![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
.jpg?#)
.png?#)
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Aleksey_Funtap_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![[Fixed] Gemini app is failing to generate Audio Overviews](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/03/Gemini-Audio-Overview-cover.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Seeds tvOS 18.5 Beta 2 to Developers [Download]](https://www.iclarified.com/images/news/97011/97011/97011-640.jpg)
![Apple Releases macOS Sequoia 15.5 Beta 2 to Developers [Download]](https://www.iclarified.com/images/news/97014/97014/97014-640.jpg)
How I Found a CORS Misconfiguration + No Rate Limiting on a Live Website
While exploring a few public websites last week, I stumbled upon a surprisingly common yet dangerous combination of vulnerabilities — CORS misconfiguration and lack of API rate limiting. These two issues, together, could allow any attacker to fetch data from protected APIs and overwhelm the server with thousands of requests. In this post, I’ll explain what I found, why it’s a problem, and how you can protect your applications.
While exploring a few public websites last week, I stumbled upon a surprisingly common yet dangerous combination of vulnerabilities — CORS misconfiguration and lack of API rate limiting.
These two issues, together, could allow any attacker to fetch data from protected APIs and overwhelm the server with thousands of requests. In this post, I’ll explain what I found, why it’s a problem, and how you can protect your applications.
