Product
logpoint siem
24 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-35548
CVE-2025-66361
CVE-2025-66360
CVE-2025-66359
CVE-2024-56087
CVE-2024-56086
CVE-2024-56085
CVE-2024-56084
CVE-2024-48954
CVE-2024-48953
CVE-2024-48952
CVE-2024-48951
CVE-2024-48950
CVE-2024-36383
CVE-2024-33860
CVE-2024-33859
CVE-2024-33858
CVE-2024-33857
CVE-2024-33856
CVE-2024-30176
CVE-2022-48685
CVE-2022-48684
CVE-2024-29865
CVE-2023-49950
< 7.9.0
An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0).
< 7.7.0
An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period duri
< 7.7.0
An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint intern
< 7.7.0
An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple componen
< 7.5.0
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard
< 7.5.0
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed
< 7.5.0
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard
< 5.7.0
An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Unive
< 7.5.0
An issue was discovered in Logpoint before 7.5.0. Unvalidated input during the EventHub Collector setup by an authenticated user l
< 7.5.0
An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules
< 7.5.0
An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR A
< 7.5.0
An issue was discovered in Logpoint before 7.5.0. Server-Side Request Forgery (SSRF) on SOAR can be used to leak Logpoint's API To
< 7.5.0
An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthentic
< 6.0.3
An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field
< 7.4.0
An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within
< 7.4.0
An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web
< 7.4.0
An issue was discovered in Logpoint before 7.4.0. A path injection vulnerability is seen while adding a CSV enrichment source. The
< 7.4.0
An issue was discovered in Logpoint before 7.4.0. Due to a lack of input validation on URLs in threat intelligence, an attacker wi
< 7.4.0
An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response ti
< 7.4.0
In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets.
>= 7.1.0 and < 7.1.2
An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users a
< 7.1.1
An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jin
< 7.1.0
Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form.
>= 6.10.0 and < 7.3.0
The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when us