GHSA-QC9X-GJCV-465W Pipenv's requirements.txt parsing allows malicious index url in comments

Issue Summary Due to a flaw in pipenv's parsing of requirements files, an attacker can insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file e.g. with "pipenv install -r requirements.txt...

Upcoming Rapid7 Webcast: How Far Does Your VRM Strategy Go?

Web applications have been growing in complexity over the past several years, while also becoming the preferred method for attackers looking to capitalize on emergent technologies. This is a trend that will only persist and evolve, so it’s crucial to extend your web application testing strategy t...

LifeOmic: open redirect while login at https://apps.dev.jupiterone.io can leak access code.

LifeOmic Comments @base64 found an open redirect bug in our auth flow. After review, we determined that due to design the exploit would only work in our dev environment. Though we determined mitigating controls were already in place for this attack in prod, we valued @base64 's efforts and awarde...

Animas OneTouch Ping insulin pump contains multiple vulnerabilities

Overview The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. Description CWE-319:...