<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
        xmlns:news="http://www.google.com/schemas/sitemap-news/0.9">
  <url>
    <loc>https://blog.securelayer7.net/application-penetration-testing/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T11:22:39.000Z</news:publication_date>
      <news:title>Application Penetration Testing: Complete Guide</news:title>
      <news:keywords>Security News</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://blog.securelayer7.net/continuous-threat-exposure-management-ctem/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T06:37:53.000Z</news:publication_date>
      <news:title>Continuous Threat Exposure Management (CTEM) Explained</news:title>
      <news:keywords>Security News</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://blog.securelayer7.net/cve-2026-20230-cisco-unified-cm-rce/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T04:25:43.000Z</news:publication_date>
      <news:title>Cisco Unified CM Pre-Auth RCE — When the Phone System Becomes the Attacker’s Foothold</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-44300-opencost-unauthenticated-servicekey-file-write</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T17:30:03.933Z</news:publication_date>
      <news:title>CVE-2026-44300: OpenCost Unauthenticated GCP Service Key Overwrite</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-44891-netty-stomp-unbounded-headers-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:29:15.948Z</news:publication_date>
      <news:title>CVE-2026-44891: netty-codec-stomp Unbounded Header Count DoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-45262-facturascripts-api-sqli-parenthesis-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T17:29:30.374Z</news:publication_date>
      <news:title>CVE-2026-45262: FacturaScripts REST API SQL Injection via Parenthesis Bypass in Where::sqlColumn</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-45263-facturascripts-csv-formula-injection-csvexport</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T17:28:05.717Z</news:publication_date>
      <news:title>CVE-2026-45263: FacturaScripts CSV Formula Injection in CSVExport</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-45378-decidim-verifications-unauthenticated-signed-storage-url</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T17:30:23.414Z</news:publication_date>
      <news:title>CVE-2026-45378: decidim-verifications Unauthenticated Access to Signed Identity Document URLs</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-45414-decidim-jwt-cross-organization-auth-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T17:29:50.140Z</news:publication_date>
      <news:title>CVE-2026-45414: Decidim JWT Cross-Organization Authentication Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-45693-facturascripts-path-traversal-myfiles-private</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T17:28:42.592Z</news:publication_date>
      <news:title>CVE-2026-45693: FacturaScripts Unauthenticated Path Traversal in Static File Controllers</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-47677-facturascripts-2fa-bypass-account-takeover</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T23:48:40.218Z</news:publication_date>
      <news:title>CVE-2026-47677: FacturaScripts 2FA Endpoint Authentication Bypass and Account Takeover</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-48118-nukeviet-reflected-xss-comment-status-base64</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T17:28:39.550Z</news:publication_date>
      <news:title>CVE-2026-48118: NukeViet Unauthenticated Reflected XSS via Base64-Encoded Comment Status Parameter</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49259-nukeviet-stored-xss-comment-reply</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T17:28:01.128Z</news:publication_date>
      <news:title>CVE-2026-49259: NukeViet CMS Stored XSS via Comment Reply Handler</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50006-anyquery-attach-database-arbitrary-file-write-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T18:48:08.425Z</news:publication_date>
      <news:title>CVE-2026-50006: Anyquery Arbitrary File Write via Unrestricted ATTACH DATABASE in Server Mode</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50013-hoverfly-diff-mode-concurrent-map-race-condition-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T18:08:04.382Z</news:publication_date>
      <news:title>CVE-2026-50013: Hoverfly Concurrent Map Write DoS in Diff Mode</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50125-mkp-pod-log-memory-exhaustion</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T18:28:41.500Z</news:publication_date>
      <news:title>CVE-2026-50125: MKP Unbounded Pod Log Read Memory Exhaustion</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50131-fedify-ssrf-ipv4-bypass-special-use-ranges</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T18:28:11.172Z</news:publication_date>
      <news:title>CVE-2026-50131: @fedify/fedify SSRF Mitigation Bypass via Incomplete IPv4 Validation</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50158-yutu-mcp-caption-download-arbitrary-file-write</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T19:48:43.824Z</news:publication_date>
      <news:title>CVE-2026-50158: yutu Arbitrary File Write via MCP caption-download</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52824-kimai-docker-default-app-secret-cookie-forgery</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T00:28:04.225Z</news:publication_date>
      <news:title>CVE-2026-52824: Kimai Docker Default APP_SECRET Enables Cookie Forgery and Account Takeover</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52827-kimai-2fa-totp-bypass-session-cookie</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T00:48:03.845Z</news:publication_date>
      <news:title>CVE-2026-52827: Kimai 2FA TOTP Bypass via Pre-Verification Session Cookie</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54064-nukeviet-stored-xss-filter-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:09:01.585Z</news:publication_date>
      <news:title>CVE-2026-54064: NukeViet CMS Multiple Anti-XSS Filter Bypasses Leading to Stored XSS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54065-nukeviet-path-traversal-arbitrary-file-deletion</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:08:25.121Z</news:publication_date>
      <news:title>CVE-2026-54065: NukeViet Path Traversal to Arbitrary File Deletion</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54087-easyadmin-stored-xss-filefield-imagefield-upload</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:29:56.881Z</news:publication_date>
      <news:title>CVE-2026-54087: EasyAdmin Bundle Stored XSS via FileField and ImageField Upload</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54446-netlicensing-mcp-missing-auth-http-mode</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T21:08:34.920Z</news:publication_date>
      <news:title>CVE-2026-54446: netlicensing-mcp Unauthenticated API Key Exposure in HTTP Mode</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54448-trivy-helm-tar-bomb-oom</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:10:40.486Z</news:publication_date>
      <news:title>CVE-2026-54448: Trivy Helm Chart Tar Bomb OOM via Unbounded io.ReadAll</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54628-anyquery-ssrf-sqlite-virtual-table-server-mode</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:08:44.113Z</news:publication_date>
      <news:title>CVE-2026-54628: Anyquery SSRF via Unrestricted SQLite Virtual Table Modules in Server Mode</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54629-anyquery-local-file-read-csv-reader-server-mode</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:27:59.291Z</news:publication_date>
      <news:title>CVE-2026-54629: Anyquery Local File Read via Unrestricted SQLite Virtual Table Modules</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55372-nukeviet-preauth-ssrf-x-forwarded-host</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:07:58.923Z</news:publication_date>
      <news:title>CVE-2026-55372: NukeViet Pre-auth SSRF via X-Forwarded-Host</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-59954-apollo-configservice-accesskey-appid-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:28:02.445Z</news:publication_date>
      <news:title>CVE-2026-59954: Apollo ConfigService AccessKey Authentication Bypass via Non-Canonical appId</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-61549-woodpecker-ci-kubernetes-serviceaccountname-privilege-escalation</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:48:05.230Z</news:publication_date>
      <news:title>CVE-2026-61549: Woodpecker CI Kubernetes Backend Privilege Escalation via serviceAccountName</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-61668-dirac-pilotwrapper-tls-certificate-validation-mitm</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:48:48.428Z</news:publication_date>
      <news:title>CVE-2026-61668: DIRAC PilotWrapper Disabled TLS Certificate Validation</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-61699-nebula-mesh-blocklist-never-enforced</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:49:16.605Z</news:publication_date>
      <news:title>CVE-2026-61699: nebula-mesh Certificate Blocklist Never Enforced on Mesh Peers</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/ech0-accept-language-underscore-bypass-dos-amplification</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:09:19.681Z</news:publication_date>
      <news:title>Ech0: Accept-Language `_` Separator Bypass Causes ~70x CPU Amplification DoS</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/facturascripts-uploadedfile-path-traversal-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T21:07:59.830Z</news:publication_date>
      <news:title>FacturaScripts Path Traversal to Remote Code Execution via UploadedFile::move()</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/json-repair-circular-ref-infinite-loop-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T23:47:53.793Z</news:publication_date>
      <news:title>json-repair Circular JSON Schema $ref Infinite Loop DoS</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/nebula-mesh-allow-private-ssrf-missing-authorization</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:48:38.759Z</news:publication_date>
      <news:title>nebula-mesh: Non-Admin SSRF via Unguarded allow_private Webhook Flag</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/tidgi-desktop-rce-tiddlywiki-startup-module-import</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:09:55.785Z</news:publication_date>
      <news:title>TidGi Desktop Remote Code Execution via Malicious TiddlyWiki Repository Import</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/tsdproxy-x-forwarded-for-ip-spoofing-injection</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T19:48:03.192Z</news:publication_date>
      <news:title>TsDProxy X-Forwarded-For Header Injection Allows IP Spoofing</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
</urlset>