<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
        xmlns:news="http://www.google.com/schemas/sitemap-news/0.9">
  <url>
    <loc>https://blog.securelayer7.net/cve-2026-20230-cisco-unified-cm-rce/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T04:25:43.000Z</news:publication_date>
      <news:title>Cisco Unified CM Pre-Auth RCE — When the Phone System Becomes the Attacker’s Foothold</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-45378-decidim-verifications-unauthenticated-signed-storage-url</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T17:30:23.414Z</news:publication_date>
      <news:title>CVE-2026-45378: decidim-verifications Unauthenticated Access to Signed Identity Document URLs</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-45414-decidim-jwt-cross-organization-auth-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T17:29:50.140Z</news:publication_date>
      <news:title>CVE-2026-45414: Decidim JWT Cross-Organization Authentication Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-48118-nukeviet-reflected-xss-comment-status-base64</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T17:28:39.550Z</news:publication_date>
      <news:title>CVE-2026-48118: NukeViet Unauthenticated Reflected XSS via Base64-Encoded Comment Status Parameter</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49259-nukeviet-stored-xss-comment-reply</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T17:28:01.128Z</news:publication_date>
      <news:title>CVE-2026-49259: NukeViet CMS Stored XSS via Comment Reply Handler</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54064-nukeviet-stored-xss-filter-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:09:01.585Z</news:publication_date>
      <news:title>CVE-2026-54064: NukeViet CMS Multiple Anti-XSS Filter Bypasses Leading to Stored XSS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54065-nukeviet-path-traversal-arbitrary-file-deletion</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:08:25.121Z</news:publication_date>
      <news:title>CVE-2026-54065: NukeViet Path Traversal to Arbitrary File Deletion</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55372-nukeviet-preauth-ssrf-x-forwarded-host</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:07:58.923Z</news:publication_date>
      <news:title>CVE-2026-55372: NukeViet Pre-auth SSRF via X-Forwarded-Host</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-59954-apollo-configservice-accesskey-appid-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:28:02.445Z</news:publication_date>
      <news:title>CVE-2026-59954: Apollo ConfigService AccessKey Authentication Bypass via Non-Canonical appId</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-61668-dirac-pilotwrapper-tls-certificate-validation-mitm</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T18:48:48.428Z</news:publication_date>
      <news:title>CVE-2026-61668: DIRAC PilotWrapper Disabled TLS Certificate Validation</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
</urlset>