plunk — Vulnerabilities & Security Advisories 3

All 3 CVE vulnerabilities found in plunk, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-34975	Plunk has a CRLF Email Header Injection in raw MIME message construction allows authenticated API user to inject arbitrary email headers CWE-93	8.5	High	2026-04-06
CVE-2026-32096	Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns CWE-918	9.3	Critical	2026-03-11
CVE-2026-32095	Plunk has Stored Cross-Site Scripting (XSS) via SVG File Upload CWE-79	5.4	Medium	2026-03-11

All 3 known CVE vulnerabilities affecting plunk with full Chinese analysis, references, and POCs where available.