Logpoint
Products
2- 5 CVEs
- 3 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54317 | Hig | 0.55 | 8.4 | 0.01 | Jul 20, 2025 | An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE). | ||
| CVE-2025-54316 | Med | 0.32 | 4.9 | 0.00 | Jul 20, 2025 | An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, making it vulnerable to cross-site scripting (XSS) attacks. | ||
| CVE-2025-66361 | 0.00 | — | 0.00 | Nov 27, 2025 | An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load. | |||
| CVE-2025-66360 | 0.00 | — | 0.00 | Nov 27, 2025 | An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation. | |||
| CVE-2025-66359 | 0.00 | — | 0.00 | Nov 27, 2025 | An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability. |
- risk 0.55cvss 8.4epss 0.01
An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE).
- risk 0.32cvss 4.9epss 0.00
An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, making it vulnerable to cross-site scripting (XSS) attacks.
- CVE-2025-66361Nov 27, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.
- CVE-2025-66360Nov 27, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.
- CVE-2025-66359Nov 27, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.