diff --git a/cves.json b/cves.json
index ad427a18b34..d960f5bd891 100644
--- a/cves.json
+++ b/cves.json
@@ -3380,6 +3380,7 @@
 {"ID":"CVE-2025-1098","Info":{"Name":"Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations","Severity":"high","Description":"A security issue was discovered in  ingress-nginx https-//github.com/kubernetes/ingress-nginx  where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2025/CVE-2025-1098.yaml"}
 {"ID":"CVE-2025-11307","Info":{"Name":"WP Google Maps \u003c 9.0.48 - Cross-Site Scripting","Severity":"high","Description":"WP Google Maps WordPress plugin \u003c 9.0.48 contains a stored XSS vulnerability caused by unsanitized user input in AJAX actions, letting unauthenticated attackers execute scripts via stored payloads.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2025/CVE-2025-11307.yaml"}
 {"ID":"CVE-2025-11371","Info":{"Name":"Gladinet CentreStack \u0026 TrioFox - Local File Inclusion","Severity":"medium","Description":"In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.  This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560\n","Classification":{"CVSSScore":"6.2"}},"file_path":"http/cves/2025/CVE-2025-11371.yaml"}
+{"ID":"CVE-2025-11580","Info":{"Name":"PowerJob List - Authorization Bypass","Severity":"medium","Description":"PowerJob = 5.1.2 contains a broken access control caused by missing authorization in /user/list function, letting remote attackers access unauthorized resources, exploit requires no special privileges.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-11580.yaml"}
 {"ID":"CVE-2025-11700","Info":{"Name":"N-central - XML External Entities Injection","Severity":"high","Description":"N-central versions \u003c 2025.4 are vulnerable to an XML External Entities injection leading to information disclosure.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-11700.yaml"}
 {"ID":"CVE-2025-11749","Info":{"Name":"WordPress AI Engine Plugin - Token Exposure","Severity":"critical","Description":"Unauthenticated sensitive information exposure in AI Engine WordPress plugin \u003c= 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-11749.yaml"}
 {"ID":"CVE-2025-11750","Info":{"Name":"Dify - User Enumeration via \"Account not found\" Message","Severity":"medium","Description":"A user enumeration vulnerability exists in langgenius/dify, where the login API leaks information about whether a user account exists or not. When an invalid/non-existent email is used during login, the API returns a distinct error message such as \"account_not_found\" or \"Account not found.\", allowing attackers to identify valid accounts.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-11750.yaml"}
diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt
index 85046f1950a..c0b43828bc6 100644
--- a/cves.json-checksum.txt
+++ b/cves.json-checksum.txt
@@ -1 +1 @@
-966d5ddebac5dba1b02d595b42596c2c
+31cad8bbce121c4e0bc4022ea0b23c3c