<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
        xmlns:news="http://www.google.com/schemas/sitemap-news/0.9">
  <url>
    <loc>https://blog.securelayer7.net/network-vulnerability-assessment/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T11:12:53.000Z</news:publication_date>
      <news:title>Network Vulnerability Assessment: Securing Cloud Network</news:title>
      <news:keywords>Security News</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://blog.securelayer7.net/cve-2026-8037-progress-loadmaster-rce/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T13:04:09.000Z</news:publication_date>
      <news:title>CVE-2026-8037: Progress Kemp LoadMaster &amp;#8211; Pre-Auth Root RCE</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://blog.securelayer7.net/vulnerability-management-lifecycle/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T10:23:06.000Z</news:publication_date>
      <news:title>The Vulnerability Management Lifecycle: A Complete Guide</news:title>
      <news:keywords>Security News</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/arcadedb-cross-database-idor-timeseries-batch-prometheus-grafana</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:28:12.749Z</news:publication_date>
      <news:title>ArcadeDB: Cross-Database IDOR on Time-Series, Batch, Prometheus, and Grafana Endpoints</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/arcadedb-javascript-trigger-rce-os-command-injection</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:29:30.905Z</news:publication_date>
      <news:title>ArcadeDB: JavaScript Trigger OS Command Injection (RCE)</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-11400-aws-advanced-jdbc-wrapper-privilege-escalation-search-path</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T18:48:44.665Z</news:publication_date>
      <news:title>CVE-2026-11400: aws-advanced-jdbc-wrapper Privilege Escalation via Unqualified PostgreSQL Function Calls</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-27771-gitea-container-registry-auth-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T19:08:14.124Z</news:publication_date>
      <news:title>CVE-2026-27771: Gitea Container Registry Authentication Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50271-ddtrace-w3c-baggage-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:10:04.734Z</news:publication_date>
      <news:title>CVE-2026-50271: ddtrace Uncontrolled Resource Consumption via W3C Baggage Header Parsing</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50272-dd-trace-baggage-extraction-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:09:25.379Z</news:publication_date>
      <news:title>CVE-2026-50272: dd-trace Unbounded W3C Baggage Extraction DoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50273-datadog-trace-dotnet-baggage-extraction-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:08:43.574Z</news:publication_date>
      <news:title>CVE-2026-50273: Datadog.Trace Unbounded W3C Baggage Extraction DoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50274-dd-trace-go-baggage-extraction-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:08:04.815Z</news:publication_date>
      <news:title>CVE-2026-50274: dd-trace-go Unbounded W3C Baggage Header Parsing DoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50276-dd-trace-rb-baggage-header-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:30:06.379Z</news:publication_date>
      <news:title>CVE-2026-50276: datadog (dd-trace-rb) W3C Baggage Header Denial of Service</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50285-pomerium-hpke-zstd-decompression-bomb-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:29:19.793Z</news:publication_date>
      <news:title>CVE-2026-50285: Pomerium Pre-Auth Denial of Service via HPKE Decompression Bomb</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52869-mcp-python-sdk-session-authorization-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:09:21.547Z</news:publication_date>
      <news:title>CVE-2026-52869: mcp (Python SDK) Session Authorization Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52870-mcp-python-sdk-tasks-missing-authorization</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:09:50.208Z</news:publication_date>
      <news:title>CVE-2026-52870: mcp (Python SDK) Missing Authorization on Experimental Task Handlers</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-53597-prompty-core-javascript-frontmatter-code-injection</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T20:08:01.263Z</news:publication_date>
      <news:title>CVE-2026-53597: @prompty/core Arbitrary Code Execution via JavaScript Frontmatter</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-53714-envoy-gateway-xds-auth-bypass-gateway-namespace-mode</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T19:48:47.033Z</news:publication_date>
      <news:title>CVE-2026-53714: Envoy Gateway xDS Authentication Bypass in GatewayNamespaceMode</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54077-arcadedb-import-database-ssrf-file-read</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:08:04.452Z</news:publication_date>
      <news:title>CVE-2026-54077: ArcadeDB IMPORT DATABASE SSRF and Local File Read</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54234-vllm-speculative-decoding-recovered-token-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T17:29:20.274Z</news:publication_date>
      <news:title>CVE-2026-54234: vLLM Remote DoS via Invalid Recovered Token Reinjection in Speculative Decoding</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54457-tensorzero-gateway-file-read-ssrf</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T22:07:58.354Z</news:publication_date>
      <news:title>CVE-2026-54457: TensorZero Gateway Arbitrary File Read and SSRF</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54466-websocket-driver-hixie-draft-length-header-corruption</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T22:28:15.142Z</news:publication_date>
      <news:title>CVE-2026-54466: websocket-driver Hixie Draft Length Header Integer Corruption</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54498-view-component-around-render-xss</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:31:27.005Z</news:publication_date>
      <news:title>CVE-2026-54498: view_component around_render HTML-Safety Bypass XSS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54504-mcp-documentation-server-unauth-network-api-exposure</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:27:59.856Z</news:publication_date>
      <news:title>CVE-2026-54504: @andrea9293/mcp-documentation-server Unauthenticated Network API Exposure</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54547-meta-ads-mcp-auth-bypass-x-pipeboard-token</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T19:08:54.059Z</news:publication_date>
      <news:title>CVE-2026-54547: meta-ads-mcp Authentication Bypass via X-Pipeboard-Token Header</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54549-meta-ads-mcp-ssrf-upload-ad-image</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T19:09:35.178Z</news:publication_date>
      <news:title>CVE-2026-54549: meta-ads-mcp Server-Side Request Forgery in upload_ad_image</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54552-sh-incomplete-privilege-drop-supplementary-groups</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T18:48:04.281Z</news:publication_date>
      <news:title>CVE-2026-54552: sh Incomplete Privilege Drop via _uid (Supplementary Groups Not Cleared)</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54567-flask-reuploaded-extension-denylist-case-folding-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T20:28:08.789Z</news:publication_date>
      <news:title>CVE-2026-54567: Flask-Reuploaded Extension Denylist Bypass via Case-Folding Asymmetry</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55177-cloudtak-esri-ssrf-authenticated</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T21:48:11.075Z</news:publication_date>
      <news:title>CVE-2026-55177: CloudTAK Authenticated Full-Read SSRF in /api/esri Routes</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55578-pheditor-terminal-command-injection-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:48:02.656Z</news:publication_date>
      <news:title>CVE-2026-55578: Pheditor OS Command Injection via Incomplete Terminal Blocklist</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55579-pheditor-hardcoded-default-password-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:31:23.295Z</news:publication_date>
      <news:title>CVE-2026-55579: Pheditor Hardcoded Default Password Enables Unauthenticated RCE</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-59950-mcp-websocket-missing-origin-validation</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:30:06.334Z</news:publication_date>
      <news:title>CVE-2026-59950: mcp WebSocket Transport Missing Origin Validation</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/obsidian-local-rest-api-path-traversal-percent-encoded-slash-vault</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T22:08:32.348Z</news:publication_date>
      <news:title>obsidian-local-rest-api: Authenticated Path Traversal via Percent-Encoded Slash in /vault/{path}</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
</urlset>