Lucene search
K

12 matches found

Cvelist
Cvelist
added 2026/06/10 12:38 p.m.33 views

CVE-2026-49498 Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username

Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in...

8.8CVSS0.00259EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 12:37 p.m.9 views

CVE-2026-49496 Ghidra < 12.1 - Heap-Use-After-Free in SleighBuilder::generatePointerAdd via Vector Reallocation

Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vector. Attackers can trigger memory corruption by decompiling malicious binaries through the public...

6.9CVSS5.5AI score0.00169EPSS
Exploits1References3
CVE
CVE
added 2026/06/10 12:37 p.m.23 views

CVE-2026-49496

Ghidra

6.9CVSS5.5AI score0.00169EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/10 12:36 p.m.10 views

CVE-2026-49495 Ghidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 12:36 p.m.11 views

EUVD-2026-36004

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48413

Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names in binaries to trigger exponential memory allocation, causing process crashes during binary...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

NSA Ghidra 安全漏洞

NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Previous versions of NSA Ghidra, such as version 12.1, contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the...

6.7CVSS5.4AI score0.00151EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

National Security Agency Ghidra 安全漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to version 11.2 contained security vulnerabilities. These vulnerabilities were caused by an undefined static initialization...

4CVSS5.4AI score0.0011EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/29 7:35 p.m.24 views

CVE-2026-4946 NSA Ghidra Auto-Analysis Annotation Command Execution

Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation which is intended for trusted, user-authored comments is...

8.8CVSS0.00379EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-7970

Malware in sbrugna...

7.8CVSS7.6AI score0.00488EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-5057

Malware in sbrugna...

9.4CVSS9.3AI score0.02404EPSS
Exploits1References4
OSV
OSV
added 2019/10/16 8:15 p.m.15 views

CVE-2019-17665

NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory...

7.8CVSS7AI score
Exploits0References1
Rows per page
Query Builder