Vulnerabilities in useplunk
5 resultsCVE-2026-32096CRITICALPlunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/snsEPSS 0.3%CVE-2026-34975HIGHPlunk has a CRLF Email Header Injection in raw MIME message construction allows authenticated API user to inject arbitrary email headersEPSS 0.2%CVE-2026-42192MEDIUMPlunk: Stored XSS in campaign viewEPSS 0.2%CVE-2026-32095MEDIUMPlunk has Stored Cross-Site Scripting (XSS) via SVG File UploadEPSS 0.1%CVE-2026-42193CRITICALPlunk: SNS webhook forgeryEPSS 0.1%