<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
        xmlns:news="http://www.google.com/schemas/sitemap-news/0.9">
  <url>
    <loc>https://blog.securelayer7.net/cve-2026-8037-progress-loadmaster-rce/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T13:04:09.000Z</news:publication_date>
      <news:title>CVE-2026-8037: Progress Kemp LoadMaster &amp;#8211; Pre-Auth Root RCE</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://blog.securelayer7.net/vulnerability-management-lifecycle/</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T10:23:06.000Z</news:publication_date>
      <news:title>The Vulnerability Management Lifecycle: A Complete Guide</news:title>
      <news:keywords>Security News</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/arcadedb-cross-database-idor-timeseries-batch-prometheus-grafana</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:28:12.749Z</news:publication_date>
      <news:title>ArcadeDB: Cross-Database IDOR on Time-Series, Batch, Prometheus, and Grafana Endpoints</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/arcadedb-javascript-trigger-rce-os-command-injection</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:29:30.905Z</news:publication_date>
      <news:title>ArcadeDB: JavaScript Trigger OS Command Injection (RCE)</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-47142-mantisbt-history-order-sql-injection</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T16:48:51.316Z</news:publication_date>
      <news:title>CVE-2026-47142: MantisBT SQL Injection via history_order Configuration Value</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-47156-mantisbt-soap-api-auth-bypass-privilege-escalation</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T16:48:12.932Z</news:publication_date>
      <news:title>CVE-2026-47156: MantisBT SOAP API Authentication Bypass with Privilege Escalation</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-49273-mantisbt-eval-class-hoisting-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T17:08:05.982Z</news:publication_date>
      <news:title>CVE-2026-49273: MantisBT Remote Code Execution via eval() Class Hoisting in adm_config_set.php</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50271-ddtrace-w3c-baggage-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:10:04.734Z</news:publication_date>
      <news:title>CVE-2026-50271: ddtrace Uncontrolled Resource Consumption via W3C Baggage Header Parsing</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50272-dd-trace-baggage-extraction-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:09:25.379Z</news:publication_date>
      <news:title>CVE-2026-50272: dd-trace Unbounded W3C Baggage Extraction DoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50273-datadog-trace-dotnet-baggage-extraction-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:08:43.574Z</news:publication_date>
      <news:title>CVE-2026-50273: Datadog.Trace Unbounded W3C Baggage Extraction DoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50274-dd-trace-go-baggage-extraction-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:08:04.815Z</news:publication_date>
      <news:title>CVE-2026-50274: dd-trace-go Unbounded W3C Baggage Header Parsing DoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50276-dd-trace-rb-baggage-header-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:30:06.379Z</news:publication_date>
      <news:title>CVE-2026-50276: datadog (dd-trace-rb) W3C Baggage Header Denial of Service</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-50285-pomerium-hpke-zstd-decompression-bomb-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:29:19.793Z</news:publication_date>
      <news:title>CVE-2026-50285: Pomerium Pre-Auth Denial of Service via HPKE Decompression Bomb</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52847-mantisbt-reflected-xss-admin-install</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T18:28:06.689Z</news:publication_date>
      <news:title>CVE-2026-52847: MantisBT Reflected XSS in admin/install.php</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52869-mcp-python-sdk-session-authorization-bypass</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:09:21.547Z</news:publication_date>
      <news:title>CVE-2026-52869: mcp (Python SDK) Session Authorization Bypass</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52870-mcp-python-sdk-tasks-missing-authorization</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:09:50.208Z</news:publication_date>
      <news:title>CVE-2026-52870: mcp (Python SDK) Missing Authorization on Experimental Task Handlers</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-52881-mantisbt-install-php-reflected-xss</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T18:48:09.618Z</news:publication_date>
      <news:title>CVE-2026-52881: MantisBT Reflected XSS in admin/install.php</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-53714-envoy-gateway-xds-auth-bypass-gateway-namespace-mode</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T19:48:47.033Z</news:publication_date>
      <news:title>CVE-2026-53714: Envoy Gateway xDS Authentication Bypass in GatewayNamespaceMode</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54077-arcadedb-import-database-ssrf-file-read</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:08:04.452Z</news:publication_date>
      <news:title>CVE-2026-54077: ArcadeDB IMPORT DATABASE SSRF and Local File Read</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54447-garminconnect-world-readable-oauth-token</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T17:49:06.754Z</news:publication_date>
      <news:title>CVE-2026-54447: garminconnect World-Readable OAuth Token File</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54449-langbot-mcp-stdio-command-injection-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T17:48:37.038Z</news:publication_date>
      <news:title>CVE-2026-54449: LangBot Authenticated RCE via MCP STDIO Command Injection</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54451-elixir-protobuf-unbounded-recursion-dos</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T17:48:00.893Z</news:publication_date>
      <news:title>CVE-2026-54451: elixir-protobuf Unbounded Recursion DoS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54457-tensorzero-gateway-file-read-ssrf</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T22:07:58.354Z</news:publication_date>
      <news:title>CVE-2026-54457: TensorZero Gateway Arbitrary File Read and SSRF</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54466-websocket-driver-hixie-draft-length-header-corruption</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T22:28:15.142Z</news:publication_date>
      <news:title>CVE-2026-54466: websocket-driver Hixie Draft Length Header Integer Corruption</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54493-koel-ssrf-subsonic-internet-radio</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T17:28:08.165Z</news:publication_date>
      <news:title>CVE-2026-54493: Koel Authenticated Full-Read SSRF via Subsonic Radio Endpoints</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54498-view-component-around-render-xss</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:31:27.005Z</news:publication_date>
      <news:title>CVE-2026-54498: view_component around_render HTML-Safety Bypass XSS</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-54504-mcp-documentation-server-unauth-network-api-exposure</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T23:27:59.856Z</news:publication_date>
      <news:title>CVE-2026-54504: @andrea9293/mcp-documentation-server Unauthenticated Network API Exposure</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55578-pheditor-terminal-command-injection-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:48:02.656Z</news:publication_date>
      <news:title>CVE-2026-55578: Pheditor OS Command Injection via Incomplete Terminal Blocklist</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-55579-pheditor-hardcoded-default-password-rce</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:31:23.295Z</news:publication_date>
      <news:title>CVE-2026-55579: Pheditor Hardcoded Default Password Enables Unauthenticated RCE</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-59950-mcp-websocket-missing-origin-validation</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-16T20:30:06.334Z</news:publication_date>
      <news:title>CVE-2026-59950: mcp WebSocket Transport Missing Origin Validation</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/cve-2026-62944-mantisbt-stored-xss-attachment-filename-html-export</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T19:08:01.589Z</news:publication_date>
      <news:title>CVE-2026-62944: MantisBT Stored XSS via Attachment Filename in HTML Export</news:title>
      <news:keywords>CVE Advisory</news:keywords>
    </news:news>
  </url>
  <url>
    <loc>https://securelayer7.net/lab/obsidian-local-rest-api-path-traversal-percent-encoded-slash-vault</loc>
    <news:news>
      <news:publication>
        <news:name>SecureLayer7</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-15T22:08:32.348Z</news:publication_date>
      <news:title>obsidian-local-rest-api: Authenticated Path Traversal via Percent-Encoded Slash in /vault/{path}</news:title>
      <news:keywords>Security Research</news:keywords>
    </news:news>
  </url>
</urlset>