Qualys
CVE Numbering Authority
Latest CVE published
Overview
Qualys is a CVE Numbering Authority that has published 10 CVE records since 2023. It is currently classified as active, with 1 CVEs published in the last two years. Its CVE data quality is graded A (100% overall completeness).
Among the 370 CNAs tracked here, Qualys ranks #305 by CVE volume and reports more complete records than 60% of all CNAs.
Data quality report card
How complete and consistent Qualys's CVE records are, scored across vendor, product, CVSS, and CWE coverage.
A CVE record only requires a description to be published. “Completeness” measures how often Qualys also fills in the optional — but extremely useful — fields that make a vulnerability actually actionable: the affected vendor and product, a CVSS severity score, and a CWE weakness type. A higher score means more of this CNA’s CVEs include those details, so defenders spend less time enriching records by hand.
Report card grade
100%
Overall score
What these scores mean
- Vendor completeness
- The share of this CNA's CVEs that name an affected vendor.
- Product completeness
- The share that name a specific affected product.
- CVSS completeness
- The share that include a CVSS severity score.
- CWE completeness
- The share mapped to a CWE weakness type.
- Update rate
- How often this CNA revises CVE records after first publishing them.
- Vendor diversity
- How many distinct vendors this CNA publishes CVEs for.
Severity and exploitation
How the CVSS severity of Qualys's published CVEs breaks down, and how many are known to be exploited in the wild.
In CISA’s Known Exploited Vulnerabilities catalog
0
None of Qualys's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
Common weakness types
The CWE weakness categories Qualys most often assigns to its CVEs. Follow any weakness to its full explanation.
- CWE-611Improper Restriction of XML External Entity Reference2 CVEs
- CWE-426Untrusted Search Path2 CVEs
- CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2 CVEs
- CWE-732Incorrect Permission Assignment for Critical Resource1 CVE
- CWE-59Improper Link Resolution Before File Access ('Link Following')1 CVE
- CWE-427Uncontrolled Search Path Element1 CVE
- CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')1 CVE
Publishing activity by year
How many CVEs Qualys has published each year.
Top vendors
The vendors Qualys publishes the most CVEs for.
- Qualys,Inc.10 CVEs
- apple1 CVEs
Top products
The products Qualys publishes the most CVEs for.
- Cloud Agent4 CVEs
- Policy Compliance Connector Jenkins Plugin2 CVEs
- policy compliance2 CVEs
- mac os x1 CVEs
- Web App Scanning Connector Jenkins Plugin1 CVEs
- container scanning connector1 CVEs
- private cloud platform1 CVEs
- Qualys Agent1 CVEs
Latest CVEs
The most recent CVEs assigned by Qualys.
- CVE-2025-43079CWE-426
Local Privilege Escalation via qagent_uninstall.sh Qualys Cloud Agents
Medium · CVSS 6.3EPSS 0.2%2025-11-10 - CVE-2023-6149CWE-611
Possible XXE vulnerability in Jenkins Plugin for Qualys Web Application Security
Medium · CVSS 6.5EPSS 0.5%2024-01-09 - CVE-2023-6148CWE-79Medium · CVSS 5.7EPSS 0.5%2024-01-09
- CVE-2023-6147CWE-611Medium · CVSS 6.5EPSS 0.5%2024-01-09
- CVE-2023-6146CWE-79
Stored XSS Vulnerability in QualysGuard VM/PC
Medium · CVSS 5.7EPSS 0.4%2023-12-08 - CVE-2023-4777CWE-732
Incorrect Permission Assignment on Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier
Medium · CVSS 4.3EPSS 0.3%2023-09-08 - CVE-2023-28143CWE-426
Local Privilege Escalation
High · CVSS 7.0EPSS 0.2%2023-04-18 - CVE-2023-28142CWE-362High · CVSS 7.0EPSS 0.1%2023-04-18
- CVE-2023-28141CWE-59Medium · CVSS 6.7EPSS 0.2%2023-04-18
- CVE-2023-28140CWE-427
Executable Hijacking
High · CVSS 7.0EPSS 0.2%2023-04-18
Track new Qualys CVEs as they are published and get AI-written analysis and remediation guidance.
Monitor Qualys CVEsOther CNAs
Compare data quality across other CVE Numbering Authorities.
Frequently asked questions
Common questions about the Qualys CNA.
- What is the Qualys CNA?
- Qualys is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 10 CVE records since 2023.
- How many CVEs has Qualys published?
- Qualys has published 10 CVE records, including 1 in the last two years.
- What is Qualys's CVE data quality grade?
- RadicalNotion.AI grades Qualys's CVE data quality as A, with an overall completeness score of 100%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (100%), and CWE (100%) information.
- What products does Qualys publish CVEs for?
- Qualys most frequently publishes CVEs for Cloud Agent, Policy Compliance Connector Jenkins Plugin, policy compliance, mac os x, Web App Scanning Connector Jenkins Plugin.
- Which vendors does Qualys cover?
- Qualys publishes CVEs across 4 distinct vendors, most often Qualys,Inc., apple.
- Is Qualys actively publishing CVEs?
- Qualys is currently active, based on 1 CVEs in the last two years.
- What is the average severity of Qualys's CVEs?
- The average CVSS base score across Qualys's scored CVEs is 5.9.
- Are any of Qualys's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- No. None of Qualys's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- What are the most common weakness types in Qualys's CVEs?
- Qualys's CVEs most often map to these CWE weakness types: CWE-611 (Improper Restriction of XML External Entity Reference), CWE-426 (Untrusted Search Path), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-732 (Incorrect Permission Assignment for Critical Resource).
- How does Qualys rank among CNAs?
- By total CVE volume, Qualys ranks #305 of 370 CNAs, and it reports more complete CVE records than 60% of all CNAs.
References
- Official CVE.org list of CNA partners (opens in a new tab)
- Learn: What is a CNA?
- CWE directory: the weakness types this CNA maps its CVEs to
CNA report-card grades are computed by RadicalNotion.AI from published CVE records. CVE data is sourced from the CVE Program.
Track Qualys CVEs
Monitor new vulnerabilities as this CNA publishes them, with AI-written analysis and remediation guidance.