Wiz Leads the 2026 Latio Application Security Report with awards in 4 categories

Wiz has been recognized in the 2026 Latio Application Security Report. Wiz was spotlighted and awarded four distinct badges, reflecting our continuous commitment to protecting applications all the way from code to runtime...

GO-2026-4517 Kata Container to Guest micro VM privilege escalation in github.com/kata-containers/kata-containers/src/runtime

Kata Container to Guest micro VM privilege escalation in github.com/kata-containers/kata-containers/src/runtime...

CVE-2026-21434 vulnerabilities

Vulnerabilities for packages: ipfs-cluster, spegel-fips, rke2-runtime, ipfs-cluster-fips, k3s, spegel, kubo...

GHSA-PX4R-G4P3-HHQV vulnerabilities

Vulnerabilities for packages: ipfs-cluster, spegel-fips, rke2-runtime, ipfs-cluster-fips, k3s, spegel, kubo...

CVE-2026-21438 vulnerabilities

Vulnerabilities for packages: ipfs-cluster, spegel-fips, rke2-runtime, ipfs-cluster-fips, k3s, spegel, kubo...

GHSA-G6X7-JQ8P-6Q9Q vulnerabilities

Vulnerabilities for packages: ipfs-cluster, spegel-fips, rke2-runtime, ipfs-cluster-fips, k3s, spegel, kubo...

GHSA-2F2X-8MWP-P2GC vulnerabilities

Vulnerabilities for packages: ipfs-cluster, spegel-fips, rke2-runtime, ipfs-cluster-fips, k3s, spegel, kubo...

CVE-2026-21435 vulnerabilities

Vulnerabilities for packages: ipfs-cluster, spegel-fips, rke2-runtime, ipfs-cluster-fips, k3s, spegel, kubo...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime (CVE-2026-21945,CVE-2026-21932,CVE-2026-21933, CVE-2026-21925 & CVE-2026-1188))

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause...

OSV-2026-292 UNKNOWN WRITE in <wasmtime::runtime::func::Func>::call_unchecked_raw::<

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486503337 Crash type: UNKNOWN WRITE Crash state: ::calluncheckedraw::::queuecall...

Agentic AI As a Cybersecurity Attack Surface: Threats, Exploits, and Defenses in Runtime Supply Chains

Agentic systems built on large language models LLMs extend beyond text generation to autonomously retrieve information and invoke tools. This runtime execution model shifts the attack surface from build-time artifacts to inference-time dependencies, exposing agents to manipulation through untrust...

CVE-2026-27484

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling timeout, kick, ban uses sender identity from request parameters in tool-driven flows, instead of trusted runtime sender context. In setups where Discord moderation actions are enabled and...

CVE-2026-27190

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

CVE-2026-27212

CVE-2026-27212 affects the npm package swiper (versions 6.5.1 through 12.1.1). The vulnerability is a prototype pollution in shared/utils.mjs where indexOf() checks input against forbidden strings; crafted input can pollute Object.prototype via Array.prototype, despite a prior mitigation. This ca...

CVE-2026-27212

Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf function is used to check whether user provided...

CVE-2026-27002

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...

CVE-2026-27190

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

CVE-2026-27190

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

CVE-2026-21620

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...

CVE-2026-21620 TFTP Path Traversal

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...