Recursive URL Decoding Can Expose Servers to CPU-Draining Decode Bomb Attacks
A security concern known informally as a 'decode bomb' arises when server-side code loops URL decoding until a string stops changing, allowing attackers to submit deeply nested encoded payloads that…
Read the full articleYou might also wanna read
Proof-of-Concept Exploit Released for Critical NGINX Heap Buffer Overflow (CVE-2026-42945)
exploit for CVE-2026-42945. Contribute to DepthFirstDisclosures/Nginx-Rift development by creating an account on GitHub.
Codex Publishes HTTP/2 Bomb: Remote DoS Exploit Targeting Major Web Servers
14 years ago, I helped break HTTP header compression, then was asked to review the fix, which became part of HTTP/2. Life has come full circ
OpenAI Codex helps researchers discover HTTP/2 denial-of-service exploit affecting major web servers
Codex drops an HTTP/2 Bomb
Critical Buffer Overflow Vulnerability Discovered in cURL Cookie Parsing Mechanism
## Summary I discovered a critical stack-based buffer overflow vulnerability in cURL's cookie parsing mechanism that can lead to remote code
Critical Remote Code Execution Vulnerability Discovered in Widely Used protobuf.js Library
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implemen
CVE-2026-31267: n/a
Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 contains a stack buffer overflow vulnerability in its administrative web interface. This f

Comments
Sign in to join the conversation.
No comments yet. Be the first.