545 matches found
CVE-2026-8967
Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...
CVE-2026-8967
CVE-2026-8967 affects Mozilla graphics stack via the Graphics: WebGPU component, leading to information disclosure. Public documentation in connected sources indicates the vulnerability was fixed in Firefox 151 and Thunderbird 151, with affected products listed as Mozilla Thunderbird and Mozilla ...
CVE-2026-8967 Information disclosure in the Graphics: WebGPU component
Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...
CVE-2026-8967
Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...
Mozilla Firefox和Mozilla Thunderbird 安全漏洞
Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...
MAL-2026-3969 Malicious code in @antv/g-webgpu-core (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
7qb (=0.0.17), @4399ywkf/ui (=3.0.0-alpha.0) +568 more potentially affected by unknown CVE via @antv/g-webgpu-engine (>=0.1.2 <=0.7.2)
@antv/g-webgpu-engine NPM version =0.1.2, =0.1.1, =0.1.2, =1.1.15, =1.0.5, =1.0.5, =1.0.5, =1.1.26, =0.2.11-dev-1, =0.1.0, =1.0.14, =1.0.1, =1.0.0-beta.3, =1.5.0-beta.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3970...
MAL-2026-3968 Malicious code in @antv/g-webgpu-compiler (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
@antv/g-webgpu (>=0.1.0-alpha.0 <=0.4.1), @antv/g-webgpu-core (>=0.1.0-alpha.0 <=0.4.1) +2 more potentially affected by unknown CVE via @antv/g-webgpu-compiler (>=0.1.2 <=0.6.0)
@antv/g-webgpu-compiler NPM version =0.1.2, =0.1.0-alpha.0, =0.1.0-alpha.0, =0.1.0-alpha.0, =0.5.0, =0.6.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3968...
MAL-2026-3967 Malicious code in @antv/g-webgpu (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3972 Malicious code in @antv/g-webgpu-unitchart (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
7qb (=0.0.17), @4399ywkf/ui (=3.0.0-alpha.0) +570 more potentially affected by unknown CVE via @antv/g-webgpu-core (>=0.1.2 <=0.7.2)
@antv/g-webgpu-core NPM version =0.1.2, =0.1.1, =0.1.2, =1.1.15, =1.0.5, =1.0.5, =1.0.5, =1.1.26, =0.2.11-dev-1, =0.1.0, =1.0.14, =1.0.1, =1.0.0-beta.3, =1.5.0-beta.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3969...
@antv/g-mobile-webgl (>=1.0.0 <=1.1.1), @antv/g-plugin-3d (>=2.0.0 <=2.1.1) +7 more potentially affected by unknown CVE via @antv/g-shader-components (>=2.0.0 <=2.0.1-beta.0)
@antv/g-shader-components NPM version =2.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.2.0, =0.1.0, =1.0.2, =1.0.8 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3961...
MAL-2026-3957 Malicious code in @antv/g-plugin-webgpu-device (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
SUSE SLES12 Security Update : Mesa (SUSE-SU-2026:1844-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1844-1 advisory. This update for Mesa fixes the following issue: - CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated...
SUSE SLED15 / SLES15 Security Update : Mesa (SUSE-SU-2026:1845-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1845-1 advisory. This update for Mesa fixes the following issue: - CVE-2026-40393: out-of-bounds memory access can occur in WebGPU becau...
SUSE SLED15 / SLES15 Security Update : Mesa (SUSE-SU-2026:1835-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1835-1 advisory. This update for Mesa fixes the following issue: - CVE-2026-40393: out-of-bounds memory access can occur in WebGPU becau...
SUSE SLED15 / SLES15 Security Update : Mesa (SUSE-SU-2026:1839-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1839-1 advisory. This update for Mesa fixes the following issue: - CVE-2026-40393: out-of-bounds memory access can occur in WebGPU becau...
Security update for Mesa
This update for Mesa fixes the following issue: CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party bsc1261998. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...