9.1
CVSS3.1
CVE-2025-53546 - Folo allows secrets exfiltration via `pull_request_target`
Folo organizes feeds content into one timeline. Using pull_request_target on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets (from the base repo). By exploiting the vulnerability is possible to exfilโฆ
๐
Published: July 9, 2025, 2:27 p.m.
๐ Last Modified: April 15, 2026, 12:35 a.m.
9.6
CVSS3.1
CVE-2025-6514 - OS command injection in mcp-remote when connecting to untrusted MCP servers
mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL
๐
Published: July 9, 2025, 12:41 p.m.
๐ Last Modified: April 15, 2026, 12:35 a.m.
0.0
CVE-2025-53752 -
Not used
๐
Published: July 9, 2025, 9:40 a.m.
๐ Last Modified: July 10, 2025, 2:55 a.m.
0.0
CVE-2025-53749 -
Not used
๐
Published: July 9, 2025, 9:40 a.m.
๐ Last Modified: July 10, 2025, 2:55 a.m.
0.0
CVE-2025-53753 -
Not used
๐
Published: July 9, 2025, 9:40 a.m.
๐ Last Modified: July 10, 2025, 2:55 a.m.
0.0
CVE-2025-53751 -
Not used
๐
Published: July 9, 2025, 9:40 a.m.
๐ Last Modified: July 10, 2025, 2:55 a.m.
0.0
CVE-2025-53750 -
Not used
๐
Published: July 9, 2025, 9:40 a.m.
๐ Last Modified: July 10, 2025, 2:55 a.m.
0.0
CVE-2025-53748 -
Not used
๐
Published: July 9, 2025, 9:40 a.m.
๐ Last Modified: July 10, 2025, 2:55 a.m.
0.0
CVE-2025-53747 -
Not used
๐
Published: July 9, 2025, 9:40 a.m.
๐ Last Modified: July 10, 2025, 2:55 a.m.
0.0
CVE-2025-53746 -
Not used
๐
Published: July 9, 2025, 9:40 a.m.
๐ Last Modified: July 10, 2025, 2:55 a.m.
Filters