<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
        xmlns:news="http://www.google.com/schemas/sitemap-news/0.9">
  <url>
    <loc>https://blog.securelayer7.net/application-penetration-testing/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T11:22:39.000Z</news:publication_date>
      <news:title>Application Penetration Testing: Complete Guide</news:title>
      <news:keywords>Security News</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://blog.securelayer7.net/continuous-threat-exposure-management-ctem/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T06:37:53.000Z</news:publication_date>
      <news:title>Continuous Threat Exposure Management (CTEM) Explained</news:title>
      <news:keywords>Security News</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://blog.securelayer7.net/cve-2026-20230-cisco-unified-cm-rce/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T04:25:43.000Z</news:publication_date>
      <news:title>Cisco Unified CM Pre-Auth RCE — When the Phone System Becomes the Attacker’s Foothold</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-45378-decidim-verifications-unauthenticated-signed-storage-url</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T17:30:23.414Z</news:publication_date>
      <news:title>CVE-2026-45378: decidim-verifications Unauthenticated Access to Signed Identity Document URLs</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-45414-decidim-jwt-cross-organization-auth-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T17:29:50.140Z</news:publication_date>
      <news:title>CVE-2026-45414: Decidim JWT Cross-Organization Authentication Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-47677-facturascripts-2fa-bypass-account-takeover</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T23:48:40.218Z</news:publication_date>
      <news:title>CVE-2026-47677: FacturaScripts 2FA Endpoint Authentication Bypass and Account Takeover</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-48118-nukeviet-reflected-xss-comment-status-base64</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T17:28:39.550Z</news:publication_date>
      <news:title>CVE-2026-48118: NukeViet Unauthenticated Reflected XSS via Base64-Encoded Comment Status Parameter</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49259-nukeviet-stored-xss-comment-reply</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T17:28:01.128Z</news:publication_date>
      <news:title>CVE-2026-49259: NukeViet CMS Stored XSS via Comment Reply Handler</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52824-kimai-docker-default-app-secret-cookie-forgery</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T00:28:04.225Z</news:publication_date>
      <news:title>CVE-2026-52824: Kimai Docker Default APP_SECRET Enables Cookie Forgery and Account Takeover</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52827-kimai-2fa-totp-bypass-session-cookie</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T00:48:03.845Z</news:publication_date>
      <news:title>CVE-2026-52827: Kimai 2FA TOTP Bypass via Pre-Verification Session Cookie</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54064-nukeviet-stored-xss-filter-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:09:01.585Z</news:publication_date>
      <news:title>CVE-2026-54064: NukeViet CMS Multiple Anti-XSS Filter Bypasses Leading to Stored XSS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54065-nukeviet-path-traversal-arbitrary-file-deletion</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:08:25.121Z</news:publication_date>
      <news:title>CVE-2026-54065: NukeViet Path Traversal to Arbitrary File Deletion</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55372-nukeviet-preauth-ssrf-x-forwarded-host</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:07:58.923Z</news:publication_date>
      <news:title>CVE-2026-55372: NukeViet Pre-auth SSRF via X-Forwarded-Host</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-59954-apollo-configservice-accesskey-appid-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:28:02.445Z</news:publication_date>
      <news:title>CVE-2026-59954: Apollo ConfigService AccessKey Authentication Bypass via Non-Canonical appId</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-61668-dirac-pilotwrapper-tls-certificate-validation-mitm</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:48:48.428Z</news:publication_date>
      <news:title>CVE-2026-61668: DIRAC PilotWrapper Disabled TLS Certificate Validation</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/json-repair-circular-ref-infinite-loop-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T23:47:53.793Z</news:publication_date>
      <news:title>json-repair Circular JSON Schema $ref Infinite Loop DoS</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
</urlset>