Lucene search
K

6 matches found

NVD
NVD
added 2025/07/09 3:15 p.m.9 views

CVE-2025-53546

Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...

9.1CVSS0.00305EPSS
Exploits0References2
Circl
Circl
added 2025/07/09 2:42 p.m.11 views

CVE-2025-53546

creationtimestamp| type| source ---|---|--- 2025-07-09 14:42:52+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114823801833628508 2025-07-09 16:05:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltk6z3xql62y 2025-08-06 01:04:19+00:00| seen|...

9.1CVSS6.4AI score0.00305EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/09 2:27 p.m.3 views

CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target`

Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...

9.1CVSS7.1AI score0.00305EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/09 2:27 p.m.10 views

CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target`

Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...

9.1CVSS0.00305EPSS
Exploits0References2
OSV
OSV
added 2025/07/09 2:27 p.m.8 views

CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target`

Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...

9.1CVSS7.1AI score0.00305EPSS
Exploits0References4
CVE
CVE
added 2025/07/09 2:27 p.m.19 views

CVE-2025-53546

CVE-2025-53546 affects Folo. The vulnerability arises from using pull_request_target in the GitHub Actions workflow (.github/workflows/auto-fix-lint-format-commit.yml), allowing untrusted code in the base repository to access secrets. Exploitation can exfiltrate the GITHUB_TOKEN, which has high p...

9.1CVSS7.1AI score0.00305EPSS
Exploits0References2
Rows per page
Query Builder