EEF-CVE-2026-47074 ex_aws_sns SigningCertURL not validated in verify_message/1

Summary Improper Certificate Validation vulnerability in ex-aws exawssns ExAws.SNS, ExAws.SNS.PublicKeyCache modules allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/exaws/sns.ex, lib/exaws/sns/publickeycache.ex and program routines...

EUVD-2026-30302

Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did n...

CVE-2026-44308

Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did n...

CVE-2026-44308 Spring Cloud AWS: Missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications

Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did n...

CVE-2026-42193

Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...

CVE-2026-42193

Plunk (open-source email platform built on AWS SES) fixes a prior vulnerability: before v0.9.0, /webhooks/sns accepted unauthenticated SNS payloads without signature/cert/topic ARN verification, enabling forged webhook requests. Attackers could spoof SNS events to trigger automations, unsubscribe...

CVE-2026-42193 Plunk: SNS webhook forgery

Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...

PT-2026-39196

Name of the Vulnerable Software and Affected Versions Plunk versions prior to 0.9.0 Description The '/webhooks/sns' endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN. This allows an unauthenticated attack...

plunk 数据伪造问题漏洞

Plunk is an open-source email sending and management platform developed by Plunk. Versions of Plunk prior to 0.9.0 contained a data manipulation vulnerability. This vulnerability stems from the /webhooks/sns endpoint accepting Amazon SNS notification payloads without verifying the SNS signature,...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the SNS HTTP/HTTPS notification endpoints due to missing signature verification. An attacker can cause the application to process arbitrary payloads as legitimate notifications, auto-confi...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the SNS HTTP/HTTPS notification endpoints due to missing signature verification. An attacker can cause the application to process arbitrary payloads as legitimate notifications, auto-confi...

Exploit for Server-Side Request Forgery in Useplunk Plunk

CVE-2026-32096 SSRF via unvalidated AWS SNS SubscriptionCon...

pipesns (=0.1.5) potentially affected by unknown CVE via aws-sdk-sns (=0.4.1)

aws-sdk-sns CARGO version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on aws-sdk-sns and may be impacted: - pipesns =0.1.5 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

EUVD-2021-28311

Malicious code in bioql PyPI...

CVE-2021-41280

Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service SNS notification token configured via the snsnotificationtoken configuration...

PT-2019-11353 · Jenkins · Jenkins Amazon Sns Build Notifier Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Amazon SNS Build Notifier Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specificall...