ByteOS Network

NSA

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-6807

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

View Details

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

CVSS Score-5.5||MEDIUM

EPSS-0.01% / 0.32%

7 Day CHG~0.00%

Published-28 Apr, 2026 | 17:41

Updated-29 Apr, 2026 | 15:12

NSA GRASSMARLIN Improper Restriction of XML External Entity Reference

A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process.

Vendor-NSA

Product-GRASSMARLIN

CWE ID-CWE-611

Improper Restriction of XML External Entity Reference

CVE-2026-4946

Assigner-Austin Hackers Anonymous

View Details

Assigner-Austin Hackers Anonymous

CVSS Score-8.8||HIGH

EPSS-0.05% / 15.79%

7 Day CHG~0.00%

Published-29 Mar, 2026 | 19:35

Updated-30 Mar, 2026 | 15:16

NSA Ghidra Auto-Analysis Annotation Command Execution

Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation (which is intended for trusted, user-authored comments) is also parsed in comments generated during auto-analysis (such as CFStrings in Mach-O binaries). This allows a crafted binary to present seemingly benign clickable text which, when clicked, executes attacker-controlled commands on the analyst’s machine.

Vendor-NSA

Product-Ghidra

CWE ID-CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')