<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9" xmlns:image="http://www.google.com/schemas/sitemap-image/1.1">
  <url>
    <loc>https://0daynews.com/articles/2026-07-06-gitlab-exiftool-rce-cve-2021-22205/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-06T13:00:00.000Z</news:publication_date>
      <news:title>GitLab&apos;s ExifTool RCE: A Patch That Sat Unrecognized for Months</news:title>
      <news:keywords>CVE-2021-22205, GitLab, ExifTool, remote code execution, patch adoption gap</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-06-gitlab-exiftool-rce-cve-2021-22205/cover.jpg</image:loc>
      <image:title>GitLab&apos;s ExifTool RCE: A Patch That Sat Unrecognized for Months</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-05-barracuda-esg-zero-day-cve-2023-2868/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-05T15:30:00.000Z</news:publication_date>
      <news:title>Barracuda Told Customers to Replace Their Appliances, Not Just Patch Them. Here&apos;s Why.</news:title>
      <news:keywords>CVE-2023-2868, Barracuda ESG, Email Security Gateway, appliance replacement, persistent backdoor</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-05-barracuda-esg-zero-day-cve-2023-2868/cover.jpg</image:loc>
      <image:title>Barracuda Told Customers to Replace Their Appliances, Not Just Patch Them. Here&apos;s Why.</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-05-winrar-path-traversal-cve-2023-38831/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-05T13:00:00.000Z</news:publication_date>
      <news:title>The WinRAR Bug That Hid a Malicious Script Behind a Fake Photo</news:title>
      <news:keywords>CVE-2023-38831, WinRAR, RARLAB, path traversal, spoofed file extension</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-05-winrar-path-traversal-cve-2023-38831/cover.jpg</image:loc>
      <image:title>The WinRAR Bug That Hid a Malicious Script Behind a Fake Photo</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-vmware-vcenter-vsphere-client-rce-cve-2021-21972/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T15:30:00.000Z</news:publication_date>
      <news:title>vCenter&apos;s Unrestricted-Upload Bug: A Reminder That Management Planes Shouldn&apos;t Face the Internet</news:title>
      <news:keywords>CVE-2021-21972, VMware vCenter Server, vSphere Client, unrestricted file upload, virtualization security</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-04-vmware-vcenter-vsphere-client-rce-cve-2021-21972/cover.jpg</image:loc>
      <image:title>vCenter&apos;s Unrestricted-Upload Bug: A Reminder That Management Planes Shouldn&apos;t Face the Internet</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-04-spring4shell-vmware-spring-framework-rce/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-04T13:00:00.000Z</news:publication_date>
      <news:title>Spring4Shell: Why This One Needed Careful Triage, Not Panic</news:title>
      <news:keywords>Spring4Shell, CVE-2022-22965, Spring Framework, VMware, data binding</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-04-spring4shell-vmware-spring-framework-rce/cover.jpg</image:loc>
      <image:title>Spring4Shell: Why This One Needed Careful Triage, Not Panic</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-03-confluence-ognl-injection-cve-2022-26134/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-03T15:30:00.000Z</news:publication_date>
      <news:title>The Confluence Bug That Went From Zero-Day to Mass Ransomware Precursor in Days</news:title>
      <news:keywords>CVE-2022-26134, Atlassian Confluence, OGNL injection, ransomware precursor, webshell</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-03-confluence-ognl-injection-cve-2022-26134/cover.jpg</image:loc>
      <image:title>The Confluence Bug That Went From Zero-Day to Mass Ransomware Precursor in Days</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-03-fortios-fortiproxy-auth-bypass-cve-2022-40684/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-03T13:00:00.000Z</news:publication_date>
      <news:title>FortiOS Auth Bypass: Why Fortinet Warned Select Customers Before Going Public</news:title>
      <news:keywords>CVE-2022-40684, FortiOS, FortiProxy, authentication bypass, SSH key persistence</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-03-fortios-fortiproxy-auth-bypass-cve-2022-40684/cover.jpg</image:loc>
      <image:title>FortiOS Auth Bypass: Why Fortinet Warned Select Customers Before Going Public</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-02-f5-big-ip-icontrol-rest-auth-bypass/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-02T15:00:00.000Z</news:publication_date>
      <news:title>F5 BIG-IP&apos;s Maximum-Severity Auth Bypass: What CVE-2022-1388 Actually Exposed</news:title>
      <news:keywords>CVE-2022-1388, F5 BIG-IP, iControl REST, authentication bypass, application delivery controller</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-02-f5-big-ip-icontrol-rest-auth-bypass/cover.jpg</image:loc>
      <image:title>F5 BIG-IP&apos;s Maximum-Severity Auth Bypass: What CVE-2022-1388 Actually Exposed</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-02-follina-msdt-zero-day-explained/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-02T13:00:00.000Z</news:publication_date>
      <news:title>Follina Explained: The MSDT Bug That Skipped the Macro Warning Entirely</news:title>
      <news:keywords>Follina, CVE-2022-30190, MSDT, Windows Support Diagnostic Tool, zero-day</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-02-follina-msdt-zero-day-explained/cover.jpg</image:loc>
      <image:title>Follina Explained: The MSDT Bug That Skipped the Macro Warning Entirely</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-01-mshtml-office-zero-day-cve-2021-40444/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-01T15:30:00.000Z</news:publication_date>
      <news:title>The MSHTML Zero-Day That Turned a Word Document Into Full Code Execution</news:title>
      <news:keywords>CVE-2021-40444, MSHTML, Office zero-day, ActiveX, phishing</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-01-mshtml-office-zero-day-cve-2021-40444/cover.jpg</image:loc>
      <image:title>The MSHTML Zero-Day That Turned a Word Document Into Full Code Execution</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-07-01-proxylogon-exchange-server-attack-chain/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-07-01T13:00:00.000Z</news:publication_date>
      <news:title>ProxyLogon: Inside the Exchange Server Attack Chain That Triggered an FBI Court Order</news:title>
      <news:keywords>ProxyLogon, CVE-2021-26855, Exchange Server, Hafnium, webshell</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-07-01-proxylogon-exchange-server-attack-chain/cover.jpg</image:loc>
      <image:title>ProxyLogon: Inside the Exchange Server Attack Chain That Triggered an FBI Court Order</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-06-30-printnightmare-windows-print-spooler-explained/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-06-30T15:00:00.000Z</news:publication_date>
      <news:title>PrintNightmare: How a Leaked Proof-of-Concept Forced an Emergency Windows Patch</news:title>
      <news:keywords>PrintNightmare, CVE-2021-34527, Windows Print Spooler, privilege escalation, domain controller compromise</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-06-30-printnightmare-windows-print-spooler-explained/cover.jpg</image:loc>
      <image:title>PrintNightmare: How a Leaked Proof-of-Concept Forced an Emergency Windows Patch</image:title>
    </image:image>
  </url>
  <url>
    <loc>https://0daynews.com/articles/2026-06-30-log4shell-log4j-anniversary-explainer/</loc>
    <news:news>
      <news:publication>
        <news:name>0dayNews</news:name>
        <news:language>en</news:language>
      </news:publication>
      <news:publication_date>2026-06-30T13:00:00.000Z</news:publication_date>
      <news:title>Log4Shell, Explained: Why a Logging Library Became the Internet&apos;s Worst Week</news:title>
      <news:keywords>Log4Shell, CVE-2021-44228, Apache Log4j2, JNDI injection, remote code execution</news:keywords>
    </news:news>
    <image:image>
      <image:loc>https://0daynews.com/articles/2026-06-30-log4shell-log4j-anniversary-explainer/cover.jpg</image:loc>
      <image:title>Log4Shell, Explained: Why a Logging Library Became the Internet&apos;s Worst Week</image:title>
    </image:image>
  </url>
</urlset>