Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      Newest LF Decentralized Trust Lab HOPrS identifies if photos have been altered

      July 9, 2025

      Coder reimagines development environments to make them more ideal for AI agents

      July 9, 2025

      Report: AI coding productivity gains cancelled out by other friction points that slow developers down

      July 9, 2025

      15 Proven Benefits of Outsourcing Node.js Development for Large Organizations

      July 9, 2025

      How passkeys work: Do your favorite sites even support passkeys?

      July 10, 2025

      Samsung Galaxy Z Fold 7 vs. Z Fold 6: I tried both phones, and the difference is dramatic

      July 10, 2025

      Cor, blimey! The ASUS ROG Ally drops to its lowest-ever price for Amazon Prime Day in the UK — the only Windows handheld to permanently replace my Steam Deck

      July 9, 2025

      Owlcat Games talks to us about about WH40K: Rogue Trader, the next game ‘Dark Heresy’ — and how the studio feels about working with Xbox Game Pass

      July 9, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      Cally – Small, feature-rich calendar components

      July 9, 2025
      Recent

      Cally – Small, feature-rich calendar components

      July 9, 2025

      Working with the Command Line and WP-CLI

      July 9, 2025

      Access to Care Is Evolving: What Consumer Insights and Behavior Models Reveal

      July 9, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      Cor, blimey! The ASUS ROG Ally drops to its lowest-ever price for Amazon Prime Day in the UK — the only Windows handheld to permanently replace my Steam Deck

      July 9, 2025
      Recent

      Cor, blimey! The ASUS ROG Ally drops to its lowest-ever price for Amazon Prime Day in the UK — the only Windows handheld to permanently replace my Steam Deck

      July 9, 2025

      Owlcat Games talks to us about about WH40K: Rogue Trader, the next game ‘Dark Heresy’ — and how the studio feels about working with Xbox Game Pass

      July 9, 2025

      Microsoft says ‘we have threads at home’ — rolls out feature Slack has had for years

      July 9, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Security»Common Vulnerabilities and Exposures (CVEs)»CVE-2025-53546 – GitHub Folo GitHub Token Exfiltration Vulnerability

    CVE-2025-53546 – GitHub Folo GitHub Token Exfiltration Vulnerability

    July 10, 2025

    CVE ID : CVE-2025-53546

    Published : July 9, 2025, 3:15 p.m. | 12 hours, 45 minutes ago

    Description : Folo organizes feeds content into one timeline. Using pull_request_target on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets (from the base repo). By exploiting the vulnerability is possible to exfiltrate GITHUB_TOKEN which has high privileges. GITHUB_TOKEN can be used to completely overtake the repo since the token has content write privileges. This vulnerability is fixed in commit 585c6a591440cd39f92374230ac5d65d7dd23d6a.

    Severity: 9.1 | CRITICAL

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleCVE-2025-44177 – White Star Software Protop Directory Traversal Vulnerability
    Next Article CVE-2025-6514 – MCP-remote OS Command Injection Vulnerability

    Related Posts

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-3497 – Radiflow iSAP Smart Collector EOL Vulnerability

    July 10, 2025
    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-3498 – Radiflow iSAP Smart Collector Unauthenticated Remote Command Execution and Configuration Modification

    July 10, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    Teller is a multi provider secret management tool

    Linux

    CVE-2025-22240 – GitFS Path Traversal Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    Real-Time Communication in Next.js Using Socket.IO: A Beginner’s Guide

    Development

    12 apps every Windows 11 power user should install on a new PC

    News & Updates

    Highlights

    CVE-2025-44885 – Fortinet Wireless Access Point Stack Overflow Vulnerability

    May 20, 2025

    CVE ID : CVE-2025-44885

    Published : May 20, 2025, 8:15 p.m. | 22 minutes ago

    Description : FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the remote_ip parameter in the web_snmpv3_remote_engineId_add_post function.

    Severity: 0.0 | NA

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Finally, a Lenovo ThinkPad that impressed me in performance, design, and battery life

    June 23, 2025

    CVE-2025-39406 – Mojoomla WPAMS PHP Local File Inclusion Vulnerability

    May 19, 2025

    Microsoft Patch Tuesday July 2025

    July 9, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.