<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
        xmlns:news="http://www.google.com/schemas/sitemap-news/0.9">
  <url>
    <loc>https://blog.securelayer7.net/cve-2026-63030-cve-2026-60137-wp2shell-pre-auth-rce-in-wordpress-core-via-rest-batch-route-confusion-and-sql-injection/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-18T19:48:00.000Z</news:publication_date>
      <news:title>CVE-2026-63030 &amp;#038; CVE-2026-60137: wp2shell Pre-Auth RCE in WordPress Core via REST Batch-Route Confusion and SQL Injection</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://blog.securelayer7.net/network-vulnerability-assessment/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T11:12:53.000Z</news:publication_date>
      <news:title>Network Vulnerability Assessment: Securing Cloud Network</news:title>
      <news:keywords>Security News</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-11400-aws-advanced-jdbc-wrapper-privilege-escalation-search-path</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T18:48:44.665Z</news:publication_date>
      <news:title>CVE-2026-11400: aws-advanced-jdbc-wrapper Privilege Escalation via Unqualified PostgreSQL Function Calls</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-27771-gitea-container-registry-auth-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T19:08:14.124Z</news:publication_date>
      <news:title>CVE-2026-27771: Gitea Container Registry Authentication Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-53597-prompty-core-javascript-frontmatter-code-injection</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T20:08:01.263Z</news:publication_date>
      <news:title>CVE-2026-53597: @prompty/core Arbitrary Code Execution via JavaScript Frontmatter</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54234-vllm-speculative-decoding-recovered-token-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T17:29:20.274Z</news:publication_date>
      <news:title>CVE-2026-54234: vLLM Remote DoS via Invalid Recovered Token Reinjection in Speculative Decoding</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54547-meta-ads-mcp-auth-bypass-x-pipeboard-token</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T19:08:54.059Z</news:publication_date>
      <news:title>CVE-2026-54547: meta-ads-mcp Authentication Bypass via X-Pipeboard-Token Header</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54549-meta-ads-mcp-ssrf-upload-ad-image</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T19:09:35.178Z</news:publication_date>
      <news:title>CVE-2026-54549: meta-ads-mcp Server-Side Request Forgery in upload_ad_image</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54552-sh-incomplete-privilege-drop-supplementary-groups</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T18:48:04.281Z</news:publication_date>
      <news:title>CVE-2026-54552: sh Incomplete Privilege Drop via _uid (Supplementary Groups Not Cleared)</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54567-flask-reuploaded-extension-denylist-case-folding-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T20:28:08.789Z</news:publication_date>
      <news:title>CVE-2026-54567: Flask-Reuploaded Extension Denylist Bypass via Case-Folding Asymmetry</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55177-cloudtak-esri-ssrf-authenticated</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T21:48:11.075Z</news:publication_date>
      <news:title>CVE-2026-55177: CloudTAK Authenticated Full-Read SSRF in /api/esri Routes</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/skipper-opa-oversized-content-length-policy-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-17T22:08:04.910Z</news:publication_date>
      <news:title>Skipper opaAuthorizeRequestWithBody OPA Policy Bypass via Oversized Content-Length</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
</urlset>