CVE-2026-32096 Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery SSRF vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to an...

CVE-2026-32096

Plunk (open-source email platform built on AWS SES) contains a Server-Side Request Forgery (SSRF) in the SNS webhook handler prior to version 0.7.0. An unauthenticated attacker could craft a request that forced the server to perform an outbound HTTP GET to any host reachable from the server. The ...

CVE-2026-32096 Plunk has SSRF via unvalidated AWS SNS SubscriptionConfirmation in POST /webhooks/sns

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery SSRF vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to an...

PT-2019-18281 · Frederick Townes · W3 Total Cache

Name of the Vulnerable Software and Affected Versions: W3 Total Cache plugin versions prior to 0.9.4 Description: The issue allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data. This is due to a lack of proper access control in the API,...

mailman security and bug fix update

2.1.5.1-34.rhel4.6 - fix 200036 - canceling subscription confirmation crashes mailman - fix 205651 - CVE-2006-4624 logfile CRLF injection - fix 230939 - missing migrate-fhs script - fix 223191 - spam filters gets deleted when sender filter is edited - fix 242677 - wrong init script...