<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
        xmlns:news="http://www.google.com/schemas/sitemap-news/0.9">
  <url>
    <loc>https://securelayer7.net/lab/clauster-missing-auth-dashboard-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T20:47:58.064Z</news:publication_date>
      <news:title>Clauster: Missing Authentication Bypass on Non-Loopback Dashboard</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-48594-tesla-decompression-bomb-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T00:09:21.479Z</news:publication_date>
      <news:title>CVE-2026-48594: Tesla Middleware Decompression Bomb (DoS)</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-48597-tesla-mint-adapter-atom-exhaustion-url-scheme</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T00:08:08.052Z</news:publication_date>
      <news:title>CVE-2026-48597: Tesla Mint Adapter BEAM Atom Table Exhaustion via Untrusted URL Scheme</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-48862-mint-http2-push-promise-memory-exhaustion</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T23:28:19.577Z</news:publication_date>
      <news:title>CVE-2026-48862: Mint HTTP/2 Client Memory Exhaustion via PUSH_PROMISE Flood</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49476-soupsieve-memory-exhaustion-selector-list</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T14:08:28.197Z</news:publication_date>
      <news:title>CVE-2026-49476: soupsieve Memory Exhaustion via Unbounded Selector List</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49477-soupsieve-redos-selector-parser</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T14:07:58.260Z</news:publication_date>
      <news:title>CVE-2026-49477: soupsieve Regular Expression Denial of Service (ReDoS)</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49485-hl7-fhir-dstu2-redos-fhirpath-matches</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T13:49:29.535Z</news:publication_date>
      <news:title>CVE-2026-49485: org.hl7.fhir.dstu2 FHIRPathEngine ReDoS via Unprotected matches()</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49754-mint-http2-continuation-flood-memory-exhaustion</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T23:28:55.842Z</news:publication_date>
      <news:title>CVE-2026-49754: Mint HTTP/2 CONTINUATION Flood Memory Exhaustion</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49851-mistune-quadratic-dos-parse-link-text</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T00:09:50.192Z</news:publication_date>
      <news:title>CVE-2026-49851: mistune Quadratic-Time DoS in parse_link_text</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49866-libp2p-gossipsub-ihave-iwant-cpu-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T16:08:12.122Z</news:publication_date>
      <news:title>CVE-2026-49866: @libp2p/gossipsub CPU DoS via Oversized IHAVE and IWANT Control Messages</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50551-siyuan-stored-xss-rce-attribute-view-asset-cell</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T20:48:34.331Z</news:publication_date>
      <news:title>CVE-2026-50551: SiYuan Stored XSS to RCE via Attribute View Asset Cell</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50553-note-mark-path-traversal-slug-migrate-export</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T13:50:17.845Z</news:publication_date>
      <news:title>CVE-2026-50553: Note Mark Path Traversal via Unsanitized Book/Note Slug in Migrate Export</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52766-yeswiki-unauthenticated-arbitrary-page-deletion</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T21:28:45.419Z</news:publication_date>
      <news:title>CVE-2026-52766: YesWiki Unauthenticated Arbitrary Page Deletion</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52767-yeswiki-activitypub-signature-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T21:28:12.151Z</news:publication_date>
      <news:title>CVE-2026-52767: YesWiki ActivityPub Signature-Verification Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52769-yeswiki-activitypub-ssrf-keyid</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T21:11:20.877Z</news:publication_date>
      <news:title>CVE-2026-52769: YesWiki Unauthenticated SSRF via ActivityPub Signature keyId</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52770-yeswiki-bazar-api-sql-injection</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T21:10:47.245Z</news:publication_date>
      <news:title>CVE-2026-52770: YesWiki Bazar API Unauthenticated Boolean-Based SQL Injection</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52771-yeswiki-second-order-sql-injection-delete-page</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T21:10:18.889Z</news:publication_date>
      <news:title>CVE-2026-52771: YesWiki Second-Order SQL Injection in Page Delete API</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52778-yeswiki-calcfield-eval-rce-redos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T21:08:01.240Z</news:publication_date>
      <news:title>CVE-2026-52778: YesWiki CalcField Unsafe eval() Remote Code Execution and ReDoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-53727-css-parser-ssrf-local-file-disclosure-import</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T13:48:54.144Z</news:publication_date>
      <news:title>CVE-2026-53727: css_parser SSRF and Local File Disclosure via @import</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54063-excelize-checksheet-oom-panic-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T19:29:30.711Z</news:publication_date>
      <news:title>CVE-2026-54063: Excelize Unbounded Row Allocation DoS in Worksheet Parser</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54066-siyuan-assets-double-url-encoding-path-traversal</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T20:28:06.480Z</news:publication_date>
      <news:title>CVE-2026-54066: SiYuan Unauthenticated Path Traversal via Double URL Encoding in /assets/ (Publish Mode)</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54067-siyuan-css-snippet-xss-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T20:10:39.377Z</news:publication_date>
      <news:title>CVE-2026-54067: SiYuan Stored XSS to RCE via CSS Snippet Style Tag Breakout</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54069-siyuan-chrome-extension-origin-auth-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T19:28:46.280Z</news:publication_date>
      <news:title>CVE-2026-54069: SiYuan Unauthenticated Admin API Access via chrome-extension:// Origin Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54070-siyuan-bazaar-readme-stored-xss-event-handler-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T20:10:02.440Z</news:publication_date>
      <news:title>CVE-2026-54070: SiYuan Stored XSS via Bazaar README Event Handler Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54071-babeldoc-cmap-pickle-deserialization-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T20:08:12.150Z</news:publication_date>
      <news:title>CVE-2026-54071: BabelDOC Arbitrary Code Execution via CMap Pickle Deserialization</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54072-authorizer-open-redirect-oauth2-token-leak</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T19:30:12.069Z</news:publication_date>
      <news:title>CVE-2026-54072: Authorizer Open Redirect Leaks OAuth2 Tokens via Unvalidated redirect_uri</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54089-filebrowser-proxy-auth-header-forgery</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T19:28:08.714Z</news:publication_date>
      <news:title>CVE-2026-54089: File Browser Authentication Bypass via Proxy Header Forgery</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54158-siyuan-stored-xss-rce-attribute-view-genavvaluehtml</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T19:48:11.904Z</news:publication_date>
      <news:title>CVE-2026-54158: SiYuan Stored XSS to RCE via Unescaped Attribute-View Cell Rendering</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54159-ps-facetedsearch-php-object-injection-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T20:49:31.806Z</news:publication_date>
      <news:title>CVE-2026-54159: prestashop/ps_facetedsearch PHP Object Injection via Slider Filter Cache</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54174-apko-data-section-hash-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T21:48:49.362Z</news:publication_date>
      <news:title>CVE-2026-54174: apko Incomplete APK Data Section Integrity Verification</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-56382-craftcms-fieldscontroller-yii2-event-injection-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T13:48:02.176Z</news:publication_date>
      <news:title>CVE-2026-56382: Craft CMS RCE via Yii2 Event Handler Injection in FieldsController</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/exploration-crate-malicious-remote-code-execution</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T20:09:18.883Z</news:publication_date>
      <news:title>exploration: Malicious Remote Code Execution via Embedded Downloader</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/mcp-atlassian-file-read-attachment-upload-path-traversal</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T19:49:30.791Z</news:publication_date>
      <news:title>mcp-atlassian: Arbitrary Server-Side File Read via Attachment Upload Path Traversal</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/micronaut-http-client-infinite-redirect-loop-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T14:09:29.703Z</news:publication_date>
      <news:title>micronaut-http-client Infinite Redirect Loop Denial of Service</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/notrinos-erp-hrm-employee-doc-file-upload-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T19:50:42.625Z</news:publication_date>
      <news:title>NotrinosERP: Authenticated Arbitrary File Upload to Remote Code Execution via HRM Employee Documents</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/phantom-audio-arbitrary-file-write-mcp-path-traversal</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T14:09:00.429Z</news:publication_date>
      <news:title>phantom-audio: Arbitrary File Write and Decode-Bomb DoS via Unconfined MCP Tool Paths</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/safeinstall-cli-agent-guard-shell-parsing-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T19:50:05.438Z</news:publication_date>
      <news:title>safeinstall-cli Agent Guard Shell Parsing Bypass</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/tsdproxy-auth-token-leak-management-api-escalation</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-10T21:48:02.797Z</news:publication_date>
      <news:title>TSDProxy: Internal Auth Token Leaked to Backend Services Enables Management API Takeover</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
</urlset>