diff --git a/cves.json b/cves.json
index 1d1c89c2860..7f6cc366f7a 100644
--- a/cves.json
+++ b/cves.json
@@ -3385,6 +3385,7 @@
 {"ID":"CVE-2025-5394","Info":{"Name":"Unauthenticated Arbitrary Plugin Upload in Alone Theme","Severity":"critical","Description":"The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-5394.yaml"}
 {"ID":"CVE-2025-54123","Info":{"Name":"Hoverfly \u003c= 1.11.3 - Remote Code Execution","Severity":"critical","Description":"Hoverfly versions 1.11.3 and below are vulnerable to remote code execution (RCE) via command injection in the middleware API endpoint (/api/v2/hoverfly/middleware). Insufficient validation of the 'binary' and 'script' parameters allows an unauthenticated attacker to execute arbitrary commands on the host system.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-54123.yaml"}
 {"ID":"CVE-2025-54125","Info":{"Name":"XWiki XML View - Sensitive Information Exposure","Severity":"high","Description":"A vulnerability in XWiki's XML view functionality exposes sensitive information such as passwords and email addresses that are stored in custom fields not explicitly named as password or email. This information disclosure occurs when accessing user profiles with the xml.vm template.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2025/CVE-2025-54125.yaml"}
+{"ID":"CVE-2025-54236","Info":{"Name":"Adobe Commerce - Authentication Bypass","Severity":"critical","Description":"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-54236.yaml"}
 {"ID":"CVE-2025-54249","Info":{"Name":"Adobe Experience Manager ≤ 6.5.23.0 – SSRF","Severity":"medium","Description":"Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-54249.yaml"}
 {"ID":"CVE-2025-54251","Info":{"Name":"Adobe Experience Manager ≤ 6.5.23.0 - XML Injection","Severity":"medium","Description":"Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2025/CVE-2025-54251.yaml"}
 {"ID":"CVE-2025-54589","Info":{"Name":"Copyparty \u003c=1.18.6 - Cross-Site Scripting","Severity":"medium","Description":"Copyparty before 1.18.7 is vulnerable to reflected cross-site scripting (XSS) via the 'filter' parameter in the '/?ru' endpoint. Unsanitized user input is reflected in the HTML response, allowing attackers to execute arbitrary JavaScript in the context of the victim's browser.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2025/CVE-2025-54589.yaml"}
diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt
index bc9606051b4..9d1f91f0079 100644
--- a/cves.json-checksum.txt
+++ b/cves.json-checksum.txt
@@ -1 +1 @@
-2030631f70cbd2af39abf37d30c01f4f
+858345d140fd58489b7f17bd612b8af9