CVE-2026-32096
Plunk (open-source email platform built on AWS SES) contains a Server-Side Request Forgery (SSRF) in the SNS webhook handler prior to version 0.7.0. An unauthenticated attacker could craft a request that forced the server to perform an outbound HTTP GET to any host reachable from the server. The ...