Practical Security Guides For Your Team
Clear, non-alarmist guidance for real web vulnerabilities so your team can prioritize fixes confidently.
Next.js Image Feature Can Be Abused to Take Your Website Offline
highYour website uses a feature in Next.js that automatically resizes and optimises images. A flaw in versions before 15.5.10 means an attacker could point this feature at an extremely large image and force your server to run out of memory — crashing your site. The attacker needs to be able to host or control a large image on a domain your site is already configured to trust.
Next.js Server Crash Vulnerability via Oversized Requests (CVE-2025-59472)
highA flaw in a specific Next.js feature called Partial Prerendering (PPR) allows anyone on the internet to crash your web server by sending a specially crafted request — no login required. This only affects self-hosted Next.js applications running in a specific 'minimal mode' configuration with PPR turned on. If your app is hosted on Vercel's platform, you are not affected.
Axios Library Flaw Lets Attackers Crash Your Node.js Server
highYour application uses a version of Axios — a very common networking library — that has a flaw allowing an attacker to send a specially crafted request that forces your server to consume all available memory and crash. This causes downtime for your users and can be triggered with a single request, requiring no login or special access.