Jorian Woltjer

Jorian is a Security Researcher at Aikido, working predominantly on the AI Pentesting team. He has experience as a pentester and is an avid CTF player, writing about novel techniques in his free time

Blog posts by Jorian Woltjer

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

•

Vulnerabilities & Threats

Roundcube XSS chained with cookie tossing for full inbox access

We found a stored XSS in Roundcube's draft attachment endpoint that, chained with a cookie tossing technique, gives an attacker full access to a victim's inbox. Here's how the exploit chain works and how it was patched

Tags/

No items found.

April 17, 2026

•

Vulnerabilities & Threats

Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow

Aikido's AI pentest agent found three XSS vulnerabilities in Mailcow, one of which let unauthenticated attackers take over administrator accounts. All issues have been patched as of version 2026-03b.

Tags/

#Vulnerabilities

#open-source

February 23, 2026

•

Vulnerabilities & Threats

Astro Full-Read SSRF via Host Header Injection

Aikido Security's AI pentesting agent discovered a Server-Side Request Forgery vulnerability in Astro's SSR implementation. Learn how Host header injection in prerendered error pages allowed full internal network access.

Tags/

#open-source

#Vulnerabilities

#NPM

February 19, 2026

•

Vulnerabilities & Threats

SvelteSpill: A Cache Deception Bug in SvelteKit + Vercel

SvelteSpill is a cache deception vulnerability affecting default SvelteKit apps deployed on Vercel. Authenticated responses can be cached and exposed across users. Learn how to check if you’re vulnerable and how to mitigate risk.

Tags/

#Vulnerabilities

#DAST

#AI Penetration Testing

Get secure now

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start Scanning

No CC required

Book a demo

No credit card required | Scan results in 32secs.