EASM Lightweight Scan
The EASM Lightweight Scan helps you quickly detect vulnerabilities in your external assets using Qualys’s industry-leading vulnerability scanner. By default, the scan runs automatically 24 hours after EASM Discovery is completed.
View External Scanners
You can find the details of external scanners by navigating to VMDR > Help > About > External Scanners.
For more information, refer to the External Scanner IPs section in the VMDR online help.
IPs Excluded from EASM Lightweight Scan
The EASM Lightweight Scan automatically excludes the following IP types:
- All Private IP addresses (RFC 1918)
- Reserved IP ranges:
- 0.0.0.0 – 0.255.255.255
- 127.0.0.0 - 127.255.255.255
- 224.0.0.0 - 239.255.255.255
- 255.0.0.0 - 255.255.255.255
- IPs added in the VM module without a VM scan:
If you have added IPs in the VM module but have not performed a VM scan on them, they will not be included in the EASM lightweight scan.If you want to include these IPs, delete them from the CSAM > Configuration > Settings tab or from the VMDR > Address Management tab.
IPv6 Addresses: Allowed and Excluded
The following are the range of allowed and excluded IPv6 addresses from the EASM Lightweight scan:
To configure EASM Lightweight scan for IPv6 assets, contact your Technical Account Manager (TAM).
Allowed IPv6 Addresses
The following IPv6 address range is included for EASM Lightweight scan:
- 2000:0000:0000:0000:0000:0000:0000:0000 - 3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Excluded IPv6 Addresses
The following unique local IPv6 address ranges are excluded from the EASM Lightweight scan:
- fc00:0000:0000:0000:0000:0000:0000:0000 - fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
- fec0:0000:0000:0000:0000:0000:0000:0000 - feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
Assets Excluded from EASM Lightweight Scan
The CDN assets are excluded from the EASM Lightweight scan by default. However, you can include them if needed.
To include, uncheck the Exclude CDN Assets checkbox in the EASM configuration profile.
For information on configuring the EASM profile, refer to How to Configure the EASM Profile.
Vulnerabilities Detected by EASM Lightweight Scan
The vulnerabilities detected by the lightweight scan are categorized into three option profiles. Click on each profile to learn more.
- Certificate-based vulnerabilities
- CISA Known Exploited vulnerabilities
- Vulnerabilities detected by remote scans
Certificate-based Vulnerabilities
This profile includes vulnerabilities related to certificate information exposure and misconfiguration. The EASM lightweight scan is performed daily for this profile using the following TCP ports: 25, 465, 587, 110, 143, 443, 636, 989, 990, and 3389.
| QID | Title |
|---|---|
| 38116 | SSL Server Information Retrieval |
| 38139 | SSL Server Has SSLv2 Enabled Vulnerability |
| 38142 | SSL Server Allows Anonymous Authentication Vulnerability |
| 38167 | SSL Certificate - Expired |
| 38168 | SSL Certificate - Future Start Date |
| 38169 | SSL Certificate - Self-Signed Certificate |
| 38170 | SSL Certificate - Subject Common Name Does Not Match Server FQDN |
| 38171 | SSL Certificate - Server Public Key Too Small |
| 38172 | SSL Certificate - Improper Usage Vulnerability |
| 38173 | SSL Certificate - Signature Verification Failed Vulnerability |
| 38174 | SSL Certificate - Will Expire Soon |
| 38182 | Webmin Static SSL Key Vulnerability |
| 38224 | OpenSSL ASN.1 Parsing Vulnerabilities |
| 38356 | OpenSSL RSA Timing Attack Vulnerability |
| 38477 | SSL Insecure Protocol Negotiation Weakness |
| 38596 | TLS Protocol Session Renegotiation Security Vulnerability |
| 38597 | Secure Sockets Layer/Transport Layer Security (SSL/TLS) Invalid Protocol Version Tolerance |
| 38598 | Deprecated Public Key Length |
| 38599 | Secure Sockets Layer/Transport Layer Security (SSL/TLS) Compression Algorithm Information Leakage Vulnerability |
| 38600 | SSL Certificate will expire within next six months |
| 38601 | Secure Sockets Layer/Transport Layer Security (SSL/TLS) Use of Weak Cipher Rivest Cipher 4 (RC4/ARC4/ARCFOUR) |
| 38602 | OpenSSL Multiple Remote Security Vulnerabilities |
| 38603 | SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE) |
| 38604 | TLS CBC Incorrect Padding Abuse Vulnerability |
| 38605 | Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server Factoring RSA_EXPORT Keys Vulnerability (FREAK) |
| 38607 | SSL Server Diffie-Hellman passive listening attack Vulnerability |
| 38608 | SSL Server Diffie-Hellman Weak Encryption Vulnerability (Logjam) |
| 38609 | SSL Server default Diffie-Hellman prime information |
| 38610 | SSL/TLS Server supports TLS_FALLBACK_SCSV |
| 38626 | OpenSSL oracle padding vulnerability (CVE-2016-2107) |
| 38659 | F5 BIG-IP TLS Vulnerability (Ticketbleed) |
| 38695 | TLS ROBOT Vulnerability Detected |
| 38704 | Secure Sockets Layer/Transport Layer Security (SSL/TLS) Key Exchange Methods |
| 38706 | Secure Sockets Layer/Transport Layer Security (SSL/TLS) Protocol Properties |
| 38764 | TLS Padding Oracle Vulnerability (Zombie POODLE and GOLDENDOODLE) |
| 42007 | Debian OpenSSL Package Random Number Generator Weakness |
| 42012 | X.509 Certificate MD5 Signature Collision Vulnerability |
| 42350 | TLS Secure Renegotiation Extension Support Information |
| 42366 | SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Server Side Vulnerability (BEAST) |
| 42430 | OpenSSL Memory Leak Vulnerability (Heartbleed Bug) |
| 45039 | Host Names Found |
| 45218 | Authenticated Certificate Retrieval - Information |
| 45231 | Trusted Digital Certificates Enumerated From Windows Registry |
| 48143 | Qualys Correlation ID Detected |
| 86000 | Web Server Version |
| 86002 | SSL Certificate - Information |
| 86137 | HTTP Strict Transport Security (HSTS) Support Detected |
| 105737 | EOL/Obsolete Hardware: Cisco Application Control Engine (ACE) 30/4710 Secure Sockets Layer (SSL) Software Development Kit (SDK) Bleichenbacher Attack Information Disclosure Vulnerability (ROBOT) |
| 120604 | Oracle Java SE Critical Patch Update - October 2012 (ROBOT) |
| 316174 | Cisco ASA Bleichenbacher attack on TLS Information Disclosure Vulnerability (ROBOT) |
| 370661 | F5 BIG-IP OpenSSL Man in the Middle Vulnerability (K21905460) (ROBOT) |
| 370683 | Citrix NetScaler ADC and Gateway TLS Padding Oracle Vulnerability (CTX230238) (ROBOT) |
CISA Known Exploited Vulnerabilities
This profile includes vulnerabilities listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. The EASM lightweight scan is performed daily for this profile.
| TCP | UDP |
|---|---|
| 11 | 7 |
| 13 | 13 |
| 15 | 17 |
| 17 | 19 |
| 19-23 | 37 |
| 25 | 53 |
| 37 | 67-69 |
| 42 | 111 |
| 53 | 123 |
| 66 | 135 |
| 69-70 | 137 |
| 79-81 | 161 |
| 88 | 177 |
| 98 | 407 |
| 109-111 | 464 |
| 113 | 500 |
| 118-119 | 517-518 |
| 123 | 520 |
| 135 | 1434 |
| 139 | 1645 |
| 143 | 1701 |
| 220 | 1812 |
| 256-259 | 2049 |
| 264 | 3527 |
| 371 | 4569 |
| 389 | 4665 |
| 411 | 5036 |
| 443 | 5060 |
| 445 | 5632 |
| 464-465 | 6502 |
| 512-515 | 7778 |
| 523-524 | 15345 |
| 540 | |
| 548 | |
| 554 | |
| 563 | |
| 580 | |
| 593 | |
| 636 | |
| 749-751 | |
| 873 | |
| 900-901 | |
| 990 | |
| 992-993 | |
| 995 | |
| 1080 | |
| 1114 | |
| 1214 | |
| 1234 | |
| 1352 | |
| 1433 | |
| 1494 | |
| 1508 | |
| 1521 | |
| 1720 | |
| 1723 | |
| 1755 | |
| 1801 | |
| 2000-2001 | |
| 2003 | |
| 2049 | |
| 2301 | |
| 2401 | |
| 2447 | |
| 2690 | |
| 2766 | |
| 3128 | |
| 3268-3269 | |
| 3306 | |
| 3372 | |
| 3389 | |
| 4100 | |
| 4443-4444 | |
| 4661-4662 | |
| 5000 | |
| 5432 | |
| 5555-5556 | |
| 5631-5632 | |
| 5634 | |
| 5800-5802 | |
| 5900-5901 | |
| 6000 | |
| 6112 | |
| 6346 | |
| 6387 | |
| 6666-6667 | |
| 6699 | |
| 7007 | |
| 7100 | |
| 7161 | |
| 7777-7778 | |
| 8000-8001 | |
| 8010 | |
| 8080-8081 | |
| 8100 | |
| 8888 | |
| 8910 | |
| 9100 | |
| 10000 | |
| 12345-12346 | |
| 20034 | |
| 21554 | |
| 32000 | |
| 32768-32790 |
| ID | Title |
|---|---|
| 10075 | Drupal Core Security Update(SA-CORE-2021-001) |
| 10083 | Atlassian Jira Cross-Site Scripting Vulnerability(JRASERVER-72052) |
| 10369 | SonicWall Secure Mobile Access 100 series Unspecified Vulnerability (SNWLID-2021-0001) |
| 11492 | JBoss Seam Parameterized EL Expressions Remote Code Execution Vulnerability |
| 11515 | SolarWinds Orion API Authentication Bypass Vulnerability (Solorigate/SUPERNOVA) (Unauthenticated check) |
| 11571 | Ruby on Rails Multiple Security Vulnerabilities |
| 11699 | VMware vCenter Server Remote Code Execution Vulnerability (VMSA-2021-0002) |
| 11759 | Netgear Multiple Routers Password Disclosure Vulnerability |
| 11760 | NETGEAR WNR2000 Remote Code Execution Vulnerability |
| 11844 | Apache Struts Showcase App Remote Code Execution Vulnerability (S2-048) |
| 11850 | Citrix NetScaler SD-WAN and CloudBridge Virtual WAN Management Interface Remote Code Execution Vulnerability |
| 11856 | Symantec Messaging Gateway Multiple Vulnerabilities (SYM17-006) |
| 11889 | TripWire Enterprise Console Prior to version 8.6.0 Multiple Vulnerabilities. |
| 11894 | GoAhead LD_PRELOAD Remote Code Execution Vulnerability |
| 118967 | VMware ESX Security Update for Third-Party Components (VMSA-2011-0003) |
| 11930 | JBoss 5.x/6.x Java Deserialization Vulnerability (CVE-2017-12149) |
| 11942 | Drupal Core Remote Code Execution Vulnerability (SA-CORE-2018-002) |
| 11964 | Drupal Core Remote Code Execution Vulnerability (SA-CORE-2018-004) |
| 119701 | VMware ESX Updates to Third Party Libraries and ESX Service Console (VMSA-2011-0012) |
| 11985 | Dasan GPON Home Routers Remote Code Execution Vulnerability |
| 11998 | Cisco RV132W and RV134W Multiple Security Vulnerabilities |
| 12343 | Adobe Multiple Products XML and XML External Entity Injection Vulnerabilities (APSB10-05) |
| 12399 | Adobe Security Hotfix for ColdFusion (APSB10-18) |
| 12483 | Red Hat JBoss EJBInvokerServlet is Accessible to Unauthenticated Remote Users |
| 12542 | Apache Struts2 Multiple Vulnerabilities (S2-008) |
| 12549 | PHP-CGI Query String Parameter Vulnerability |
| 12707 | Apache Struts Multiple Remote Code Execution Vulnerabilities (S2-016,S2-017) |
| 12770 | phpMyAdmin Multiple Vulnerabilities (PMASA-2009-2,PMASA-2009-3) |
| 12834 | SAP NetWeaver Portal ConfigServlet Remote Command Execution Vulnerability (1445998) |
| 12836 | Oracle Forms and Reports Two Vulnerabilities |
| 12930 | Splunk OpenSSL Multiple Vulnerabilities (Heartbleed Bug) |
| 12937 | Apache Archiva Cross-Site scripting and Command Execution Vulnerability |
| 12955 | Elasticsearch Insure Configuration Remote Code Execution |
| 13015 | Parallels Plesk Panel Remote Code Execution Vulnerability |
| 13023 | HTTP File Server "ParserLib.pas" Remote Command Execution Vulnerability |
| 13038 | Bash Command Injection/Remote Code Execution Vulnerability (Remote Detection) (ShellShock) |
| 13081 | HP Smart Update Manager (SUM) Information Disclosure Vulnerability (Heartbleed Bug) |
| 13110 | ElasticSearch Groovy Script Engine Remote Code Execution Vulnerability |
| 13144 | Progress Telerik UI Cryptographic Security Bypass Vulnerability |
| 13147 | MikroTik RouterOS Stack-based Buffer Overflow Vulnerability |
| 13151 | Quest KACE System Management Appliance Multiple Vulnerabilities |
| 13152 | Netgear Multiple Versions Command Injection Vulnerability |
| 13166 | Red Hat Ansible Tower Security Update(RHSA-2020:5249) |
| 13168 | NETGEAR DGN2200v1-'Multiple Vulnerabilities |
| 13182 | VMware NSX SD-WAN Edge by VeloCloud Multiple Remote Command Execution Vulnerabilities |
| 13231 | MikroTik RouterOS Privilege Escalation Vulnerability |
| 13279 | Primetek PrimeFaces Expression Language Remote Code Execution Vulnerability |
| 13303 | Apache ActiveMQ Fileserver Arbitrary Code Execution Vulnerability |
| 13314 | Drupal Core Remote Code Execution Vulnerability (SA-CORE-2020-012) |
| 13378 | ThinkPHP Remote Code Execution Vulnerability |
| 13405 | Cisco Small Business RV320 and RV325 Router Multiple Security Vulnerabilities |
| 13419 | Nexus Repository Manager3 Remote Code Execution Vulnerablility |
| 13420 | Drupal Remote Code Execution (SA-CORE-2019-003) |
| 13438 | ThinkPHP noneCms call_user_func Remote Code Execution Vulnerability |
| 13442 | Ruby on Rails Multiple Security Vulnerabilities |
| 13459 | Atlassian Confluence Server Remote Code Execution Vulnerability (CONFSERVER-57974) |
| 13469 | WordPress Social-Warfare Plugin Stored Cross-Site Scripting Vulnerability |
| 13484 | Crestron AM-100 and AM-101 Multiple Vulnerabilities |
| 13506 | SaltStack Salt Shell Injection Remote Code Execution Vulnerability |
| 13517 | ThinkPHP Remote Code Execution (RCE) Vulnerability |
| 13524 | Jira Server Template Injection Vulnerability (JIRA Security Advisory 2019-07-10) |
| 13543 | Apache Solr Remote Code Execution Vulnerability |
| 13548 | Webmin Remote Code Execution Vulnerability |
| 13560 | Citrix SD-WAN Center Multiple Security Vulnerabilities |
| 13578 | vBulletin routestring Remote Code Execution Vulnerability |
| 13580 | Webmin XXE Vulnerability authenticated Remote Code Execution |
| 13600 | Apache Solr Remote Code Execution Vulnerability |
| 13634 | Nostromo Web Server Unauthenticated Remote Code Execution Vulnerability |
| 13652 | D-Link DIR-859 Multiple Vulnerabilities |
| 13679 | Nortek/Nice Linear eMerge Multiple Vulnerabilities |
| 13686 | PHPUnit Remote Code Execution Vulnerability |
| 13702 | LifeRay Multiple Remote Code Execution Vulnerability |
| 13706 | Grandstream UCM62XX Multiple Vulnerabilities |
| 13712 | Sonatype Nexus Repository Manager Multiple Vulnerabilities |
| 13730 | Draytek Command Injection Vulnerability |
| 13767 | QNAP QTS and Photo Station Multiple Security Vulnerabilities |
| 13769 | Sophos XG Firewall SQL injection Vulnerability |
| 13772 | jQuery Cross-Site Scripting Vulnerability |
| 13798 | VMware Spring Cloud Config Directory Traversal Vulnerability |
| 13816 | Joomla core Cross Site Scripting Vulnerabilities(20200601,20200603,20200604) |
| 13824 | Drupal Core Arbitrary PHP Code Execution Vulnerability (SA-CORE-2020-013) |
| 13833 | Citrix ADC And Citrix Gateway Multiple Security Vulnerability (CTX276688) (unauthenticated check) |
| 13848 | Drupal Core Cross Site Scripting Vulnerability (SA-CORE-2020-002) |
| 13849 | SAP NetWeaver Application Server JAVA (LM Configuration Wizard) Multiple Vulnerabilities (2934135) |
| 13937 | vBulletin Remote Code Execution Vulnerability |
| 13966 | Wordpress File Manager Plugin Remote Code Execution Vulnerability |
| 13995 | SonicWall SONICOS Stack-Based Buffer Overflow Vulnerability (SNWLID-2020-0010) |
| 13998 | MobileIron Enterprise MDM servers Multiple Vulnerabilities |
| 14011 | Ansible Tower Security Update 3.8.2 Multiple Vulnerabilities |
| 14012 | Sitecore Experience Platform Deserialization of Untrusted Data Vulnerability |
| 14015 | Ivanti EPM Cloud Services Appliance (CSA) Code Injection Vulnerability (SA-2021-12-02) |
| 20192 | Oracle Database 12.2.0.1 Critical Patch Update - October 2020 (Unauthenticated) |
| 20194 | Oracle Database 12.1.0.2 Critical Patch Update - October 2020 (Unauthenticated) |
| 20196 | Oracle Database 11.2.0.4 Critical Patch Update - October 2020 (Unauthenticated) |
| 20218 | Oracle Database 12.2.0.1 Critical Patch Update - April 2021 (Unauthenticated) |
| 20220 | Oracle Database 12.1.0.2 Critical Patch Update - April 2021 (Unauthenticated) |
| 216074 | VMware ESX 4.0.0 Patch Release ESX400-201410001 Missing (KB2090853) (Shellshock) |
| 216075 | VMware ESX 4.1.0 Patch Release ESX410-201410001 Missing (KB2090859) (ShellShock) |
| 216105 | VMware vCenter 6.0.0b Missing (VMSA-2016-0005) |
| 216122 | VMware vCenter 6.5b Missing (VMSA-2017-0004) |
| 216222 | VMware vCenter Server 6.7 Update 6.7 u3f Missing (VMSA-2020-0006) |
| 216253 | VMware vCenter Server 7.0 Update 7.0 U1c Missing (VMSA-2021-0002) |
| 216254 | VMware vCenter Server 6.7 Update 6.7 U3l Missing (VMSA-2021-0002) |
| 216255 | VMware vCenter Server 6.5 Update 6.5 U3n Missing (VMSA-2021-0002) |
| 216267 | VMware vCenter Server 6.5 Update 6.5 U3q (VMSA-2021-0020) |
| 216285 | VMware vCenter Server 6.5 Update 6.5 U3R (VMSA-2022-0009) |
| 216286 | VMware vCenter Server 6.7 Update 6.7 U3P (VMSA-2022-0009) |
| 216287 | VMware vCenter Server 7.0 Update 7.0 U3D (VMSA-2022-0009) |
| 216315 | VMware vCenter Server 8.0 Update 8.0 U1d (VMSA-2023-0023) |
| 216316 | VMware vCenter Server 8.0 Update 8.0 U2 (VMSA-2023-0023) |
| 216317 | VMware vCenter Server 7.0 Update 7.0 U3o (VMSA-2023-0023) |
| 216318 | VMware vCenter Server 6.7 Update 6.7U3T (VMSA-2023-0023) |
| 216319 | VMware vCenter Server 6.5 Update 6.5U3V (VMSA-2023-0023) |
| 216331 | VMware ESXi 8.0 Update 3 Patch Release 24022510 (VMSA-2024-0013) |
| 216333 | VMware ESXi 7.0 Authentication Bypass Vulnerability (VMSA-2024-0013) |
| 216334 | VMware vCenter Server Multiple Security Vulnerabilities (VMSA-2024-0019) |
| 216335 | VMware ESXi 7.0 Multiple Security Vulnerabilities (VMSA-2025-0004) |
| 216336 | VMware ESXi 8.0 Multiple Security Vulnerabilities (VMSA-2025-0004) |
| 216337 | VMware ESXi 6.7 Multiple Security Vulnerabilities (vmware-esxi-67-patch-release) |
| 296048 | Oracle Solaris PAM Remote Code Execution Vulnerability (Unauthenticated check)(Intrusive Check) |
| 374803 | Zyxel Firewalls And AP Controller Hardcoded Credential Vulnerability |
| 376392 | SAP NetWeaver Request Smuggling and Request Concatenation Vulnerability |
| 380346 | SolarWinds Web Help Desk (WHD) Java Deserialization Vulnerability (CVE-2024-28986) |
| 38503 | HP OpenView Network Node Manager Remote Command Execution Vulnerability |
| 38789 | Multiple HP Printers Treck Network Stack Potential Vulnerabilities (Ripple20) |
| 38791 | F5 BIG-IP ASM,LTM,APM TMUI Remote Code Execution Vulnerability (K52145254) (unauthenticated check) |
| 38792 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability |
| 38833 | F5 BIG-IP ASM,LTM,APM Multiple vulnerabilities (K02566623) (unauthenticated check) |
| 38856 | Cisco TelePresence Video Communication Server (VCS) Apache Hypertext Transfer Protocol Server (HTTP Server) Vulnerability (cisco-sa-apache-httpd-2.4.49-VWL69sWQ) |
| 38965 | Dell PowerScale OneFS Multiple Security Vulnerabilities (DSA-2024-453) |
| 38980 | Erlang/OTP SSH Server Remote Code Execution (RCE) Vulnerability |
| 38981 | Brocade Fabric OS Code Injection Vulnerability |
| 42430 | OpenSSL Memory Leak Vulnerability (Heartbleed Bug) |
| 42440 | Juniper Junos Space Multiple Vulnerabilities (JSA10627) |
| 43565 | Realtek SDK Command Injection Remote Code Execution Vulnerability. |
| 44051 | FortiOS Path Traversal Vulnerability (FG-IR-22-369) (Unauthenticated Check) |
| 44054 | Fortigate FortiOS Arbitrary File Download Vulnerability (FG-IR-21-201) (Unauthenticated Check) |
| 50089 | Exim b64decode Remote Code Execution Vulnerability |
| 50108 | Microsoft Exchange Server Remote Code Execution Vulnerability (unauthenticated check) (ProxyLogon) |
| 50114 | Microsoft Exchange Server Multiple Vulnerabilities (ProxyShell) (unauthenticated) |
| 53012 | Exim Mail Server Multiple Vulnerabilities |
| 730034 | VMware vRealize Operations Multiple Vulnerabilities (VMSA-2021-0004) |
| 730070 | Cisco HyperFlex HX Command Injection Vulnerabilities(cisco-sa-hyperflex-rce-TjjNrkpR) |
| 730102 | VMware vCenter Server Remote Code Execution (RCE) Vulnerability (VMSA-2021-0010) (UNAUTHENTICATED)) |
| 730112 | Atlassian Jira Component Apache Tomcat Hypertext Transfer Protocol (HTTP) Request Smuggling Vulnerability (JRASERVER-70993) |
| 730117 | Atlassian Jira Server Template Injection Vulnerability (JRASERVER-69532) |
| 730134 | Kaseya VSA Multiple Security Vulnerabilities |
| 730154 | Atlassian Jira Server and Data Center Path traversal Vulnerability (JRASERVER-72695) |
| 730169 | Solarwinds Orion SUPERNOVA Malware Detected (Remote Detection) |
| 730172 | Atlassian Confluence Server Webwork OGNL Injection Vulnerabilty (CONFSERVER-67940) |
| 730176 | Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability (cisco-sa-voip-phones-rce-dos-rB6EeRXs) |
| 730184 | Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability (CONFSERVER-67893) |
| 730204 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability (OMIGOD)(Unauthenticated) |
| 730209 | Apache Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities |
| 730221 | SonicWall Secure Mobile Access 100 series Pre-Authentication SQL Injection Vulnerability (SNWLID-2019-0016) |
| 730224 | SonicWall Secure Mobile Access 100 series Pre-Authentication Directory Traversal Vulnerability (SNWLID-2019-0018) |
| 730238 | Grafana Enterprise Snapshot Authentication Bypass Vulnerability |
| 730246 | BQE BillQuick Web Suite SQL Injection Vulnerability |
| 730256 | WordPress Snap Creek Duplicator and Duplicator Pro Plugins Directory Traversal Vulnerability |
| 730258 | rConfig OS Command Injection Vulnerability |
| 730297 | Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell) (Unauthenticated) |
| 730298 | Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (Unauthenticated Check) |
| 730301 | Apache Solr Affected By Apache Log4J Vulnerability (Log4Shell) |
| 730302 | Atlassian Bitbucket Server and Data Center Versions Security Fixes (CVE-2021-44228) (Log4Shell) |
| 730303 | Apache Flink Emergency Release for Apache Log4j Vulnerability (Log4Shell) |
| 730317 | VMware Horizon Windows and Linux Agent Apache Log4j Remote Code Execution (RCE) Vulnerabilities (Unauthenticated Check) (Log4Shell) |
| 730322 | Metabase Local File Inclusion (LFI) Vulnerability |
| 730329 | Dell EMC NetWorker Virtual Edition Multiple Apache Log4j Remote Code Execution (RCE) Vulnerabilities (DSA-2021-280) |
| 730331 | Dell EMC NetWorker Virtual Edition multiple Apache Log4j Remote Code Execution (RCE) Vulnerabilities (DSA-2021-280) |
| 730332 | Couchbase Server Security Update For Log4shell |
| 730336 | OctoberCMS Account Reset Vulnerability |
| 730337 | SonicWall Secure Mobile Access 100 Multiple Vulnerabilities (SNWLID-2021-0026) |
| 730346 | Cisco Small Business RV (160|260) Series Routers Vulnerabilities (cisco-sa-smb-mult-vuln-KA9PK6D) |
| 730347 | Cisco Small Business RV (340|345) Series Routers Vulnerabilities (cisco-sa-smb-mult-vuln-KA9PK6D) |
| 730359 | Adobe Commerce Improper Input Validation (APSB22-12) |
| 730361 | Apache Apisix Batch-Requests Plugin Remote Code Execution (RCE) Vulnerability |
| 730362 | Neo4j Database Server Affected by Apache Log4j Security Vulnerability |
| 730367 | Dell EMC SRM Remote Code Execution (RCE) Vulnerability (DSA-2021-301) |
| 730378 | Netis WF2419 Remote Code Execution (RCE) Vulnerability |
| 730386 | EyesOfNetwork Multiple Vulnerabilities |
| 730399 | SonicWall On-Premise Email Security Multiple Security Vulnerabilities (SNWLID-2021-0007,SNWLID-2021-0008) |
| 730402 | SonicWall On-Premise Email Post-Authentication Arbitrary File Read Vulnerability (SNWLID-2021-0010) |
| 730411 | Sophos Firewall Remote Code Execution (RCE) Vulnerability (sophos-sa-20220325-sfos-rce) |
| 730414 | Dell InsightIQ Security Update for Polkit Vulnerability (DSA-2022-050) |
| 730416 | Spring Core Remote Code Execution (RCE) Vulnerability (Spring4Shell) (Unauthenticated Check) |
| 730418 | Spring Cloud Function Remote Code Execution (RCE) Vulnerability (Unauthenticated Check) |
| 730426 | Apache Flink Arbitrary File Read Vulnerability |
| 730430 | Apache Kylin Command Injection Vulnerability |
| 730447 | VMware Identity Manager (vIDM) and Workspace ONE Access Remote Code Execution (RCE) Vulnerability (Unauthenticated Check) |
| 730454 | WSO2 API Manager Unrestricted Arbitrary File Upload and Remote Code Execution (RCE) Vulnerability (WSO2-2021-1738) |
| 730457 | WSO2 Unrestricted Arbitrary File Upload and Remote Code Execution (RCE) Vulnerability (WSO2-2021-1738) (Intrusive Check) |
| 730467 | Apache CouchDB Remote Privilege Escalation Vulnerability |
| 730482 | Atlassian Jira Spring Framework Remote Code Execution (RCE) Vulnerability (JRASERVER-73773) |
| 730489 | F5 BIG-IP iControl REST Remote Code Execution (RCE) Vulnerability (K23605346) (Unauthenticated Check) |
| 730491 | Zyxel Firewall OS Command Injection Vulnerability |
| 730495 | Dot CMS Multipart File Directory Traversal and Remote Code Execution (RCE) Vulnerability |
| 730496 | Apache Shiro Remote Code Execution (RCE) Vulnerability |
| 730510 | Atlassian Jira Remote Code Execution (RCE) Vulnerability (JRASERVER-73223) |
| 730512 | Oracle Fusion Middleware BI Publisher Unauthorized Access Vulnerability (cpuapr2019) |
| 730514 | Atlassian Confluence Server and Confluence Data Center Remote Code Execution (RCE) Vulnerability (CONFSERVER-79016) (Unauthenticated Check) |
| 730516 | Atlassian Confluence Server and Confluence Data Center Remote Code Execution (RCE) Vulnerability (CONFSERVER-78586) |
| 730556 | Oracle Fusion Middleware BI Publisher Denial of Service (DoS) Vulnerability (cpuapr2012) |
| 730563 | Oracle Fusion Middleware BI Publisher Integrity Issues (cpuoct2012) |
| 730569 | Atlassian Confluence Server and Confluence Data Center - Questions For Confluence App - Hardcoded Password Vulnerability (CONFSERVER-79483) |
| 730573 | Apache Spark Command Injection Vulnerability (Unauthenticated Check) |
| 730590 | Redis Sandbox Escape Remote Code Execution (RCE) Vulnerability |
| 730600 | Atlassian Bitbucket Server and Data Center - Command Injection Vulnerability (BSERV-13438) |
| 730616 | Sophos Firewall Remote Code Execution (RCE) Vulnerability (sophos-sa-20220923-sfos-rce) |
| 730621 | Microsoft Exchange Server Multiple Vulnerabilities (ProxyNotShell) (Unauthenticated Check) |
| 730623 | FortiOS Authentication Bypass Vulnerability on Administrative Interface (HTTP/HTTPS) (FG-IR-22-377)(Unauthenticated Check) |
| 730626 | Ignition Laravel Debug Remote Code Execution (RCE) Vulnerability |
| 730669 | VMware NSX Manager Remote Code Execution (RCE) Vulnerability (VMSA-2022-0027) |
| 730670 | Oracle E-Business Suite Multiple Security Vulnerabilities (CPUOCT2022) |
| 730674 | Oracle Access Manager Remote Code Execution (RCE) Vulnerability (cpujan2022) |
| 730675 | ForgeRock Access Management and OpenAM Remote Code Execution (RCE) Vulnerability |
| 730678 | TIBCO JasperReports Library Directory Traversal Vulnerability (Tibco-Security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809) |
| 730689 | TIBCO JasperReports Server Information Disclosure Vulnerability |
| 730694 | CWP7 (Control Web Panel 7 or CentOS Web Panel 7) Remote Code Execution (RCE) Vulnerability |
| 730703 | Cacti Unauthenticated Command Injection Vulnerability |
| 730704 | SugarCRM Remote Code Execution (RCE) Vulnerability |
| 730708 | Zoho ManageEngine Remote Code Execution (RCE) Vulnerability |
| 730712 | Citrix Application Delivery Controller (ADC) and Citrix Gateway Arbitrary Code Execution Vulnerability (CTX474995) |
| 730720 | GoAnywhere Managed File Transfer (MFT) Remote Code Execution (RCE) Vulnerability |
| 730726 | TerraMaster NAS Remote Code Execution (RCE) Vulnerability |
| 730735 | Joomla Webservice Endpoints Improper Access Control Vulnerability (Active Check) |
| 730739 | IBM Aspera Faspex Multiple Security Vulnerabilities (6952319) |
| 730740 | Oracle WebLogic Server Remote Code Execution (RCE) Vulnerability (CPUJAN2023) |
| 730744 | jai-ext Remote Code Execution (RCE) Vulnerability (GHSA-v92f-jx6p-73rx) |
| 730749 | GLPI Command Injection Vulnerability |
| 730764 | Cisco Small Business RV (016|042|42G|082|320|325) Routers Remote Command Execution Vulnerability (cisco-sa-sbr042-multi-vuln-ej76Pke5) |
| 730787 | MinIO Information Disclosure Vulnerability |
| 730790 | PaperCut NG/MF Multiple Security Vulnerabilities (PO-1216 and PO-1219) |
| 730792 | Apache Superset Session Validation Vulnerability (n0ftx60sllf527j7g11kmt24wvof8xyk) |
| 730794 | Adobe ColdFusion Unauthenticated Remote Code Execution (RCE) Vulnerability (APSB23-25) |
| 730796 | TP-Link Archer AX21 (AX1800) Unauthenticated Command Injection Vulnerability |
| 730825 | VMware Aria Operations for Networks Multiple Security Vulnerabilities (VMSA-2023-0012.1) |
| 730838 | Openfire Authentication Bypass Vulnerability (GHSA-gw42-f939-fhvm) |
| 730842 | Adobe ColdFusion Unauthenticated Remote Code Execution (RCE) Vulnerability (APSB23-47) (Unauthenticated Check) |
| 730859 | Ivanti Endpoint Manager Mobile (EPMM) Remote Arbitrary File Write Vulnerability |
| 730860 | Ivanti Endpoint Manager Mobile (EPMM) Remote Unauthenticated API Access Vulnerability |
| 730864 | Ivanti Endpoint Manager Mobile (EPMM) Remote Unauthenticated API Access Vulnerability (CVE-2023-35082) |
| 730868 | Apache RocketMQ Remote Code Execution (RCE) Vulnerability |
| 730875 | Ivanti Sentry Authentication Bypass Vulnerability |
| 730925 | Juniper Network Operating System (Junos OS) Remote Code Execution (RCE) Vulnerability (JSA72300) (Unauthenticated Check) |
| 730931 | Atlassian Confluence Server and Data Center Privilege Escalation Vulnerability (CONFSERVER-92475) (Unauthenticated Check) |
| 730937 | Apache Tomcat Multiple Vulnerabilities |
| 730958 | Jenkins HTTP/2 Denial of Service (DoS) Vulnerability (Jenkins Security Advisory 2023-10-18) |
| 730959 | Roundcube Webmail SVG Document Persistent Cross-Site Scripting (XSS) Vulnerability |
| 730963 | Apache ActiveMQ Remote Code Execution (RCE) Vulnerability (CVE-2023-46604) |
| 730964 | Joomla Information Disclosure Vulnerability (20230201) |
| 730965 | Cisco Internetwork Operating System (IOS) XE Software Web UI Privilege Escalation Vulnerability (cisco-sa-iosxe-webui-privesc-j22SaA4z) (Unauthenticated Check) |
| 730966 | Atlassian Confluence Server and Data Center Improper Authorization Vulnerability (CONFSERVER-93142) (Unauthenticated Check) |
| 730970 | SysAid On-Prem Path Traversal Vulnerability |
| 730977 | Atlassian Confluence Data Center and Server Denial of Service (DoS) Vulnerability (CONFSERVER-93163) |
| 730985 | OwnCloud Sensitive Information Disclosure Vulnerability |
| 730994 | Qlik Sense Enterprise for Windows Multiple Security Vulnerabilities |
| 731034 | Cisco Prime Infrastructure Distributed Denial of Service (DDoS) Vulnerability (cisco-sa-http2-reset-d8Kf32vZ) |
| 731043 | Sophos Secure Web Appliance Multiple Vulnerabilities (sophos-sa-20230404-swa-rce) |
| 731099 | Hewlett Packard Enterprise (HPE) OneView Multiple Vulnerabilities (HPESBGN04586) |
| 731126 | Ivanti Connect Secure and Ivanti Policy Secure Privilege Escalation Vulnerability (000090322) |
| 731144 | Zyxel ATP Firewall OS Command Injection Vulnerability (CVE-2023-28771) |
| 731153 | Roundcube Webmail rcube_string_replacer.php Persistent Cross-Site Scripting (XSS) Vulnerability |
| 731204 | Accellion File Transfer Appliance (FTA) Multiple Security Vulnerabilities (CVE-2021-27101,CVE-2021-27104) |
| 731208 | Accellion File Transfer Appliance (FTA) Multiple Security Vulnerabilities (CVE-2021-27102,CVE-2021-27103) |
| 731226 | QNAP VioStor NVR OS Command Injection Vulnerability |
| 731228 | Novi Survey Arbitrary Code Execution Vulnerability |
| 731229 | Hikvision IP camera/NVR firmware Remote Code Execution (RCE) Vulnerability (Intrusive Check) |
| 731230 | Zyxel ATP Firewall Buffer Overflow Vulnerability (CVE-2023-33010) |
| 731231 | Zyxel ATP Firewall Buffer Overflow Vulnerability (CVE-2023-33009) |
| 731232 | Buffalo Router Authentication Bypass Vulnerability |
| 731233 | Zyxel Network Attached Storage (NAS) and Firewall Remote Code Execution (RCE) Vulnerability |
| 731237 | Yealink Device Management Multiple Vulnerabilities |
| 731238 | Ruckus Wireless Multiple Security Vulnerabilities |
| 731240 | QNAP QTS Multiple Security Vulnerabilities (QSA-20-01) |
| 731242 | QNAP QTS Command Injection Vulnerability (QSA-21-05) |
| 731243 | Unraid Remote Code Execution (RCE) Vulnerability |
| 731245 | SolarView Compact Remote Code Execution (RCE) Vulnerability |
| 731246 | TVT NVMS-1000 Directory Traversal Vulnerability |
| 731248 | Sunhillo SureLine OS Command Injection Vulnerability |
| 731250 | NETGEAR Remote Code Execution (RCE) Vulnerability |
| 731252 | NETGEAR ProSAFE Plus Remote Code Execution (RCE) Vulnerability |
| 731253 | Micro Focus Operations Bridge Reporter (OBR) Remote Code Execution (RCE) Vulnerability |
| 731277 | TP-Link Router Directory Traversal Vulnerability |
| 731278 | Tenda Router AC11 Remote Code Execution (RCE) Vulnerability |
| 731283 | Alcatel-Lucent OmniPCX Enterprise Communication Server Remote Code Execution (RCE) Vulnerability |
| 731285 | Progress Kemp LoadMaster Unauthenticated Command Injection Vulnerability |
| 731291 | FortiClient Endpoint Management Server (EMS) SQL Injection Vulnerability (Unauthenticated Check) |
| 731298 | Realtek Jungle Software Development Kit (SDK) Command Injection Vulnerability |
| 731317 | Kaseya VSA Remote Code Execution (RCE) Vulnerability |
| 731319 | Kaseya VSA Remote Code Execution (RCE) Vulnerability |
| 731354 | Aviatrix Controller Remote Code Execution (RCE) Vulnerability (Intrusive Check) |
| 731363 | Future X AE1021PE Command Injection Vulnerability |
| 731365 | D-Link NAS Storage Devices Remote Code Execution (RCE) Vulnerability |
| 731377 | Cisco Small Business RV (016,042,042G,082) Routers Arbitrary Command Execution Vulnerability (cisco-sa-20191106-sbrv-cmd-x) |
| 731448 | D-Link Multiple Security Vulnerabilities |
| 731450 | D-Link DNS-320 Remote Code Execution (RCE) Vulnerability |
| 731451 | D-Link Remote Code Execution (RCE) Vulnerability |
| 731456 | Palo Alto Networks (PAN-OS) Command Injection Vulnerability (PAN-252214) (Unauthenticated Check) |
| 731463 | D-Link Remote Code Execution (RCE) Vulnerability |
| 731464 | D-Link DNS-320 Remote Code Execution (RCE) Vulnerabilty |
| 731467 | D-Link DIR-300 Sensitive Information Disclosure Vulnerability |
| 731468 | D-Link DSL-2750B OS Command Injection Vulnerability |
| 731476 | D-Link DIR-825 R1 Buffer Overflow Vulnerability |
| 731477 | D-Link DIR-645 Remote Code Execution (RCE) Vulnerability |
| 731478 | D-Link DIR-610 Remote Code Execution (RCE) Vulnerability |
| 731479 | D-Link DIR-820L Remote Code Execution (RCE) Vulnerability |
| 731480 | D-Link DCS-930L Command Injection Vulnerability |
| 731481 | D-Link DSL-2760U Multiple Cross-Site Scripting (XSS) Vulnerabilities |
| 731482 | Multiple D-Link Routers Remote Code Execution (RCE) Vulnerability |
| 731483 | D-Link DWL-2600AP Command Injection Vulnerability |
| 731484 | QNAP QTS Photo Station Local File Inclusion (LFI) Vulnerability |
| 731488 | Sumavision Enhanced Multimedia Router Cross-Site Request Forgery (CSRF) Vulnerability (Intrusive Check) |
| 731501 | Atlassian Jira Software Data Center and Server Denial of Service (DoS) Vulnerability (JSWSERVER-25398) |
| 731506 | QNAP QTS Improper Authorization Vulnerability (QSA-21-13) |
| 731507 | Tenda Routers Command Injection Vulnerability |
| 731518 | Ubiquiti AirOS Command Injection Vulnerability |
| 731519 | Tenda AC15 AC1900 Remote Code Execution (RCE) Vulnerability |
| 731525 | FatPipe File Upload Vulnerability |
| 731538 | D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability |
| 731557 | D-Link DIR-605 Router Information Disclosure Vulnerability |
| 731563 | ZyXEL P660HN-T1A Router Unauthenticated Command Injection Vulnerability |
| 731565 | IBM Data Risk Manager Multiple Vulnerabilities |
| 731567 | Checkbox Survey Insecure Deserialization Vulnerability |
| 731568 | Check Point Security Gateways Information Disclosure Vulnerability (Unauthenticated Check) |
| 731570 | Progress Telerik Report Server Multiple Vulnerabilities |
| 731571 | Apache HugeGraph-Server Remote Code Execution (RCE) Vulnerability |
| 731573 | LG N1A1 NAS Remote Code Execution (RCE) Vulnerability |
| 731574 | NETGEAR Buffer Overflow Vulnerability |
| 731580 | Rejetto Hypertext Transfer Protocol (HTTP) File Server Remote Code Execution (RCE) Vulnerability |
| 731581 | Zyxel NAS Device Command Injection Vulnerability |
| 731582 | SolarWinds Serv-U Directory Transversal Vulnerability (Unauthenticated Check) |
| 731604 | Adobe Magento XML External Entity (XXE) Vulnerability |
| 731612 | IBM MQ Appliance Multiple Vulnerabilities (7157537,7157536,7157534,7157388,7157387) |
| 731613 | Apache Hypertext Transfer Protocol Server (HTTP Server) Prior to 2.4.60 Multiple Security Vulnerabilities |
| 731614 | GeoServer Remote Code Execution (RCE) Vulnerability (GHSA-6jj6-gm7p-fcvv) |
| 731625 | D-Link DIR-859 Unauthenticated Path Traversal Vulnerability |
| 731627 | Zyxel EMG2926-Q10A Authenticated Arbitrary Command Injection Vulnerability |
| 731637 | ServiceNow Multiple Security Vulnerabilities |
| 731668 | Dell Unisphere for PowerMax Security Update for Multiple Vulnerabilities |
| 731669 | Dell Solutions Enabler Multiple Security Vulnerabilities |
| 731694 | Apache OFBiz Authentication Bypass Vulnerability |
| 731703 | Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability |
| 731717 | SolarWinds Web Help Desk Broken Access Control Vulnerability |
| 731721 | Dahua IP Camera Authentication Bypass Vulnerability |
| 731723 | SonicWall SONICOS Improper Access Control Vulnerability (SNWLID-2024-0015) |
| 731741 | Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability (Intrusive Check) |
| 731742 | Draytek VigorConnect Multiple Vulnerabilities |
| 731745 | Apache OFBiz Multiple Vulnerabilities (OFBIZ-13130,OFBIZ-13132) |
| 731817 | D-Link DIR820 Command Injection Vulnerability |
| 731819 | DrayTek Vigor Remote Code Execution (RCE) Vulnerability (Intrusive Check) |
| 731836 | Palo Alto Networks Expedition Multiple Vulnerabilities (Unauthenticated Check) |
| 731853 | SonicWall Secure Remote Access SQL Injection Vulnerability |
| 731868 | Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability |
| 731872 | CyberPanel Remote Code Execution (RCE) Vulnerability |
| 731882 | PTZOptics PT30X-SDI/NDI-xx Multiple Security Vulnerabilities |
| 731885 | Ivanti Cloud Services Appliance Command Injection Vulnerability (Unauthenticated Check) |
| 731895 | Schneider Electric U.Motion Builder Remote Code Execution (RCE) Vulnerability (SEVD-2019-071-02) |
| 731919 | Palo Alto Networks (PAN-OS) Authentication Bypass Vulnerability (Unauthenticated Check) |
| 731920 | Palo Alto Networks (PAN-OS) Privilege Escalation Vulnerability (Intrusive Check) |
| 731962 | ProjectSend Improper Authorization Vulnerability (Intrusive Check) |
| 731964 | Zyxel Firewall Directory Traversal Vulnerability |
| 731973 | North Grid Proself Extensible Markup Language (XML) Vulnerability |
| 731976 | Mitel MiCollab Authentication Bypass Vulnerability (MISA-2024-0029) |
| 732081 | Cleo Remote Code Execution (RCE) Vulnerability |
| 732128 | BeyondTrust Remote Support Command Injection Vulnerability |
| 732134 | Acclaim Systems USAHERDS Hard-Coded Credentials Vulnerability |
| 732141 | DrayTek Gateway Command Injection Vulnerability |
| 732142 | D-Link Router Command Injection Vulnerability (SAP10282) |
| 732163 | SonicOS Multiple Security Vulnerabilities (SNWLID-2025-0003) |
| 732166 | Ivanti Connect Secure Multiple Vulnerabilities |
| 732167 | Ivanti Policy Secure Multiple Vulnerabilities |
| 732171 | Aviatrix Network Controller Command Injection Vulnerability |
| 732174 | Oracle Agile Product Lifecycle Management (PLM) Remote Code Execution (RCE) Vulnerability |
| 732189 | SimpleHelp Multiple Security Vulnerabilities |
| 732228 | Trimble Cityworks Insecure Deserialization Vulnerability |
| 732234 | Ivanti Connect Secure Multiple Vulnerabilities |
| 732239 | Palo Alto Networks (PAN-OS) Authentication Bypass in the Management Web Interface Vulnerability (PAN-273971) (Unauthenticated Check) |
| 732244 | BeyondTrust Privileged Remote Access Command Injection Vulnerability |
| 732245 | Zyxel Router Multiple Security Vulnerabilities |
| 732247 | Sophos XG Firewall Buffer Overflow and Remote Code Execution (RCE) Vulnerability |
| 732251 | WSO2 API Manager Remote Code Execution (RCE) Vulnerability (WSO2-2021-1738) |
| 732253 | SonicWall SonicOS Authentication Bypass Vulnerability |
| 732288 | Wazuh Server Remote Code Execution (RCE) Vulnerability |
| 732291 | Mitel SIP Phone Command Injection Vulnerability (Mitel Product Security Advisory 24-0019) (Intrusive Check) |
| 732292 | Reolink Cameras Remote Code Execution (RCE) Vulnerability |
| 732293 | Sophos CyberoamOS SQL Injection Vulnerability (CVE-2020-29574) |
| 732303 | Hitachi Pentaho Business Analytics Server Multiple Vulnerabilities |
| 732304 | Craft CMS Remote Code Execution (RCE) Vulnerability (GHSA-2p6p-9rc9-62j9) |
| 732305 | Nakivo Backup and Replication Arbitrary File Read Vulnerability (CVE-2024-48248) |
| 732306 | NUUO NVRmini 2 Remote Code Execution (RCE) Vulnerability |
| 732312 | NUUO NVRmini Remote Code Execution (RCE) Vulnerability |
| 732316 | WatchGuard Firebox Management Remote Code Execution (RCE) Vulnerability |
| 732342 | Apache Tomcat Path Equivalence Remote Code Execution (RCE) Vulnerability (Intrusive Check) |
| 732348 | Atlassian Crowd Data Center and Server Multiple Denial of Service (DoS) Vulnerabilities (CWD-6341, CWD-6342) |
| 732355 | AMI MegaRAC Redfish Authentication Bypass Vulnerability (CVE-2024-54085) |
| 732359 | Edimax IC-7100 IP Camera OS Command Injection Vulnerability |
| 732384 | WatchGuard Firebox Management Privilege Escalation Vulnerability |
| 732389 | Sitecore Experience Platform Insecure Deserialization Vulnerability |
| 732399 | CrushFTP Authentication Bypass Vulnerability (Unauthenticated Check) |
| 732410 | Ivanti Policy Secure Remote Code Execution (RCE) Vulnerability |
| 732427 | Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus Remote Code Execution (RCE) Vulnerability |
| 732434 | Langflow AI Remote Code Execution (RCE) Vulnerability |
| 732458 | Commvault Command Center Remote Code Execution (RCE) Vulnerability |
| 732461 | SAP NetWeaver Visual Composer Development Server Missing Authorization Vulnerability |
| 732475 | Active! Mail Buffer OverFlow Vulnerability |
| 732483 | SonicWall SMA100 Path Traversal Vulnerability |
| 732523 | Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution (RCE) Vulnerability (CVE-2025-4427,CVE-2025-4428) |
| 732528 | SAP NetWeaver Visual Composer Development Server Insecure Deserialization Vulnerability |
| 732579 | MagicINFO 9 Server Path Traversal Vulnerability (Intrusive Check) |
| 732606 | ZKTeco BioTime Path Traversal Vulnerability |
| 732624 | Roundcube Webmail Multiple Security Vulnerabilities |
| 732675 | ASUS Router GT-AC2900 Authentication Bypass Vulnerability |
| 732706 | TP-Link TL-WR940N Wireless Router Remote Code Execution (RCE) Vulnerability (CVE-2023-33538) |
| 732707 | TP-Link TL-WR841N Wireless Router Remote Code Execution (RCE) Vulnerability (CVE-2023-33538) |
| 732730 | Citrix NetScaler Memory Disclosure CitrixBleed 2 Vulnerability |
| 78060 | Array Networks ArrayOS AG/vxAG Remote Code Execution (RCE) Vulnerability |
| 78061 | SonicWall Secure Mobile Access (SMA) 100 Multiple Vulnerabilities (SNWLID-2024-0018) |
| 78063 | SonicWall Secure Mobile Access (SMA) Multiple Vulnerabilities (SNWLID-2021-0021, SNWLID-2021-0022) |
| 78064 | Cisco Small Business RV Series Routers Erlang/OTP SSH Server Remote Code Execution (RCE) Vulnerability (cisco-sa-erlang-otp-ssh-xyZZy) |
| 78065 | SonicWall Secure Mobile Access (SMA) 100 SSL-Virtual Private Network (VPN) Vulnerability (SNWLID-2023-0018) |
| 86573 | Apache Tomcat Multiple Vulnerabilities |
| 86882 | Red Hat JBoss Application Server Web Console and JMX Management Console Authentication Bypass Vulnerability |
| 87122 | HP System Management Homepage Multiple Vulnerabilities (HPSBMU02786) |
| 87304 | Apache Tomcat Information Disclosure and Remote Code Execution Vulnerability |
| 87400 | PHP 7 Remote Code Execution Vulnerability |
| 87412 | Cisco DCNM File Information Disclosure Vulnerability(cisco-sa-20150401-dcnm) |
| 87413 | Apache Tomcat AJP File Inclusion Vulnerability (unauthenticated check) |
| 87432 | Oracle WebLogic Server Remote Code Execution Vulnerability (CPUOCT2020) (Unauthenticated) |
| 87437 | SAP Solution Manager Missing Authentication Vulnerability (2890213) |
| 87446 | SAP NetWeaver AS JAVA Directory Traversal Vulnerability (2234971) |
| 87447 | SAP NetWeaver AS JAVA 7.5 XML External Entity Vulnerability (2296909) |
| 87461 | SAP NetWeaver AS Java Directory Traversal Vulnerability (2486657) |
| 87465 | Apache Hypertext Transfer Protocol Server (HTTP Server) Path Traversal and Null Pointer Dereference Vulnerabilities |
| 87466 | Apache Hypertext Transfer Protocol (HTTP) Server Path Traversal Vulnerability |
| 87468 | Apache Hypertext Transfer Protocol (HTTP) Server mod_proxy Server-Side Request Forgery (SSRF) Vulnerability |
| 87471 | SAP NetWeaver AS Java Directory Traversal Vulnerability (2547431) |
| 87492 | SAP NetWeaver AS SQL Injection Vulnerability |
| 87493 | SAP NetWeaver AS Exposure of Sensitive Information Vulnerability |
| 87494 | SAP NetWeaver AS File Upload Vulnerability |
| 91541 | Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (BlueKeep) (unauthenticated check) |
Vulnerabilities detected by remote scans
This profile includes all the vulnerabilities that are remotely scanned. The EASM lightweight scan is performed every three days for this profile.
| TCP | UDP |
|---|---|
| 11 | 7 |
| 13 | 13 |
| 15 | 17 |
| 17 | 19 |
| 19-23 | 37 |
| 25 | 53 |
| 37 | 67-69 |
| 42 | 111 |
| 53 | 123 |
| 66 | 135 |
| 69-70 | 137 |
| 79-81 | 161 |
| 88 | 177 |
| 98 | 407 |
| 109-111 | 464 |
| 113 | 500 |
| 118-119 | 517-518 |
| 123 | 520 |
| 135 | 1434 |
| 139 | 1645 |
| 143 | 1701 |
| 220 | 1812 |
| 256-259 | 2049 |
| 264 | 3527 |
| 371 | 4569 |
| 389 | 4665 |
| 411 | 5036 |
| 443 | 5060 |
| 445 | 5632 |
| 464-465 | 6502 |
| 512-515 | 7778 |
| 523-524 | 15345 |
| 540 | |
| 548 | |
| 554 | |
| 563 | |
| 580 | |
| 593 | |
| 636 | |
| 749-751 | |
| 873 | |
| 900-901 | |
| 990 | |
| 992-993 | |
| 995 | |
| 1080 | |
| 1114 | |
| 1214 | |
| 1234 | |
| 1352 | |
| 1433 | |
| 1494 | |
| 1508 | |
| 1521 | |
| 1720 | |
| 1723 | |
| 1755 | |
| 1801 | |
| 2000-2001 | |
| 2003 | |
| 2049 | |
| 2301 | |
| 2401 | |
| 2447 | |
| 2690 | |
| 2766 | |
| 3128 | |
| 3268-3269 | |
| 3306 | |
| 3372 | |
| 3389 | |
| 4100 | |
| 4443-4444 | |
| 4661-4662 | |
| 5000 | |
| 5432 | |
| 5555-5556 | |
| 5631-5632 | |
| 5634 | |
| 5800-5802 | |
| 5900-5901 | |
| 6000 | |
| 6112 | |
| 6346 | |
| 6387 | |
| 6666-6667 | |
| 6699 | |
| 7007 | |
| 7100 | |
| 7161 | |
| 7777-7778 | |
| 8000-8001 | |
| 8010 | |
| 8080-8081 | |
| 8100 | |
| 8888 | |
| 8910 | |
| 9100 | |
| 10000 | |
| 12345-12346 | |
| 20034 | |
| 21554 | |
| 32000 | |
| 32768-32790 |
To view the list of remote scan QIDs, follow these steps:
- Navigate to the VM/VMDR module > KnowledgeBase and click Search.
- On the Search window, select the following options:
- Discovery Method as Remote Only
- Supported Modules as VM
- Discovery Method as Remote Only
- Click Search.
The list of QIDs is displayed on the KnowledgeBase tab.
Related Topics
Learn more about Option Profiles