{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T20:34:23.180","vulnerabilities":[{"cve":{"id":"CVE-2026-32095","sourceIdentifier":"security-advisories@github.com","published":"2026-03-11T20:16:17.923","lastModified":"2026-03-16T17:10:07.763","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents capable of executing embedded JavaScript, creating a stored XSS vulnerability. This vulnerability is fixed in 0.7.1."},{"lang":"es","value":"Plunk es una plataforma de correo electrónico de código abierto construida sobre AWS SES. Antes de la versión 0.7.1, el punto final de carga de imágenes de Plunk aceptaba archivos SVG, que los navegadores tratan como documentos activos capaces de ejecutar JavaScript incrustado, creando una vulnerabilidad de XSS almacenado. Esta vulnerabilidad está corregida en la versión 0.7.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:useplunk:plunk:*:*:*:*:*:*:*:*","versionEndExcluding":"0.7.1","matchCriteriaId":"C8951C88-1813-41E0-8F35-A7FFDA8DC6E2"}]}]}],"references":[{"url":"https://github.com/useplunk/plunk/security/advisories/GHSA-69jg-7493-cx5x","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}