
.avif)

Jorian Woltjer
Blog posts by Jorian Woltjer
Authentication Bypass in the default configuration phpBB
Our AI pentest agents found a critical phpBB auth bypass (CVE-2026-48611): one unauthenticated request logs you into any account. See the exploit and the fix.
10 year old critical vulnerability in phpBB affecting tens of millions of users across thousands of forums
Aikido Security discovered a critical unauthenticated authentication bypass in phpBB affecting tens of millions of users. A single HTTP request is all it takes to take over any account — a vulnerability that's been sitting in the codebase since 2014.
Roundcube XSS chained with cookie tossing for full inbox access
We found a stored XSS in Roundcube's draft attachment endpoint that, chained with a cookie tossing technique, gives an attacker full access to a victim's inbox. Here's how the exploit chain works and how it was patched
Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow
Aikido's AI pentest agent found three XSS vulnerabilities in Mailcow, one of which let unauthenticated attackers take over administrator accounts. All issues have been patched as of version 2026-03b.
Get secure now
Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

