Skip to content

Commit c7d5899

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-79mm-82ph-f99w GHSA-9xxf-6jw5-hpjg GHSA-v4vw-vj3j-255p GHSA-wfv3-vv9v-vvmq
1 parent 4717081 commit c7d5899

File tree

4 files changed

+133
-0
lines changed

4 files changed

+133
-0
lines changed

advisories/unreviewed/2025/11/GHSA-79mm-82ph-f99w/GHSA-79mm-82ph-f99w.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-79mm-82ph-f99w",
4+
"modified": "2025-11-28T00:30:26Z",
5+
"published": "2025-11-28T00:30:26Z",
6+
"aliases": [
7+
"CVE-2025-66360"
8+
],
9+
"details": "An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66360"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://servicedesk.logpoint.com/hc/en-us/articles/29160917867549-Redis-communication-exposed-for-internal-communication"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-863"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-11-28T00:15:46Z"
35+
}
36+
}

advisories/unreviewed/2025/11/GHSA-9xxf-6jw5-hpjg/GHSA-9xxf-6jw5-hpjg.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9xxf-6jw5-hpjg",
4+
"modified": "2025-11-28T00:30:26Z",
5+
"published": "2025-11-28T00:30:26Z",
6+
"aliases": [
7+
"CVE-2025-66361"
8+
],
9+
"details": "An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66361"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://servicedesk.logpoint.com/hc/en-us/articles/29160993806749-Process-Data-Exposure-Under-High-Load"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-1336"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-11-28T00:15:46Z"
35+
}
36+
}

advisories/unreviewed/2025/11/GHSA-v4vw-vj3j-255p/GHSA-v4vw-vj3j-255p.json

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-v4vw-vj3j-255p",
4+
"modified": "2025-11-28T00:30:26Z",
5+
"published": "2025-11-28T00:30:26Z",
6+
"aliases": [
7+
"CVE-2025-13338"
8+
],
9+
"details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13338"
16+
}
17+
],
18+
"database_specific": {
19+
"cwe_ids": [],
20+
"severity": null,
21+
"github_reviewed": false,
22+
"github_reviewed_at": null,
23+
"nvd_published_at": "2025-11-27T23:15:50Z"
24+
}
25+
}

advisories/unreviewed/2025/11/GHSA-wfv3-vv9v-vvmq/GHSA-wfv3-vv9v-vvmq.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-wfv3-vv9v-vvmq",
4+
"modified": "2025-11-28T00:30:26Z",
5+
"published": "2025-11-28T00:30:26Z",
6+
"aliases": [
7+
"CVE-2025-66359"
8+
],
9+
"details": "An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66359"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://servicedesk.logpoint.com/hc/en-us/articles/29158899698333-XSS-Vulnerability-due-to-insufficient-input-validation"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-11-28T00:15:46Z"
35+
}
36+
}

0 commit comments

Comments
 (0)