Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mobatek vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-16305
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted,...
Mobatek Mobaxterm 11.1
Mobatek Mobaxterm 12.1
8.1
CVSSv3
CVE-2022-38336
An access control issue in MobaXterm before v22.1 allows malicious users to make connections to the server via the SSH or SFTP protocols without authentication.
Mobatek Mobaxterm
7.5
CVSSv2
CVE-2015-7244
The default configuration of the server in MobaXterm prior to 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote malicious users to execute arbitrary commands or obtain sensitive information via X11 ...
Mobatek Mobaxterm
9.1
CVSSv3
CVE-2022-38337
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used.
Mobatek Mobaxterm
7.5
CVSSv3
CVE-2021-28847
MobaXterm prior to 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls.
Mobatek Mobaxterm
9.8
CVSSv3
CVE-2017-15376
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote malicious users to execute arbitrary commands via TCP port 23.
Mobatek Mobaxterm 10.4
9.8
CVSSv3
CVE-2019-7690
In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH private key and its password can be retrieved from process memory for the lifetime of the process, even after the user disconnects from the remote SSH server. This affects Passwordless Authentication that has a Passw...
Mobatek Mobaxterm 11.1
1 Github repository
5.3
CVSSv3
CVE-2017-6805
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote malicious users to read arbitrary files via a .. (dot dot) in a GET command.
Mobatek Mobaxterm 9.4
1 EDB exploit
8.8
CVSSv3
CVE-2019-13475
In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote malicious users to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply injec...
Mobatek Mobaxterm 11.1
6.5
CVSSv3
CVE-2025-0714
The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector (IV) consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, th...
Mobatek Mobaxterm
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
path traversal
CVE-2025-2657
CVE-2025-30066
CVE-2025-24813
apache commons vfs
CVE-2025-2478
validation
CVE-2025-2674
code injection
medical card generation system
microsoft edge (chromium-based)
CVE-2025-2688
cicadascms
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
Vulmon