 0.24cvss 4.8epss 0.00

    Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could…

  • CVE-2026-52757MedJun 10, 2026
    risk 0.22cvss 4.4epss 0.00

    Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap…

  • CVE-2024-39326MedJul 2, 2024
    risk 0.22cvss 4.4epss 0.00

    SkillTree is a micro-learning gamification platform. Prior to version 2.12.6, the endpoint `/admin/projects/{projectname}/skills/{skillname}/video` (and probably others) is open to a cross-site request forgery (CSRF) vulnerability. Due to the endpoint being CSRFable e.g POST…

  • CVE-2026-49497LowJun 10, 2026
    risk 0.21cvss 3.3epss 0.00

    Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem…

  • CVE-2024-58350LowJun 10, 2026
    risk 0.19cvss 2.9epss 0.00

    Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during…

  • CVE-2026-4946Mar 29, 2026
    risk 0.00cvss epss 0.00

    Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted,…

  • CVE-2023-22671CriJan 6, 2023
    risk 0.00cvss 9.8epss 0.03

    Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.

  • CVE-2021-32634HigMay 21, 2021
    risk 0.00cvss 7.2epss 0.01

    Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the [`WorkSpaceClientEnqueue.action`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a92…

  • CVE-2001-0073Feb 12, 2001
    risk 0.00cvss epss 0.00

    Buffer overflow in the find_default_type function in libsecure in NSA Security-enhanced Linux, which may allow attackers to modify critical data in memory.