Useplunk Plunk
5 CVEs affecting Useplunk Plunk. Latest disclosed: 2026-05-08. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-32096 | Critical | 9.3 | 2026-03-11 | Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vulnerability existed in the SNS webhook h… |
CVE-2026-42193 | Critical | 9.1 | 2026-05-08 | Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads fro… |
CVE-2026-34975 | High | 8.5 | 2026-04-06 | Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where us… |
CVE-2026-42192 | Medium | 5.4 | 2026-05-08 | Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting (XSS) vulnerability exists in the campaig… |
CVE-2026-32095 | Medium | 5.4 | 2026-03-11 | Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as activ… |