Latest news

HTTP/2 Bomb: Single-Attacker Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora
Vulnerability

HTTP/2 Bomb: Single-Attacker Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora

8 June 2026 dark6

A newly disclosed exploit called the 'HTTP/2 Bomb' can exhaust tens of gigabytes of server memory in seconds using just...
Read more 0
CVE-2026-9256 “nginx-poolslip”: Critical NGINX Flaw Enables Unauthenticated DoS and Code Execution
Vulnerability

CVE-2026-9256 “nginx-poolslip”: Critical NGINX Flaw Enables Unauthenticated DoS and Code Execution

25 May 2026 dark6

A critical heap buffer overflow in the NGINX rewrite module (CVE-2026-9256, "nginx-poolslip") allows unauthenticated remote attackers to crash NGINX workers...
Read more 0
Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild
Vulnerability

Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild

19 May 2026 dark6

Hackers are actively exploiting CVE-2026-42945, a critical heap buffer overflow in NGINX Open Source and NGINX Plus, with real-world attacks...
Read more 0
Critical CVE-2026-33032 (MCPwn): Actively Exploited nginx-ui Flaw Enables Full Web Server Takeover in Two HTTP Requests
Vulnerability

Critical CVE-2026-33032 (MCPwn): Actively Exploited nginx-ui Flaw Enables Full Web Server Takeover in Two HTTP Requests

21 April 2026 dark6

CVE-2026-33032 (MCPwn) is a CVSS 9.8 authentication bypass in nginx-ui being actively exploited in the wild. Attackers can seize full...
Read more 0