Every CVE whose affected-product data names Mobatek Mobaxterm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2017-15376 — CVSS 9.8 (critical): The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands…
CVE-2019-7690 — CVSS 9.8 (critical): In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the…
CVE-2022-38337 — CVSS 9.1 (critical): When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid…
CVE-2019-13475 — CVSS 8.8 (high): In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary…
CVE-2019-16305 — CVSS 8.8 (high): In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the…
CVE-2022-38336 — CVSS 8.1 (high): An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without…
CVE-2026-25866 — CVSS 7.8 (high): MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute…
CVE-2021-28847 — CVSS 7.5 (high): MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent…
CVE-2015-7244 — CVSS 7.5 (high): The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require…
CVE-2017-6805 — CVSS 5.3 (medium): Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via…