diff --git a/.github/workflows/cve-enhancement.yml b/.github/workflows/cve-enhancement.yml
index c7640ef7669..9edfdbd5169 100644
--- a/.github/workflows/cve-enhancement.yml
+++ b/.github/workflows/cve-enhancement.yml
@@ -1,9 +1,12 @@
 name: 🔧 CVE Enhancement
 
 on:
-  pull_request:
+  push:
+    branches:
+      - main
     paths:
       - '**/cves/**/*.yaml'
+  workflow_dispatch:
 
 jobs:
   enhance:
@@ -15,7 +18,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
 
       - name: Setup Python
@@ -29,11 +31,13 @@ jobs:
       - name: Get changed CVE files
         id: files
         run: |
-          git fetch origin ${{ github.event.pull_request.base.ref }}
-          FILES=$(git diff --name-only origin/${{ github.event.pull_request.base.ref }}...HEAD | grep 'cves/.*\.yaml$' || echo "")
+          # Get files changed in the last commit
+          FILES=$(git diff --name-only HEAD~1 HEAD | grep 'cves/.*\.yaml$' || echo "")
           if [ -n "$FILES" ]; then
             echo "changed=true" >> $GITHUB_OUTPUT
             echo "$FILES" > /tmp/cve_files.txt
+            echo "Changed CVE files:"
+            cat /tmp/cve_files.txt
           else
             echo "changed=false" >> $GITHUB_OUTPUT
           fi
@@ -41,36 +45,18 @@ jobs:
       - name: Enhance CVE templates
         if: steps.files.outputs.changed == 'true'
         run: |
-          # Fetch enhancement script from base branch if not present in PR branch
-          if [ ! -f ".github/scripts/enhance-cve-fields.py" ]; then
-            echo "Enhancement script not found in PR branch, fetching from base branch..."
-            git fetch origin ${{ github.event.pull_request.base.ref }}
-            git checkout origin/${{ github.event.pull_request.base.ref }} -- .github/scripts/enhance-cve-fields.py
-          fi
           while read file; do
             [ -f "$file" ] && python .github/scripts/enhance-cve-fields.py "$file"
           done < /tmp/cve_files.txt
 
       - name: Commit changes
-        if: steps.files.outputs.changed == 'true' && github.event.pull_request.head.repo.full_name == github.repository
+        if: steps.files.outputs.changed == 'true'
         run: |
           if ! git diff --quiet; then
             git config user.name "github-actions[bot]"
             git config user.email "github-actions[bot]@users.noreply.github.com"
             git add -A
             git commit -m "chore: add impact and remediation fields 🤖"
-            git push origin HEAD:${{ github.event.pull_request.head.ref }}
-          fi
-
-      - name: Check for unapplied changes (fork PRs)
-        if: steps.files.outputs.changed == 'true' && github.event.pull_request.head.repo.full_name != github.repository
-        run: |
-          if ! git diff --quiet; then
-            echo "⚠️ This PR is from a fork. The CVE enhancement script generated changes that need to be applied manually."
-            echo "Please run the following command locally and push to your branch:"
-            echo ""
-            echo "  python .github/scripts/enhance-cve-fields.py <your-cve-file.yaml>"
-            echo ""
-            git diff
-            exit 1
+            git pull origin $GITHUB_REF --rebase
+            git push origin $GITHUB_REF
           fi