Every CVE whose affected-product data names Logpoint Siem, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2024-33857 — CVSS 9.6 (critical): An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker with…
CVE-2025-66360 — CVSS 8.8 (high): An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal…
CVE-2025-66359 — CVSS 8.5 (high): An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads…
CVE-2022-48684 — CVSS 8.4 (high): An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja…
CVE-2022-48685 — CVSS 7.7 (high): An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is…
CVE-2024-48950 — CVSS 7.5 (high): An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated…
CVE-2024-48951 — CVSS 7.5 (high): An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API Token…
CVE-2024-48953 — CVSS 7.5 (high): An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked…
CVE-2024-56086 — CVSS 7.1 (high): An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the…
CVE-2024-33860 — CVSS 6.5 (medium): An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File…
CVE-2025-66361 — CVSS 6.5 (medium): An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high…
CVE-2024-48954 — CVSS 6.4 (medium): An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user leads to…
CVE-2024-33859 — CVSS 6.1 (medium): An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI…
CVE-2024-56085 — CVSS 5.9 (medium): An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These…
CVE-2024-56087 — CVSS 5.9 (medium): An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These…
CVE-2024-29865 — CVSS 5.4 (medium): Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form.
CVE-2023-49950 — CVSS 5.4 (medium): The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a…
CVE-2024-30176 — CVSS 5.3 (medium): In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets.
CVE-2024-33858 — CVSS 5.3 (medium): An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The…
CVE-2024-33856 — CVSS 5.3 (medium): An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the…