Stop Patching at Human Speed: Peer-to-Peer (P2P) Distribution Closes the Remediation Gap Before Attackers Strike

Executive Summary Knowing what’s exploitable is only half the battle. P2P patch distribution turns your endpoints into a delivery network, cutting patch propagation by up to 92%, reducing WAN bandwidth by 99%+, and helping close critical vulnerabilities before attackers can move. Available now in...

CVE-2025-43079

The Qualys Cloud Agent included a bundled uninstall script qagentuninstall.sh, specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges...

CVE-2025-43079

CVE-2025-43079 concerns Qualys Cloud Agent where the bundled uninstall script qagent_uninstall.sh (Mac/Linux) executes multiple system commands without absolute paths and without sanitizing $PATH. The root cause is reliance on manipulated PATH, enabling a privileged user (root/sudo) with elevated...

CVE-2025-43079 Local Privilege Escalation via qagent_uninstall.sh Qualys Cloud Agents

The Qualys Cloud Agent included a bundled uninstall script qagentuninstall.sh, specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed with elevated privileges...

PT-2025-46178

Name of the Vulnerable Software and Affected Versions Qualys Cloud Agent affected versions not specified Description The Qualys Cloud Agent includes an uninstall script qagent uninstall.sh for MacOS and Linux that invokes system commands without specifying absolute paths or sanitizing the $PATH...

EUVD-2023-31853

Malicious code in bioql PyPI...

EUVD-2023-31851

Malicious code in bioql PyPI...

EUVD-2023-31852

Malicious code in bioql PyPI...

EUVD-2023-31854

Malicious code in bioql PyPI...

EUVD-2022-33884

Malicious code in bioql PyPI...

CVE-2022-29550

An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials from environment variables to disk in cleartext. NOTE: there are no common circumstances in which...

CVE-2022-29549

An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks e.g., to help ensure that a program was installed by root and without integrity checks e.g., a checksum comparison against known legitimate...

Security, Uninterrupted: Inside Qualys’ Zero-Touch Security Vision with Qualys Cloud Agent

New Feature: Remote Log Collection for Seamless Troubleshooting and Analysis In the modern enterprise, where resilience and scale are non-negotiable, the margin for error in cybersecurity has all but disappeared. Yet the tools available to security teams remain tethered to legacy...

Enhancing Cloud-Native Security: Qualys Introduces Scanning for Container-Optimized OS in Google Kubernetes Engine

As organizations move from traditional workloads to containerized environments, they encounter new security challenges. Containers bring added complexity that traditional security tools often struggle to manage, largely because of their transient nature and the shared responsibility between the...

Advancing Cybersecurity Management With Qualys Cloud Agent

In the first part of our series, we discussed the significant enhancements in Reduced Activity Periods RAP and Enhanced Capabilities for VDI in the Qualys Cloud Agent. In this second part of the series, we continue our exploration into the other two pivotal enhancements of this upgrade: 1. Agent...

Announcing the Newest Game-Changing Upgrades of Qualys Cloud Agent

Qualys Cloud Agent Gets Powerful Enhancements for Boosting User Flexibility, Improved Control & Efficiency in VDI Environments, Seamless Updates, and More! We are excited to unveil a major upgrade to the Qualys Cloud Agent, marking a significant stride in cybersecurity management. The four update...

Closing the Visibility Gap: How Qualys Cloud Agent Passive Sensor (CAPS) Eliminates Blind Spots Without the Hassle

In modern networks, the most significant risks come from systems that fall through the cracks. Modern networks are full of unknown and unmanaged assets. Some are seemingly benign devices introduced by well-meaning employees or contractors that can turn rogue. While some of these may be genuinely...

CVE-2023-28143

Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...

CVE-2023-28142

A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on...

CVE-2023-28140

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...