All 5 CVE vulnerabilities found in plunk, with AI-generated Chinese analysis, references, and POCs.
Vendor: useplunk
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-42192 | Plunk: Stored XSS in campaign view CWE-79 | 5.4 | Medium | 2026-05-08 |
| CVE-2026-42193 | Plunk: SNS webhook forgery CWE-347 | 9.1 | Critical | 2026-05-08 |
| CVE-2026-34975 | Plunk has a CRLF Email Header Injection in raw MIME message construction allows authenticated API user to inject arbitrary email headers CWE-93 | 8.5 | High | 2026-04-06 |
| CVE-2026-32096 | Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns CWE-918 | 9.3 | Critical | 2026-03-11 |
| CVE-2026-32095 | Plunk has Stored Cross-Site Scripting (XSS) via SVG File Upload CWE-79 | 5.4 | Medium | 2026-03-11 |
All 5 known CVE vulnerabilities affecting plunk with full Chinese analysis, references, and POCs where available.