Logpoint
by Logpoint
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-30176 | Med | 0.34 | 5.3 | 0.00 | May 1, 2024 | In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets. | ||
| CVE-2025-54316 | Med | 0.32 | 4.9 | 0.00 | Jul 20, 2025 | An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, making it vulnerable to… | ||
| CVE-2025-66360 | 0.00 | — | 0.00 | Nov 27, 2025 | An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation. | |||
| CVE-2025-66361 | 0.00 | — | 0.00 | Nov 27, 2025 | An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load. | |||
| CVE-2025-66359 | 0.00 | — | 0.00 | Nov 27, 2025 | An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability. |
- risk 0.34cvss 5.3epss 0.00
In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets.
- risk 0.32cvss 4.9epss 0.00
An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, making it vulnerable to…
- CVE-2025-66360Nov 27, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.
- CVE-2025-66361Nov 27, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.
- CVE-2025-66359Nov 27, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.
Page 2 of 2