<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
        xmlns:news="http://www.google.com/schemas/sitemap-news/0.9">
  <url>
    <loc>https://blog.securelayer7.net/external-attack-surface-management-easm/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-07T12:08:47.000Z</news:publication_date>
      <news:title>External Attack Surface Management (EASM): A Practical Guide</news:title>
      <news:keywords>Security News</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://blog.securelayer7.net/prompt-injection-attacks/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-07T08:26:03.000Z</news:publication_date>
      <news:title>Prompt Injection Attacks: Risks, Examples &amp;#038; Prevention</news:title>
      <news:keywords>Security News</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://blog.securelayer7.net/cve-2026-44963-veeam-backup-authenticated-rce-binaryformatter-bypass/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T07:14:03.000Z</news:publication_date>
      <news:title>CVE-2026-44963: Veeam Backup &amp;#8211; Authenticated Domain User to RCE via BinaryFormatter Blacklist Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/9router-unauthenticated-provider-crud-api-key-leak</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T21:35:25.826Z</news:publication_date>
      <news:title>9router: Unauthenticated CRUD on Provider API and Full API Key Leak</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2022-46292-openbabel-mopac-unit-cell-translation-oob-write</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T16:47:54.581Z</news:publication_date>
      <news:title>CVE-2022-46292: Open Babel MOPAC Output Parser Out-of-Bounds Write (UNIT CELL TRANSLATION)</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-27823-egroupware-smallpart-rce-auth-bypass-path-traversal</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-07T13:09:48.723Z</news:publication_date>
      <news:title>CVE-2026-27823: EGroupware SmallPART Remote Code Execution via Auth Bypass and Path Traversal</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-33655-new-api-ssrf-hostname-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-07T13:09:06.627Z</news:publication_date>
      <news:title>CVE-2026-33655: new-api SSRF Protection Bypass via Unresolved Hostname</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-34151-xwiki-skin-path-traversal-jetty12</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-07T13:08:35.174Z</news:publication_date>
      <news:title>CVE-2026-34151: XWiki Platform Old Core Path Traversal via /skin/ Endpoint on Jetty 12</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-35338-uu-chmod-preserve-root-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T17:47:53.358Z</news:publication_date>
      <news:title>CVE-2026-35338: uu_chmod --preserve-root Bypass via Unresolved Path</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-35341-uu-mkfifo-permission-overwrite-existing-file</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T22:07:56.927Z</news:publication_date>
      <news:title>CVE-2026-35341: uu_mkfifo Unauthorized Permission Overwrite on Existing Files</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-40187-egroupware-etemplate-eval-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-07T13:07:57.344Z</news:publication_date>
      <news:title>CVE-2026-40187: EGroupware Authenticated RCE via eTemplate eval Injection</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49445-cilium-envoy-admin-socket-world-accessible</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T17:07:56.761Z</news:publication_date>
      <news:title>CVE-2026-49445: Cilium Envoy Admin Socket World-Accessible Permission Misconfiguration</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-53486-xhmikosr-decompress-path-traversal-symlink-hardlink</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T20:49:55.820Z</news:publication_date>
      <news:title>CVE-2026-53486: @xhmikosr/decompress Path Traversal, Symlink Escape, and Setuid File Creation</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54496-halo2-gadgets-orchard-underconstrained-base-point</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T21:28:17.295Z</news:publication_date>
      <news:title>CVE-2026-54496: halo2_gadgets Variable-Base Scalar Multiplication Under-Constrained Base Point</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54640-openremote-knxprotocol-xxe-file-read</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T21:11:50.073Z</news:publication_date>
      <news:title>CVE-2026-54640: OpenRemote KNXProtocol XXE Arbitrary File Read</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54641-openremote-cross-realm-user-disclosure</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T21:36:50.661Z</news:publication_date>
      <news:title>CVE-2026-54641: OpenRemote Manager Cross-Realm User Information Disclosure</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54760-langroid-sqlchatagent-pg-read-file-blocklist-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T20:49:05.522Z</news:publication_date>
      <news:title>CVE-2026-54760: langroid SQLChatAgent pg_read_file Blocklist Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54771-langroid-tool-injection-sender-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T20:47:55.181Z</news:publication_date>
      <news:title>CVE-2026-54771: langroid Unauthorized Tool Invocation via User-Supplied JSON</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55075-coder-oidc-account-takeover-email-verified-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T21:10:44.328Z</news:publication_date>
      <news:title>CVE-2026-55075: Coder OIDC Account Takeover via Email Fallback and email_verified Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55076-coder-oidc-email-verified-type-coercion-account-takeover</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T21:11:22.877Z</news:publication_date>
      <news:title>CVE-2026-55076: Coder OIDC email_verified Type Coercion Authentication Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55426-linuxfabrik-lib-shell-exec-command-injection</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T21:30:33.104Z</news:publication_date>
      <news:title>CVE-2026-55426: linuxfabrik-lib OS Command Injection via shell_exec</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55428-coder-tailnet-allowedips-route-hijacking</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T21:08:11.491Z</news:publication_date>
      <news:title>CVE-2026-55428: Coder Tailnet Coordinator Route Hijacking via Unvalidated AllowedIPs</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55431-coder-cli-session-token-exfiltration-external-app</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T21:31:58.658Z</news:publication_date>
      <news:title>CVE-2026-55431: Coder CLI Session Token Exfiltration via External App URLs</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55500-9router-database-export-import-credential-theft</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T21:48:43.457Z</news:publication_date>
      <news:title>CVE-2026-55500: 9router Unprotected Database Export/Import Credential Theft</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55501-9router-x-forwarded-for-rate-limit-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T21:48:00.817Z</news:publication_date>
      <news:title>CVE-2026-55501: 9router Login Rate-Limit Bypass via X-Forwarded-For Spoofing</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55615-langroid-neo4jchatagent-cypher-injection-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T21:34:48.915Z</news:publication_date>
      <news:title>CVE-2026-55615: langroid Neo4jChatAgent Prompt-to-Cypher Injection (RCE)</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55786-flyto-core-unauthenticated-os-command-injection-mcp</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T17:48:24.781Z</news:publication_date>
      <news:title>CVE-2026-55786: flyto-core Unauthenticated OS Command Injection via HTTP MCP</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55787-flyto-core-ssrf-ipv6-transition-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T17:49:04.881Z</news:publication_date>
      <news:title>CVE-2026-55787: flyto-core SSRF Guard Bypass via IPv6 Transition Addresses</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55790-craftcms-craftsupport-dom-xss-github-issue-title</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T21:34:04.844Z</news:publication_date>
      <news:title>CVE-2026-55790: Craft CMS DOM XSS via Poisoned GitHub Issue Title in CraftSupport Widget</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55794-craftcms-twig-injection-referer-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T21:49:21.564Z</news:publication_date>
      <news:title>CVE-2026-55794: Craft CMS Authenticated RCE via Twig Injection in Referer Header</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
</urlset>