<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
        xmlns:news="http://www.google.com/schemas/sitemap-news/0.9">
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49464-nl-portal-taak-idor-submittaakv2</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T21:28:40.118Z</news:publication_date>
      <news:title>CVE-2026-49464: NL Portal Taak IDOR Allows Takeover of Any User&apos;s Open Task</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49471-serena-agent-unauthenticated-dashboard-dns-rebinding-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T21:28:07.593Z</news:publication_date>
      <news:title>CVE-2026-49471: serena-agent Unauthenticated Flask Dashboard Enables DNS Rebinding to RCE</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49476-soupsieve-memory-exhaustion-selector-list</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T14:08:28.197Z</news:publication_date>
      <news:title>CVE-2026-49476: soupsieve Memory Exhaustion via Unbounded Selector List</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49477-soupsieve-redos-selector-parser</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T14:07:58.260Z</news:publication_date>
      <news:title>CVE-2026-49477: soupsieve Regular Expression Denial of Service (ReDoS)</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49485-hl7-fhir-dstu2-redos-fhirpath-matches</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T13:49:29.535Z</news:publication_date>
      <news:title>CVE-2026-49485: org.hl7.fhir.dstu2 FHIRPathEngine ReDoS via Unprotected matches()</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49825-lxml-html-clean-xlink-href-xss</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T20:48:00.787Z</news:publication_date>
      <news:title>CVE-2026-49825: lxml_html_clean javascript: XSS via xlink:href</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49832-dspace-velocity-template-injection-rce-ldn</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T20:28:41.209Z</news:publication_date>
      <news:title>CVE-2026-49832: DSpace Remote Code Execution via Velocity Template Injection in LDN</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50197-skipper-opa-body-bypass-chunked-encoding</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T20:29:50.643Z</news:publication_date>
      <news:title>CVE-2026-50197: Skipper opaAuthorizeRequestWithBody OPA Policy Bypass via Chunked Encoding</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50553-note-mark-path-traversal-slug-migrate-export</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T13:50:17.845Z</news:publication_date>
      <news:title>CVE-2026-50553: Note Mark Path Traversal via Unsanitized Book/Note Slug in Migrate Export</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52766-yeswiki-unauthenticated-arbitrary-page-deletion</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T21:28:45.419Z</news:publication_date>
      <news:title>CVE-2026-52766: YesWiki Unauthenticated Arbitrary Page Deletion</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52767-yeswiki-activitypub-signature-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T21:28:12.151Z</news:publication_date>
      <news:title>CVE-2026-52767: YesWiki ActivityPub Signature-Verification Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52769-yeswiki-activitypub-ssrf-keyid</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T21:11:20.877Z</news:publication_date>
      <news:title>CVE-2026-52769: YesWiki Unauthenticated SSRF via ActivityPub Signature keyId</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52770-yeswiki-bazar-api-sql-injection</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T21:10:47.245Z</news:publication_date>
      <news:title>CVE-2026-52770: YesWiki Bazar API Unauthenticated Boolean-Based SQL Injection</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52771-yeswiki-second-order-sql-injection-delete-page</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T21:10:18.889Z</news:publication_date>
      <news:title>CVE-2026-52771: YesWiki Second-Order SQL Injection in Page Delete API</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52778-yeswiki-calcfield-eval-rce-redos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T21:08:01.240Z</news:publication_date>
      <news:title>CVE-2026-52778: YesWiki CalcField Unsafe eval() Remote Code Execution and ReDoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52831-nuclio-cron-trigger-command-injection-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T20:29:21.288Z</news:publication_date>
      <news:title>CVE-2026-52831: Nuclio Cron Trigger OS Command Injection (Persistent RCE)</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-53530-ratex-parser-verb-utf8-panic-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-07T23:49:14.771Z</news:publication_date>
      <news:title>CVE-2026-53530: ratex-parser Process Abort via UTF-8 Multibyte Delimiter in \verb</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-53552-goploy-cross-namespace-idor-rce-project-id</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-07T23:48:43.254Z</news:publication_date>
      <news:title>CVE-2026-53552: Goploy Cross-Namespace IDOR and RCE via Body-Controlled Project ID</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-53553-goploy-path-traversal-file-read</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-07T23:47:58.046Z</news:publication_date>
      <news:title>CVE-2026-53553: Goploy Arbitrary File Read via Path Traversal in /deploy/fileDiff</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-53649-joro-unauthenticated-cross-origin-plugin-upload-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-08T20:28:04.075Z</news:publication_date>
      <news:title>CVE-2026-53649: Joro Unauthenticated Cross-Origin Plugin Upload RCE</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-53727-css-parser-ssrf-local-file-disclosure-import</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T13:48:54.144Z</news:publication_date>
      <news:title>CVE-2026-53727: css_parser SSRF and Local File Disclosure via @import</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-56382-craftcms-fieldscontroller-yii2-event-injection-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T13:48:02.176Z</news:publication_date>
      <news:title>CVE-2026-56382: Craft CMS RCE via Yii2 Event Handler Injection in FieldsController</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/micronaut-http-client-infinite-redirect-loop-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T14:09:29.703Z</news:publication_date>
      <news:title>micronaut-http-client Infinite Redirect Loop Denial of Service</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/phantom-audio-arbitrary-file-write-mcp-path-traversal</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-09T14:09:00.429Z</news:publication_date>
      <news:title>phantom-audio: Arbitrary File Write and Decode-Bomb DoS via Unconfined MCP Tool Paths</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
</urlset>