Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

NationalSecurityAgency — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting NationalSecurityAgency. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The NationalSecurityAgency is primarily responsible for signals intelligence and information assurance for the United States. Historically, common vulnerability classes in its systems include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex software architectures. The agency maintains robust security protocols but has faced notable incidents, including the 2013 breach by Edward Snowden and alleged vulnerabilities in its own encryption tools. With 10 CVEs on record, these typically involve legacy systems or third-party integrations rather than core intelligence platforms. The agency's dual mandate of collecting foreign intelligence and securing national communications creates unique security challenges, balancing offensive capabilities with defensive imperatives.

Top products by NationalSecurityAgency: ghidra emissary skills-service
CVE IDTitleCVSSSeverityPublished
CVE-2026-52758 Ghidra < 12.1 - SQL Injection via Unescaped Filter Values in BSim Search — ghidraCWE-89 8.8 High2026-06-10
CVE-2026-52757 Ghidra < 12.1 - Heap-use-after-free in HighVariable::merge() during decompilation — ghidraCWE-416 4.4 Medium2026-06-10
CVE-2026-52756 Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server — ghidraCWE-22 4.8 Medium2026-06-10
CVE-2026-52755 Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import — ghidraCWE-22 7.8 High2026-06-10
CVE-2026-52754 Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule — ghidraCWE-347 8.8 High2026-06-10
CVE-2026-52753 Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol — ghidraCWE-789 5.5 Medium2026-06-10
CVE-2026-52752 Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names — ghidraCWE-22 7.8 High2026-06-10
CVE-2026-52751 Ghidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project Connection — ghidraCWE-502 8.8 High2026-06-10
CVE-2026-52750 Ghidra < 12.1- Command Injection via URL Annotation Click — ghidraCWE-88 7.8 High2026-06-10
CVE-2026-49498 Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username — ghidraCWE-89 8.8 High2026-06-10
CVE-2026-49497 Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution — ghidraCWE-22 3.3 Low2026-06-10
CVE-2026-49496 Ghidra < 12.1 - Heap-Use-After-Free in SleighBuilder::generatePointerAdd via Vector Reallocation — ghidraCWE-416 6.1 Medium2026-06-10
CVE-2026-49495 Ghidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser — ghidraCWE-835 5.5 Medium2026-06-10
CVE-2024-58350 Ghidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order — ghidraCWE-758 2.9 Low2026-06-10
CVE-2026-35582 Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix — emissaryCWE-78 8.8 High2026-04-18
CVE-2026-35583 Emissary has a Path Traversal via Blacklist Bypass in Configuration API — emissaryCWE-22 5.3 Medium2026-04-07
CVE-2026-35581 Emissary has a Command Injection via PLACE_NAME Configuration in Executrix — emissaryCWE-78 7.2 High2026-04-07
CVE-2026-35580 Emissary has GitHub Actions Shell Injection via Workflow Inputs — emissaryCWE-77 9.1 Critical2026-04-07
CVE-2026-35571 Emissary has Stored XSS via Navigation Template Link Injection — emissaryCWE-79 4.8 Medium2026-04-07
CVE-2025-27508 Emissary Use of a Broken or Risky Cryptographic Algorithm — emissaryCWE-327 7.5 High2025-03-05
CVE-2024-39326 SkillTree CSRF Vulnerability allows an attacker to modify the Video and Captions of a Skill — skills-serviceCWE-352 4.4 Medium2024-07-02
CVE-2021-32639 Server-Side Request Forgery (SSRF) in emissary:emissary — emissaryCWE-918 7.2 High2021-07-02
CVE-2021-32647 Post-authentication Remote Code Execution (RCE) in emissary:emissary — emissaryCWE-74 8.0 High2021-05-28
CVE-2021-32634 Deserialization of Untrusted Data in Emissary — emissaryCWE-502 7.2 High2021-05-21

This page lists every published CVE security advisory associated with NationalSecurityAgency. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.