目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

nationalsecurityagency 厂商漏洞列表 / CVE 中文分析 24

nationalsecurityagency 厂商相关 24 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

美国国家安全局负责国家级网络安全与情报工作,开发的安全工具被广泛用于系统防护。其产品常见漏洞包括远程代码执行、权限提升和配置错误等安全风险。2020年,其开源工具EDGAR曾被发现存在路径遍历漏洞,可导致未授权访问。该机构持续推动加密标准制定,但其部分工具因后门嫌疑引发争议,需谨慎评估安全风险。

上位製品 nationalsecurityagency: ghidra emissary skills-service
CVE IDタイトルCVSS深刻度公開日
CVE-2026-52758 Ghidra < 12.1 - SQL Injection via Unescaped Filter Values in BSim Search — ghidraCWE-89 8.8 High2026-06-10
CVE-2026-52757 Ghidra < 12.1 - Heap-use-after-free in HighVariable::merge() during decompilation — ghidraCWE-416 4.4 Medium2026-06-10
CVE-2026-52756 Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server — ghidraCWE-22 4.8 Medium2026-06-10
CVE-2026-52755 Ghidra < 12.0.4 - Path Traversal via Zip Slip in Theme Import — ghidraCWE-22 7.8 High2026-06-10
CVE-2026-52754 Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule — ghidraCWE-347 8.8 High2026-06-10
CVE-2026-52753 Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol — ghidraCWE-789 5.5 Medium2026-06-10
CVE-2026-52752 Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names — ghidraCWE-22 7.8 High2026-06-10
CVE-2026-52751 Ghidra < 12.1 - Remote Code Execution via Unfiltered RMI Deserialization in Shared Project Connection — ghidraCWE-502 8.8 High2026-06-10
CVE-2026-52750 Ghidra < 12.1- Command Injection via URL Annotation Click — ghidraCWE-88 7.8 High2026-06-10
CVE-2026-49498 Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username — ghidraCWE-89 8.8 High2026-06-10
CVE-2026-49497 Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution — ghidraCWE-22 3.3 Low2026-06-10
CVE-2026-49496 Ghidra < 12.1 - Heap-Use-After-Free in SleighBuilder::generatePointerAdd via Vector Reallocation — ghidraCWE-416 6.1 Medium2026-06-10
CVE-2026-49495 Ghidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser — ghidraCWE-835 5.5 Medium2026-06-10
CVE-2024-58350 Ghidra < 11.2 - Use After Free in Sleigh Backend via Static Initialization Order — ghidraCWE-758 2.9 Low2026-06-10
CVE-2026-35582 Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix — emissaryCWE-78 8.8 High2026-04-18
CVE-2026-35583 Emissary has a Path Traversal via Blacklist Bypass in Configuration API — emissaryCWE-22 5.3 Medium2026-04-07
CVE-2026-35581 Emissary has a Command Injection via PLACE_NAME Configuration in Executrix — emissaryCWE-78 7.2 High2026-04-07
CVE-2026-35580 Emissary has GitHub Actions Shell Injection via Workflow Inputs — emissaryCWE-77 9.1 Critical2026-04-07
CVE-2026-35571 Emissary has Stored XSS via Navigation Template Link Injection — emissaryCWE-79 4.8 Medium2026-04-07
CVE-2025-27508 Emissary Use of a Broken or Risky Cryptographic Algorithm — emissaryCWE-327 7.5 High2025-03-05
CVE-2024-39326 SkillTree CSRF Vulnerability allows an attacker to modify the Video and Captions of a Skill — skills-serviceCWE-352 4.4 Medium2024-07-02
CVE-2021-32639 Server-Side Request Forgery (SSRF) in emissary:emissary — emissaryCWE-918 7.2 High2021-07-02
CVE-2021-32647 Post-authentication Remote Code Execution (RCE) in emissary:emissary — emissaryCWE-74 8.0 High2021-05-28
CVE-2021-32634 Deserialization of Untrusted Data in Emissary — emissaryCWE-502 7.2 High2021-05-21

本页汇总了 nationalsecurityagency 厂商截至目前公开的全部 24 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。