Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ieji.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
ieji.de is a generalistic mastodon instance, with the goal of being the fastest mastodon instance in Europe and with a focus on user privacy, like being usable via the tor network.

Administered by:

Server stats:

1.1K
active users

ieji.de: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Public
Lorenzo Ancora :verified:

GNU Emacs: new critical remote shell injection vulnerability.

Red Hat discovered a command injection flaw in the text editor Emacs. It allows a remote, unauthenticated attacker to execute any command on your computer. The vulnerability is activated when you visit a malicious website or link.

cve.org/CVERecord?id=CVE-2025-

---

---

Mitigation: uninstall/update immediately.

Public
Alexandre Oliva
ironically, the cve website itself also attempts to install and run commands on your computer, and if you don't allow it, it will refuse to let you know about the vulnerability
Lorenzo Ancora :verified:

@lxo Hi Alexandre, nice to read you again. CVE.org is a reputable site that does not distribute malware or execute unsandboxed code. It is safe to use: ssltrust.com/ssl-tools/website

The website does not and cannot install anything on your computer. JavaScript is used to improve the user experience.

I apologize for linking a site you can't visit due to self-imposed ethical limitations. I've attached a full-length screenshot of the page. Let me know if I can assist you further.

CVE-2025-1244
Mar 03, 2025, 12:10 PM·Public
0boosts·0favorites
Public
翠星石
@LorenzoAncora @lxo All proprietary software is malware until proven otherwise (I have come to this conclusion after learning that most proprietary software is malware and checking and confirming for myself with many proprietary programs, although there are a few unicorns that don't contain any malicious antifeatures) and the cve.org site appears to distribute proprietary software.

The "ssltrust.com" site loads OBFUSCATED PROPRIETARY MALWARE FROM GOOGLE THAT SPIES ON THE USER; https://www.googletagmanager.com/gtag/js?id=G-F20S2H1H0C so I'm not sure how that site can be trusted to confirm cve.org is safe to use.
cve.orgCVE Website
Public
Alexandre Oliva
thank you, I suppose. nothing much useful on this page, alas. maybe others would have more interesting materials.

likewise, even if we take for granted your statement that the code currently served by this web site is indeed safe to use (and that's a big if), that doesn't reassure me or anyone else that this will still be the case tomorrow. it's basically playing digital russian roulette. it's been normalized, but that doesn't make it good, it's just a giant pile of poo that has been "democratized", and is force-fed equally into everyone.
Public
Tariq

@lxo @LorenzoAncora

is javascript necessary for that website to display the required information? no

does js improve ux? maybe, but it should degrade gracefully

ExploreLive feeds
About