VYPR
Vendor

Qualitor

Products
8
CVEs
18
Across products
19
Status
Private

Products

8

Recent CVEs

18
  • CVE-2025-13792HigNov 30, 2025
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote…

  • CVE-2026-3888HigMar 17, 2026
    risk 0.44cvss 7.8epss 0.00

    Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04…

  • CVE-2025-43079MedNov 10, 2025
    risk 0.41cvss 6.3epss 0.00

    The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed…

  • CVE-2025-5139MedMay 25, 2025
    risk 0.37cvss 5.6epss 0.03

    A vulnerability was found in Qualitor 8.20/8.24. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php of the component Office 365-type Connection Handler. The manipulation of…

  • CVE-2025-14580LowDec 12, 2025
    risk 0.23cvss 3.5epss 0.00

    A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of the argument cdscript leads to cross site scripting. It is…

  • CVE-2023-47253Nov 6, 2023
    risk 0.08cvss epss 0.14

    Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.

  • CVE-2024-48360Oct 31, 2024
    risk 0.07cvss epss 0.04

    Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php.

  • CVE-2024-44849Sep 9, 2024
    risk 0.07cvss epss 0.46

    Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.

  • CVE-2024-48359Oct 31, 2024
    risk 0.03cvss epss 0.02

    Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter.

  • CVE-2023-4777Sep 8, 2023
    risk 0.00cvss epss 0.00

    An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins…

  • CVE-2023-28143Apr 18, 2023
    risk 0.00cvss epss 0.00

    Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT…

  • CVE-2023-28142Apr 18, 2023
    risk 0.00cvss epss 0.00

    A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM…

  • CVE-2023-28141Apr 18, 2023
    risk 0.00cvss epss 0.00

    An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or…

  • CVE-2023-28140Apr 18, 2023
    risk 0.00cvss epss 0.00

    An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when…

  • CVE-2023-20044Jan 19, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the…

  • CVE-2023-20043Jan 19, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit…

  • CVE-2022-29549Aug 18, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison…

  • CVE-2022-29550Aug 18, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common…