Ghidra, a free, open-source software reverse-engineering tool, has been found to be a potential conduit to remote code-execution. The vulnerability was discovered by researcher with the handle @sghctoma less than 24 hours after the tool was released by the National Security Agency at RSA. Tencent Security researchers said that they found that attackers can chain together an exploit for the vulnerability, the abuse of Java features and the exploitation of known weaknesses in the NTLM protocol in Windows to perform an SMB relay attack.
Source: https://threatpost.com/nsa-ghidra-bug-rce/142937/