VYPR

Logpoint

by Logpoint

CVEs (25)

  • CVE-2024-30176MedMay 1, 2024
    risk 0.34cvss 5.3epss 0.00

    In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets.

  • CVE-2025-54316MedJul 20, 2025
    risk 0.32cvss 4.9epss 0.00

    An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, making it vulnerable to…

  • CVE-2025-66360Nov 27, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.

  • CVE-2025-66361Nov 27, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.

  • CVE-2025-66359Nov 27, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.

Page 2 of 2