VYPR

Plunk

by Plunk Email

Source repositories

CVEs (3)

  • CVE-2026-42192MedMay 8, 2026
    risk 0.28cvss 5.4epss 0.00

    Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting (XSS) vulnerability exists in the campaign management feature, where the email body content created by authenticated project members is stored and later rendered…

  • CVE-2026-32096Mar 11, 2026
    risk 0.00cvss epss 0.00

    Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery (SSRF) vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound…

  • CVE-2026-32095Mar 11, 2026
    risk 0.00cvss epss 0.00

    Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents capable of executing embedded JavaScript, creating a stored XSS vulnerability. This vulnerability is fixed…