Security Advisories
Software vulnerabilities found in Qualys' products.
Responsible Disclosure
Qualys is committed to collaboration with security researchers as a way to ensure the security of our products.
Jonathan Trull CISO
This page contains information regarding security vulnerabilities that may impact Qualys' products. This may include issues specific to our software, or due to the use of third-party libraries within our software. Qualys strongly encourages users to ensure that they upgrade or apply relevant patches in a timely manner.
Report a vulnerability
If you believe you've found a security issue in one of our products or services, please send it to us at bugreport@qualys.com along with your contact details and include the following in your report:
Read our responsible diclosure policy.
-
Jan 10, 2024
Possible XXE vulnerability in Jenkins Plugin for Qualys Policy Compliance
-
Jan 10, 2024
Possible XSS vulnerability in Jenkins Plugin for Qualys Policy Compliance
-
Jan 10, 2024
Possible XXE vulnerability in Jenkins Plugin for Qualys Web Application Security
-
Dec 08, 2023
Stored XSS Vulnerability in QualysGuard VM/PC
-
Sep 08, 2023
Incorrect Permission Assignment on Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier
-
Apr 18, 2023
Possible Executable Hijacking of Qualys Cloud Agent for Windows prior to 4.5.3.1 [CVE-2023-28140]
-
Apr 18, 2023
Possible NTFS Junction Exploitation on Qualys Cloud Agent for Windows prior to 4.8.0.31 [CVE-2023-28141]
-
Apr 18, 2023
Possible Qualys Cloud Agent for Windows Race Condition Exploitation prior to 4.5.3.1 [CVE-2023-28142]
-
Apr 18, 2023
Possible Local Privilege Escalation of Exploitation of Qualys Cloud Agent for Mac prior to 3.7 [CVE-2023-28143]
-
Aug 15, 2022
Possible local privilege escalation for Qualys Cloud Agent for Linux with Manifest versions prior to 2.5.548.2
-
Aug 15, 2022
Possible local information disclosure for Qualys Cloud Agent for Linux when logging level set to trace
-
View vulnerabilities in other products found by Qualys engineers.