CVE Tools

logpoint

Security ProductsDKcommercial

16

Cumulative CVEs

3

Monthly snapshots

#156

Peak rank

Top products

siem3 universal normalizer1

Latest CVEs

The 15 most recently published vulnerabilities affecting logpoint.

CVE-2025-66361An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.6.5Nov 27, 2025
CVE-2025-66360An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to ...8.8Nov 27, 2025
CVE-2025-66359An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.8.5Nov 27, 2025
CVE-2025-54317An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code exec...8.4Jul 20, 2025
CVE-2025-54316An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads ...4.9Jul 20, 2025
CVE-2024-56087An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection.5.9Dec 16, 2024
CVE-2024-56086An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execut...7.1Dec 16, 2024
CVE-2024-56085An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection.5.9Dec 16, 2024
CVE-2024-56084An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution.7.1Dec 16, 2024
CVE-2024-48954An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution.6.4Nov 7, 2024
CVE-2024-48953An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated us...7.5Nov 7, 2024
CVE-2024-48952An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability ...6.4Nov 7, 2024
CVE-2024-48951An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API Token leading to authentication bypass.7.5Nov 7, 2024
CVE-2024-48950An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication.7.5Nov 7, 2024
CVE-2024-36383An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this file...5.3May 27, 2024