chore: generate CVEs metadata 🤖

cves.json

@@ -3211,6 +3211,7 @@
 {"ID":"CVE-2025-6851","Info":{"Name":"WordPress Broken Link Notifier \u003c 1.3.1 - Unauthenticated SSRF","Severity":"high","Description":"The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function which ultimately calls the check_url_status_code() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2025/CVE-2025-6851.yaml"}
 {"ID":"CVE-2025-6934","Info":{"Name":"The Opal Estate Pro – Property Management \u003c= 1.7.5 - Unauthenticated Privilege Escalation","Severity":"critical","Description":"The Opal Estate Pro plugin (≤ 1.7.5) is vulnerable to privilege escalation. Due to missing role restrictions in the on_register_user function, users can register with any role. This allows unauthenticated attackers to create administrator accounts.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-6934.yaml"}
 {"ID":"CVE-2025-6970","Info":{"Name":"WordPress Events Manager \u003c= 7.0.3 - SQL Injection","Severity":"critical","Description":"The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-6970.yaml"}
+{"ID":"CVE-2025-8085","Info":{"Name":"Ditty \u003c 3.1.58 - Server-Side Request Forgery","Severity":"high","Description":"The plugin lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. v3.1.57 attempted to fix the issue with a nonce check, however any authenticated users, such as subscriber can retrieve it.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2025/CVE-2025-8085.yaml"}
 {"ID":"CVE-2025-8286","Info":{"Name":"Güralp Systems FMUS Series - Unauthenticated Access","Severity":"critical","Description":"Güralp Systems FMUS Series Seismic Monitoring Devices expose an unauthenticated Telnet-based command line interface that allows attackers to modify hardware configurations, manipulate data, or factory reset the device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2025/CVE-2025-8286.yaml"}
 {"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
 {"ID":"CVE-2004-2687","Info":{"Name":"Distccd v1 - Remote Code Execution","Severity":"high","Description":"distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"network/cves/2004/CVE-2004-2687.yaml"}

cves.json-checksum.txt

@@ -1 +1 @@
-5f520d2b78b9a1c65d430204fda58320
+1582f2183539c3db1b1bbfb51eca19b2