Exploit for Double Free in Apache Http_Server

☣️ CVE-2026-23918-Elite-Auditor ☣️ Professional Intelligenc...

EUVD-2025-205476

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used...

Chaos - Origin IP Scanning Utility Developed With ChatGPT

chaos is an 'origin' IP scanner developed by RST in collaboration with ChatGPT. It is a niche utility with an intended audience of mostly penetration testers and bug hunters. An origin-IP is a term-of-art expression describing the final public IP destination for websites that are publicly served...

Cloudflare Public Bug Bounty: Origin IP address disclosure through Pingora response header

HTTP responses to cached files served by the Pingora proxy revealed Origin IP address information. An attacker could trigger this misbehaviour by crafting a request with a malformed Range header. The attack was successful under conditions where Cloudflare cache was in REVALIDATED state, the...

CVE-2022-2877

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

GitLab: Found Origin IP's lead to access to gitlab

@m-narayanan disclosed a known Origin IP / CloudFlare bypass issue, remediation for which was and is being tracked at https://gitlab.com/gitlab-com/gl-infra/reliability/-/issues/9945 The requested disclosure, then later requested it to be made private again...

CVE-2022-1762

The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

CVE-2022-1762

The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

Design/Logic Flaw

The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers...

PT-2022-14094 · WordPress · Iq Block Country

Name of the Vulnerable Software and Affected Versions: iQ Block Country WordPress plugin versions prior to 1.2.20 Description: The issue allows threat actors to bypass the block feature by spoofing HTTP headers, as the plugin does not properly check these headers to validate the origin IP address...

U.S. Dept Of Defense: Found Origin IP's Lead To Access ████

Discovered that the ██████ site exposed its Non-Cloudflare IP which could allow bypassing of anti-DDoS mechanisms. Your origin servers are not blocking access from non-Cloudflare servers.This way crawlers can find your origin servers' IPs by checking random IPs until they found your origin server...

Sifchain: Origin IP Disclosure Vulnerability

Summary: It is possible to access origin IP servers served by nginx and not cloudflare. Even though these IP's don't serve a functional version of the app it is possible to enable DDoS attacks by bypassing cloudflare protections. Steps To Reproduce: Even though these IP's don't serve a functional...

Design/Logic Flaw

Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic...

Chaturbate: DoS attacks utilizing camo.stream.highwebmedia.com

DoS attacks utilizing camo.stream.highwebmedia.com Summary The asset proxy at camo.stream.highwebmedia.com used to embed external images linked by users fails to enforce 1. a timeout on slow responses if a little data is sent every 10 seconds a kind of "reverse-slowloris" attack 1. a size limit o...

bypass-firewalls-by-DNS-history - Firewall Bypass Script Based On DNS History Records

This script will try to find: the direct IP address of a server behind a firewall like Cloudflare, Incapsula, SUCURI ... an old server which still running the same inactive and unmaintained website, not receiving active traffic because the A DNS record is not pointing towards it. Because it's an...