{"resultsPerPage":17,"startIndex":0,"totalResults":17,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-16T11:56:54.602","vulnerabilities":[{"cve":{"id":"CVE-2026-56877","sourceIdentifier":"cve@mitre.org","published":"2026-07-13T22:16:48.133","lastModified":"2026-07-16T07:16:48.090","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The SCORM lab launch endpoint in Skillable (scorm.skillable.com) through 2026-07-13 does not validate the client-supplied userId parameter against the authenticated SCORM session token. An authenticated user can substitute arbitrary userId values to bypass per-user lab launch rate limits and consume other users' lab allocations, resulting in denial of service against targeted users' lab and exam access. Skillable was formerly named Learn on Demand Systems."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"Skillable","product":"SCORM Lab Launch Integration","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"2026-07-13","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-14T12:46:25.980656Z","id":"CVE-2026-56877","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-472"}]}],"references":[{"url":"https://www.openwall.com/lists/oss-security/2026/07/12/1","source":"cve@mitre.org"},{"url":"https://www.skillable.com/security/","source":"cve@mitre.org"},{"url":"http://seclists.org/fulldisclosure/2026/Jul/20","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/12/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/12/2","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-15809","sourceIdentifier":"secalert@redhat.com","published":"2026-07-15T13:17:03.933","lastModified":"2026-07-16T07:16:47.750","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in CRI-O. The fix for a previous vulnerability (CVE-2022-4318) was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Confidential Compute Attestation","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-sandboxed-containers/osc-monitor-rhel9","cpes":["cpe:/a:redhat:confidential_compute_attestation:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"cri-o","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/cnf-tests-rhel8","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ztp-site-generate-rhel8","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T13:06:08.620102Z","id":"CVE-2026-15809","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-134"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-116"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-15809","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2500846","source":"secalert@redhat.com"},{"url":"https://github.com/cri-o/cri-o/pull/6450","source":"secalert@redhat.com"},{"url":"https://github.com/cri-o/cri-o/pull/6524","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-53366","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-07-16T06:16:27.333","lastModified":"2026-07-16T06:16:27.333","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: account for fraggap on the paged allocation path\n\nIn __ip_append_data(), when the paged-allocation branch is taken,\nalloclen and pagedlen are computed as\n\n\talloclen = fragheaderlen + transhdrlen;\n\tpagedlen = datalen - transhdrlen;\n\ndatalen already includes fraggap, but the fraggap bytes carried over\nfrom the previous skb are copied into the new skb's linear area at\noffset transhdrlen by the subsequent skb_copy_and_csum_bits(). The\nlinear area is therefore undersized by fraggap bytes while pagedlen is\noverstated by the same amount.\n\nThe non-paged branch sets alloclen to fraglen, which already accounts\nfor fraggap because datalen does. Bring the paged branch in line by\nadding fraggap to alloclen and subtracting it from pagedlen.\n\nAfter this adjustment, copy no longer collapses to -fraggap on the\npaged path, so remove the stale comment describing that old arithmetic."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ipv4/ip_output.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8eb77cc73977d88787b37c92831b1c242e035396","lessThan":"ce494707a9c07f27c219ca67f3e138061f53d9b3","versionType":"git","status":"affected"},{"version":"8eb77cc73977d88787b37c92831b1c242e035396","lessThan":"a9c24eda24bd15f432e37824e6fc440977cb241c","versionType":"git","status":"affected"},{"version":"8eb77cc73977d88787b37c92831b1c242e035396","lessThan":"77798d7be6ef71e72fb6fc8a2901bf74ebc9706f","versionType":"git","status":"affected"},{"version":"8eb77cc73977d88787b37c92831b1c242e035396","lessThan":"c04d9ece23deb9e26c19f9ca215e98b3295aa1bb","versionType":"git","status":"affected"},{"version":"8eb77cc73977d88787b37c92831b1c242e035396","lessThan":"eca856950f7cb1a221e02b99d758409f2c5cec42","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ipv4/ip_output.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","versionType":"semver","status":"unaffected"},{"version":"6.6.144","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.95","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.38","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.1.3","lessThanOrEqual":"7.1.*","versionType":"semver","status":"unaffected"},{"version":"7.2-rc1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/77798d7be6ef71e72fb6fc8a2901bf74ebc9706f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a9c24eda24bd15f432e37824e6fc440977cb241c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/c04d9ece23deb9e26c19f9ca215e98b3295aa1bb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ce494707a9c07f27c219ca67f3e138061f53d9b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/eca856950f7cb1a221e02b99d758409f2c5cec42","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}},{"cve":{"id":"CVE-2026-11371","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:46.480","lastModified":"2026-07-16T07:16:46.480","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The BetterDocs  WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and outputting it, and the feature that generates it is exposed to unauthenticated users, allowing them to store a malicious payload via prompt injection that executes in the browser of any visitor who views the affected page, including administrators."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"BetterDocs","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.5.5","versionType":"semver","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://wpscan.com/vulnerability/db41e3db-74c2-4b94-bbff-bd1493295241/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-11866","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:46.593","lastModified":"2026-07-16T07:16:46.593","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Appointment Booking Plugin  WordPress plugin before 5.6.3 does not validate a CSRF nonce on several state-changing actions handled by its central request dispatcher, allowing attackers to perform privileged actions, such as overwriting the booking-form configuration or disconnecting the connected payment gateway, via Cross-Site Request Forgery against a logged-in administrator."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Appointment Booking Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.6.3","versionType":"semver","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://wpscan.com/vulnerability/84e936b8-1978-4dc3-aa40-5ce49bfdc445/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12395","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:46.690","lastModified":"2026-07-16T07:16:46.690","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Job Portal  WordPress plugin before 2.5.5 does not properly sanitize and escape a parameter before using it in a SQL query, allowing authenticated users with a subscriber-level (self-registerable) account to perform SQL injection attacks."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"WP Job Portal","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.5.5","versionType":"semver","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://wpscan.com/vulnerability/0183c669-cb09-4d53-852f-a0a877691d1e/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12492","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:46.787","lastModified":"2026-07-16T07:16:46.787","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Happy Coders OTP Login for WooCommerce WordPress plugin before 2.8 does not verify that a one-time password was actually validated before authenticating a user based on a supplied identifier, allowing unauthenticated attackers to log in as any existing user, including administrators, as well as to create new accounts."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Happy Coders OTP Login for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"1.5","lessThan":"2.8","versionType":"semver","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://wpscan.com/vulnerability/56fdcba6-c7b1-443d-9f9d-b738ecaadabc/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12510","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:46.877","lastModified":"2026-07-16T07:16:46.877","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The AI Engine  WordPress plugin before 3.5.5 does not verify that a user owns the chatbot conversation referenced by a client-supplied identifier, allowing users with subscriber-level access to read other users' private conversations and take over their conversation records when the discussions feature is enabled."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"AI Engine","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.5.5","versionType":"semver","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://wpscan.com/vulnerability/b7825c8a-1817-4a17-b641-076e48ac7c2e/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12525","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:46.987","lastModified":"2026-07-16T07:16:46.987","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile, on sites where the Redux Framework WordPress plugin before 4.5.13's user-profile (Users extension) feature is enabled."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Redux Framework","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"4.5.13","versionType":"semver","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://wpscan.com/vulnerability/11d5d4c2-7ba9-4389-9050-28c90920e34b/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12585","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:47.100","lastModified":"2026-07-16T07:16:47.100","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Abandoned Cart Lite for WooCommerce WordPress plugin before 6.8.2 does not protect the integrity of its cart-recovery tokens or bind them to the requesting account, allowing unauthenticated attackers to forge a recovery link that logs them in as another user when the automatic-login option is enabled."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Abandoned Cart Lite for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"6.8.2","versionType":"semver","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://wpscan.com/vulnerability/c94475c8-d129-4735-b599-5094efb20cb8/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12684","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:47.210","lastModified":"2026-07-16T07:16:47.210","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachment feature is enabled, allowing unauthenticated users to upload media files (bounded to an image and video allowlist) to the Media Library and create attachment posts, leading to media library pollution and disk space exhaustion."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Customer Reviews for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.113.0","versionType":"semver","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://wpscan.com/vulnerability/169d3455-dd98-4b0b-b6c1-6c9c28aa9707/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12869","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:47.300","lastModified":"2026-07-16T07:16:47.300","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The Header Footer Builder for Elementor WordPress plugin before 1.2.1 does not require an administrative capability for its dashboard template-import action (it allows any edit_posts user), so a Contributor can import a template containing an Elementor HTML widget configured to display site-wide, injecting JavaScript that executes in the session of any visitor or administrator who loads the site."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Header Footer Builder for Elementor","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.2.1","versionType":"semver","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://wpscan.com/vulnerability/3c6562d9-f55e-4d82-be95-60e82a6feecf/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12906","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:47.400","lastModified":"2026-07-16T07:16:47.400","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed posts."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"RTMKit","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.9","versionType":"semver","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://wpscan.com/vulnerability/594c3769-b953-4966-836d-a0dc4585fe87/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12907","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:47.490","lastModified":"2026-07-16T07:16:47.490","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The RTMKit WordPress plugin before 2.0.9 does not perform a proper capability check on one of its -builder AJAX actions, allowing users with at least the Author role to create and activate a site-wide template that overrides the header, footer or other global areas displayed to all visitors, which is normally restricted to administrators."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"RTMKit","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.9","versionType":"semver","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://wpscan.com/vulnerability/61588303-d356-4cec-9cdc-15dc8cb0b29f/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12978","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:47.577","lastModified":"2026-07-16T07:16:47.577","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The FunnelKit  WordPress plugin before 3.15.0.6 does not escape a user-supplied parameter before reflecting it into the HTML response of one of its page-builder AJAX actions, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting against logged-in users who open a crafted page. The affected action is only registered when the Divi /builder is active."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"FunnelKit","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.15.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://wpscan.com/vulnerability/1b22645b-28cb-44f3-a5b9-c81a40175e59/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-12979","sourceIdentifier":"contact@wpscan.com","published":"2026-07-16T07:16:47.663","lastModified":"2026-07-16T07:16:47.663","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"The FunnelKit  WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable other FunnelKit  WordPress plugin before 3.15.0.6 or  (denial of service)."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"FunnelKit","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.15.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{},"references":[{"url":"https://wpscan.com/vulnerability/d81ca171-65eb-484d-917f-f41b0cd20351/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-15925","sourceIdentifier":"412d305a-227d-44f9-a262-a31ba44f2aea","published":"2026-07-16T07:16:47.957","lastModified":"2026-07-16T07:16:47.957","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this by intercepting or redirecting network traffic and presenting a certificate signed by any trusted CA for any domain, causing the connector to accept connections without validating that the certificate matched the requested hostname. Successful exploitation requires an on-path traffic interception capability (e.g. ARP/DNS poisoning, rogue access point, BGP hijacking, or malicious proxy/exit node). This vulnerability may have exposed credentials, query data, and staged file contents to interception and tampering, and may have enabled the attacker to issue arbitrary SQL within the context of the victim's connector session. Impact is limited by the privileges of the affected Snowflake role. The fix is available in Snowflake Connector for Python version 4.7.1. Users must manually upgrade."}],"affected":[{"source":"412d305a-227d-44f9-a262-a31ba44f2aea","affectedData":[{"vendor":"Snowflake","product":"Snowflake Connector for Python","defaultStatus":"unaffected","versions":[{"version":"1.7.4","lessThan":"4.7.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"412d305a-227d-44f9-a262-a31ba44f2aea","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"412d305a-227d-44f9-a262-a31ba44f2aea","type":"Secondary","description":[{"lang":"en","value":"CWE-297"}]}],"references":[{"url":"https://github.com/snowflakedb/snowflake-connector-python/releases/tag/v4.7.1","source":"412d305a-227d-44f9-a262-a31ba44f2aea"}]}}]}