chore: generate CVEs metadata 🤖

cves.json

@@ -3633,6 +3633,7 @@
 {"ID":"CVE-2025-64525","Info":{"Name":"Astro - Broken Access Control","Severity":"medium","Description":"Astro 2.16.0 to 5.15.5 contains a broken access control caused by insecure use of unsanitized x-forwarded-proto and x-forwarded-port headers in URL building, letting attackers bypass middleware protection, cause DoS, SSRF, and URL pollution, exploit requires crafted headers.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-64525.yaml"}
 {"ID":"CVE-2025-64764","Info":{"Name":"Astro - Reflected XSS via server islands feature","Severity":"high","Description":"Astro 5.15.8 contains a reflected XSS caused by improper handling of server islands feature, letting remote attackers execute scripts, exploit requires use of server islands in the application.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-64764.yaml"}
 {"ID":"CVE-2025-66472","Info":{"Name":"XWiki DeleteApplication - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a reflected XSS attack through a deletion confirmation message. The attacker-supplied script is executed when the victim clicks the \"No\" button. This issue is fixed in versions 16.10.10 and 17.4.2 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2025/CVE-2025-66472.yaml"}
+{"ID":"CVE-2025-66516","Info":{"Name":"Apache Tika - XML External Entity Injection","Severity":"high","Description":"Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1), and tika-parsers (1.13-1.28.5) contain an XML External Entity injection caused by processing crafted XFA files inside PDFs, letting attackers perform XXE attacks remotely, exploit requires crafted PDF input.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-66516.yaml"}
 {"ID":"CVE-2025-6851","Info":{"Name":"WordPress Broken Link Notifier \u003c 1.3.1 - Unauthenticated SSRF","Severity":"high","Description":"The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function which ultimately calls the check_url_status_code() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2025/CVE-2025-6851.yaml"}
 {"ID":"CVE-2025-68613","Info":{"Name":"n8n - Remote Code Execution via Expression Injection","Severity":"critical","Description":"n8n \u003c 1.120.4, 1.121.1, 1.122.0 contains a remote code execution caused by insufficient isolation in workflow expression evaluation, letting authenticated attackers execute arbitrary code with n8n process privileges. Exploit requires authentication.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2025/CVE-2025-68613.yaml"}
 {"ID":"CVE-2025-68645","Info":{"Name":"Zimbra Collaboration - Local File Inclusion","Severity":"high","Description":"Zimbra Collaboration (ZCS) 10.0 and 10.1 contain a local file inclusion caused by improper handling of user-supplied parameters in the RestFilter servlet, letting unauthenticated remote attackers include arbitrary files from WebRoot, exploit requires crafted requests to /h/rest endpoint.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-68645.yaml"}