CVE-2026-12303

Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

Mozilla Thunderbird < 152.0

The version of Thunderbird installed on the remote Windows host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-60 advisory. - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

Chromium: CVE-2026-11052 Type Confusion in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-11180

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10891

Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

SUSE-SU-2026:21963-1 Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. -...

DEBIAN-CVE-2026-9936

Use after free in GFX in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-9936

Use after free in GFX in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Amazon Linux 2023 : firefox (ALAS2023-2026-1652)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1652 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero. CVE-2026-6654...

Windows Win32k Elevation of Privilege Vulnerability

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...

KLA91026 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution...

Astra Linux – Vulnerability in Firefox

The return value from gfx::SourceSurfaceSkia::Map wasn’t verified, which could potentially lead to a null pointer dereferencing. This vulnerability affects Firefox versions less than 110...

MGASA-2026-0081 Updated thunderbird packages fix security vulnerabilities

Denial-of-service in the XML component. CVE-2025-59375 Spoofing issue in Thunderbird. CVE-2026-3889 Race condition, use-after-free in the Graphics: WebRender component. CVE-2026-4684 Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-4685 Incorrect boundary conditions in...

Amazon Linux 2023 : firefox (ALAS2023-2026-1470)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1470 advisory. Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox 148, Firefox ESR 115.33, and Firefox ESR 140.8. CVE-2026-2757 Use-after-free in the...

Canva Affinity EMF File EMR_POLYDRAW Count Out-Of-Bounds Read Vulnerability

Talos Vulnerability Report TALOS-2025-2301 Canva Affinity EMF File EMRPOLYDRAW Count Out-Of-Bounds Read Vulnerability March 17, 2026 CVE Number CVE-2025-66000 SUMMARY An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an...

CVE-2026-25989

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check instead of = that allows bypass the guard and reach an undefined sizet cast...

CVE-2025-47398 Use After Free in Graphics

Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers...

firefox: thunderbird: Incorrect boundary conditions in the Graphics component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics component...

CVE-2025-65117

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

PT-2026-2648

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 147 Firefox ESR versions prior to 115.32 Firefox ESR versions prior to 140.7 Description The Graphics component contains incorrect boundary conditions. This could lead to potential remote code execution. Recommendatio...