chore: generate CVEs metadata 🤖

cves.json

@@ -1298,6 +1298,7 @@
 {"ID":"CVE-2021-22502","Info":{"Name":"Micro Focus Operations Bridge Reporter - Remote Code Execution","Severity":"critical","Description":"Micro Focus Operations Bridge Reporter 10.40 is susceptible to remote code execution. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22502.yaml"}
 {"ID":"CVE-2021-22707","Info":{"Name":"EVlink City \u003c R8 V3.4.0.1 - Authentication Bypass","Severity":"critical","Description":"A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22707.yaml"}
 {"ID":"CVE-2021-22873","Info":{"Name":"Revive Adserver \u003c5.1.0 - Open Redirect","Severity":"medium","Description":"Revive Adserver before 5.1.0 contains an open redirect vulnerability via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-22873.yaml"}
+{"ID":"CVE-2021-22881","Info":{"Name":"Ruby on Rails - Open Redirect via Host Header Injection","Severity":"medium","Description":"Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-22881.yaml"}
 {"ID":"CVE-2021-22911","Info":{"Name":"Rocket.Chat \u003c=3.13 - NoSQL Injection","Severity":"critical","Description":"Rocket.Chat 3.11, 3.12 and 3.13 contains a NoSQL injection vulnerability which allows unauthenticated access to an API endpoint. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22911.yaml"}
 {"ID":"CVE-2021-22986","Info":{"Name":"F5 iControl REST - Remote Command Execution","Severity":"critical","Description":"F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3; and BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22986.yaml"}
 {"ID":"CVE-2021-23241","Info":{"Name":"MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion","Severity":"medium","Description":"MERCUSYS Mercury X18G 1.0.5 devices are vulnerable to local file inclusion via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-23241.yaml"}

cves.json-checksum.txt

@@ -1 +1 @@
-e488ff5b1015cf75837cf3463ec4f8f8
+efd714bb30f3edb79c8b0a68bbdd6e20