<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
        xmlns:news="http://www.google.com/schemas/sitemap-news/0.9">
  <url>
    <loc>https://blog.securelayer7.net/application-penetration-testing/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T11:22:39.000Z</news:publication_date>
      <news:title>Application Penetration Testing: Complete Guide</news:title>
      <news:keywords>Security News</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://blog.securelayer7.net/continuous-threat-exposure-management-ctem/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T06:37:53.000Z</news:publication_date>
      <news:title>Continuous Threat Exposure Management (CTEM) Explained</news:title>
      <news:keywords>Security News</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-44300-opencost-unauthenticated-servicekey-file-write</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T17:30:03.933Z</news:publication_date>
      <news:title>CVE-2026-44300: OpenCost Unauthenticated GCP Service Key Overwrite</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-44891-netty-stomp-unbounded-headers-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:29:15.948Z</news:publication_date>
      <news:title>CVE-2026-44891: netty-codec-stomp Unbounded Header Count DoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-45262-facturascripts-api-sqli-parenthesis-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T17:29:30.374Z</news:publication_date>
      <news:title>CVE-2026-45262: FacturaScripts REST API SQL Injection via Parenthesis Bypass in Where::sqlColumn</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-45263-facturascripts-csv-formula-injection-csvexport</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T17:28:05.717Z</news:publication_date>
      <news:title>CVE-2026-45263: FacturaScripts CSV Formula Injection in CSVExport</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-45693-facturascripts-path-traversal-myfiles-private</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T17:28:42.592Z</news:publication_date>
      <news:title>CVE-2026-45693: FacturaScripts Unauthenticated Path Traversal in Static File Controllers</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-47142-mantisbt-history-order-sql-injection</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T16:48:51.316Z</news:publication_date>
      <news:title>CVE-2026-47142: MantisBT SQL Injection via history_order Configuration Value</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-47156-mantisbt-soap-api-auth-bypass-privilege-escalation</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T16:48:12.932Z</news:publication_date>
      <news:title>CVE-2026-47156: MantisBT SOAP API Authentication Bypass with Privilege Escalation</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-47677-facturascripts-2fa-bypass-account-takeover</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T23:48:40.218Z</news:publication_date>
      <news:title>CVE-2026-47677: FacturaScripts 2FA Endpoint Authentication Bypass and Account Takeover</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49273-mantisbt-eval-class-hoisting-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T17:08:05.982Z</news:publication_date>
      <news:title>CVE-2026-49273: MantisBT Remote Code Execution via eval() Class Hoisting in adm_config_set.php</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50006-anyquery-attach-database-arbitrary-file-write-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T18:48:08.425Z</news:publication_date>
      <news:title>CVE-2026-50006: Anyquery Arbitrary File Write via Unrestricted ATTACH DATABASE in Server Mode</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50013-hoverfly-diff-mode-concurrent-map-race-condition-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T18:08:04.382Z</news:publication_date>
      <news:title>CVE-2026-50013: Hoverfly Concurrent Map Write DoS in Diff Mode</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50125-mkp-pod-log-memory-exhaustion</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T18:28:41.500Z</news:publication_date>
      <news:title>CVE-2026-50125: MKP Unbounded Pod Log Read Memory Exhaustion</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50131-fedify-ssrf-ipv4-bypass-special-use-ranges</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T18:28:11.172Z</news:publication_date>
      <news:title>CVE-2026-50131: @fedify/fedify SSRF Mitigation Bypass via Incomplete IPv4 Validation</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50158-yutu-mcp-caption-download-arbitrary-file-write</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T19:48:43.824Z</news:publication_date>
      <news:title>CVE-2026-50158: yutu Arbitrary File Write via MCP caption-download</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50271-ddtrace-w3c-baggage-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:10:04.734Z</news:publication_date>
      <news:title>CVE-2026-50271: ddtrace Uncontrolled Resource Consumption via W3C Baggage Header Parsing</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50272-dd-trace-baggage-extraction-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:09:25.379Z</news:publication_date>
      <news:title>CVE-2026-50272: dd-trace Unbounded W3C Baggage Extraction DoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50273-datadog-trace-dotnet-baggage-extraction-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:08:43.574Z</news:publication_date>
      <news:title>CVE-2026-50273: Datadog.Trace Unbounded W3C Baggage Extraction DoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50274-dd-trace-go-baggage-extraction-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:08:04.815Z</news:publication_date>
      <news:title>CVE-2026-50274: dd-trace-go Unbounded W3C Baggage Header Parsing DoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50276-dd-trace-rb-baggage-header-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:30:06.379Z</news:publication_date>
      <news:title>CVE-2026-50276: datadog (dd-trace-rb) W3C Baggage Header Denial of Service</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50285-pomerium-hpke-zstd-decompression-bomb-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:29:19.793Z</news:publication_date>
      <news:title>CVE-2026-50285: Pomerium Pre-Auth Denial of Service via HPKE Decompression Bomb</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52824-kimai-docker-default-app-secret-cookie-forgery</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T00:28:04.225Z</news:publication_date>
      <news:title>CVE-2026-52824: Kimai Docker Default APP_SECRET Enables Cookie Forgery and Account Takeover</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52827-kimai-2fa-totp-bypass-session-cookie</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T00:48:03.845Z</news:publication_date>
      <news:title>CVE-2026-52827: Kimai 2FA TOTP Bypass via Pre-Verification Session Cookie</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52847-mantisbt-reflected-xss-admin-install</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T18:28:06.689Z</news:publication_date>
      <news:title>CVE-2026-52847: MantisBT Reflected XSS in admin/install.php</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52881-mantisbt-install-php-reflected-xss</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T18:48:09.618Z</news:publication_date>
      <news:title>CVE-2026-52881: MantisBT Reflected XSS in admin/install.php</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54087-easyadmin-stored-xss-filefield-imagefield-upload</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:29:56.881Z</news:publication_date>
      <news:title>CVE-2026-54087: EasyAdmin Bundle Stored XSS via FileField and ImageField Upload</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54446-netlicensing-mcp-missing-auth-http-mode</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T21:08:34.920Z</news:publication_date>
      <news:title>CVE-2026-54446: netlicensing-mcp Unauthenticated API Key Exposure in HTTP Mode</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54447-garminconnect-world-readable-oauth-token</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T17:49:06.754Z</news:publication_date>
      <news:title>CVE-2026-54447: garminconnect World-Readable OAuth Token File</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54448-trivy-helm-tar-bomb-oom</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:10:40.486Z</news:publication_date>
      <news:title>CVE-2026-54448: Trivy Helm Chart Tar Bomb OOM via Unbounded io.ReadAll</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54449-langbot-mcp-stdio-command-injection-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T17:48:37.038Z</news:publication_date>
      <news:title>CVE-2026-54449: LangBot Authenticated RCE via MCP STDIO Command Injection</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54451-elixir-protobuf-unbounded-recursion-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T17:48:00.893Z</news:publication_date>
      <news:title>CVE-2026-54451: elixir-protobuf Unbounded Recursion DoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54457-tensorzero-gateway-file-read-ssrf</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T22:07:58.354Z</news:publication_date>
      <news:title>CVE-2026-54457: TensorZero Gateway Arbitrary File Read and SSRF</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54466-websocket-driver-hixie-draft-length-header-corruption</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T22:28:15.142Z</news:publication_date>
      <news:title>CVE-2026-54466: websocket-driver Hixie Draft Length Header Integer Corruption</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54493-koel-ssrf-subsonic-internet-radio</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T17:28:08.165Z</news:publication_date>
      <news:title>CVE-2026-54493: Koel Authenticated Full-Read SSRF via Subsonic Radio Endpoints</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54498-view-component-around-render-xss</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:31:27.005Z</news:publication_date>
      <news:title>CVE-2026-54498: view_component around_render HTML-Safety Bypass XSS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54504-mcp-documentation-server-unauth-network-api-exposure</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:27:59.856Z</news:publication_date>
      <news:title>CVE-2026-54504: @andrea9293/mcp-documentation-server Unauthenticated Network API Exposure</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54628-anyquery-ssrf-sqlite-virtual-table-server-mode</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:08:44.113Z</news:publication_date>
      <news:title>CVE-2026-54628: Anyquery SSRF via Unrestricted SQLite Virtual Table Modules in Server Mode</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54629-anyquery-local-file-read-csv-reader-server-mode</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:27:59.291Z</news:publication_date>
      <news:title>CVE-2026-54629: Anyquery Local File Read via Unrestricted SQLite Virtual Table Modules</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-61549-woodpecker-ci-kubernetes-serviceaccountname-privilege-escalation</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:48:05.230Z</news:publication_date>
      <news:title>CVE-2026-61549: Woodpecker CI Kubernetes Backend Privilege Escalation via serviceAccountName</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-61699-nebula-mesh-blocklist-never-enforced</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:49:16.605Z</news:publication_date>
      <news:title>CVE-2026-61699: nebula-mesh Certificate Blocklist Never Enforced on Mesh Peers</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-62944-mantisbt-stored-xss-attachment-filename-html-export</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T19:08:01.589Z</news:publication_date>
      <news:title>CVE-2026-62944: MantisBT Stored XSS via Attachment Filename in HTML Export</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/ech0-accept-language-underscore-bypass-dos-amplification</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:09:19.681Z</news:publication_date>
      <news:title>Ech0: Accept-Language `_` Separator Bypass Causes ~70x CPU Amplification DoS</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/facturascripts-uploadedfile-path-traversal-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T21:07:59.830Z</news:publication_date>
      <news:title>FacturaScripts Path Traversal to Remote Code Execution via UploadedFile::move()</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/json-repair-circular-ref-infinite-loop-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-13T23:47:53.793Z</news:publication_date>
      <news:title>json-repair Circular JSON Schema $ref Infinite Loop DoS</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/nebula-mesh-allow-private-ssrf-missing-authorization</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:48:38.759Z</news:publication_date>
      <news:title>nebula-mesh: Non-Admin SSRF via Unguarded allow_private Webhook Flag</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/obsidian-local-rest-api-path-traversal-percent-encoded-slash-vault</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T22:08:32.348Z</news:publication_date>
      <news:title>obsidian-local-rest-api: Authenticated Path Traversal via Percent-Encoded Slash in /vault/{path}</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/tidgi-desktop-rce-tiddlywiki-startup-module-import</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T20:09:55.785Z</news:publication_date>
      <news:title>TidGi Desktop Remote Code Execution via Malicious TiddlyWiki Repository Import</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/tsdproxy-x-forwarded-for-ip-spoofing-injection</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-14T19:48:03.192Z</news:publication_date>
      <news:title>TsDProxy X-Forwarded-For Header Injection Allows IP Spoofing</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
</urlset>