CVE-2026-2623

A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the component File Upload. This manipulation causes path traversal. The attack may be initiated remotely...

CVE-2026-2622

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...

CVE-2026-2623

A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the component File Upload. This manipulation causes path traversal. The attack may be initiated remotely...

CVE-2026-2623

A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the component File Upload. This manipulation causes path traversal. The attack may be initiated remotely...

CVE-2026-2622

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...

CVE-2026-2622

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...

CVE-2026-2623 Blossom File Upload BLOSManager.java put path traversal

A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the component File Upload. This manipulation causes path traversal. The attack may be initiated remotely...

CVE-2026-2623

Blossom up to 1.17.1 contains a path traversal flaw in the put function of blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java (File Upload). This enables remote exploitation; an exploit has been published. Red Hat and PT Security documentation corrobora...

CVE-2026-2623 Blossom File Upload BLOSManager.java put path traversal

A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the component File Upload. This manipulation causes path traversal. The attack may be initiated remotely...

CVE-2026-2622 Blossom Article Title ArticleController.java content cross site scripting

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...

CVE-2026-2622

Blossom Backend ≤ 1.17.1 contains a cross‑site scripting vulnerability in the Article Title Handler. The issue affects the ArticleController.java component (content manipulation in that file), allowing a remote attacker to trigger XSS. The exploit is public and can be used; vendor has not respond...

CVE-2026-2622 Blossom Article Title ArticleController.java content cross site scripting

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site...

Blossom 代码注入漏洞

Blossom is a project management platform developed by Blossom Inc. Versions of Blossom 1.17.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect operations on the content function in the file...

PT-2026-20341

Name of the Vulnerable Software and Affected Versions Blossom versions up to 1.17.1 Description A path traversal issue exists in Blossom due to a flaw in the put function within the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java, specifically...

Blossom 路径遍历漏洞

Blossom is a project management platform developed by Blossom Inc. Versions of Blossom prior to 1.17.1 contained a path traversal vulnerability. This vulnerability stemmed from improper path handling in the file upload component, which could lead to path traversal attacks...

PT-2026-20340

Name of the Vulnerable Software and Affected Versions Blossom versions up to 1.17.1 Description A flaw exists in Blossom that allows for cross site scripting. The issue is located within the Article Title Handler component, specifically in the ArticleController.java file and its content function...

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to...

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central...

EUVD-2024-37000

Malicious code in bioql PyPI...

EUVD-2024-37050

Malicious code in bioql PyPI...