CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/17 5:45 a.m.•1 views

CVE-2026-6421 Mobatek MobaXterm Home Edition msimg32.dll uncontrolled search path

7.3CVSS6.1AI score0.00006EPSS

Cvelist•added 2026/04/17 5:45 a.m.•28 views

CVE-2026-6421 Mobatek MobaXterm Home Edition msimg32.dll uncontrolled search path

7.3CVSS0.00006EPSS

CVE•added 2026/04/17 5:45 a.m.•9 views

CVE-2026-6421

CVE-2026-6421 affects Mobatek MobaXterm Home Edition up to 26.1. The issue lies in an unspecified part of msimg32.dll, enabling an uncontrolled search path when a low-privilege local attack occurs. Exploitation is described as local with high complexity; CVSS 3.1/7.0 (HIGH) and CVSS 4.0/7.3 (HIGH...

7.3CVSS6.2AI score0.00006EPSS

ATTACKERKB•added 2026/04/17 5:45 a.m.•0 views

CVE-2026-6421

7.3CVSS5AI score0.00006EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2026/04/17 12:0 a.m.•1 views

PT-2026-33412

7.3CVSS6.1AI score0.00006EPSS

Exploits0References7

CNNVD•added 2026/04/17 12:0 a.m.•5 views

Mobatek MobaXterm 安全漏洞

Mobatek MobaXterm is a terminal software developed by the French company Mobatek. It integrates an enhanced terminal, X servers, and Unix command sets GNU/Cygwin. The Mobatek MobaXterm Home Edition 26.1 and earlier versions have security vulnerabilities. These vulnerabilities stem from an unknown...

7.3CVSS7.1AI score0.00006EPSS

RedhatCVE•added 2026/03/11 7:8 a.m.•1 views

CVE-2026-25866

MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable...

EUVD•added 2026/03/09 6:31 p.m.•1 views

EUVD-2026-10342

NVD•added 2026/03/09 4:16 p.m.•4 views

Exploits0References3

CVE-2026-25866

8.5CVSS0.00019EPSS

Exploits0References2

Cvelist•added 2026/03/09 3:24 p.m.•24 views

CVE-2026-25866 MobaXterm < 26.1 Notepad++ Unquoted Service Path

8.5CVSS0.00019EPSS

Exploits0References2

ATTACKERKB•added 2026/03/09 3:24 p.m.•1 views

CVE-2026-25866

Vulnrichment•added 2026/03/09 3:24 p.m.•1 views

Exploits0References3

CVE-2026-25866 MobaXterm < 26.1 Notepad++ Unquoted Service Path

CNNVD•added 2026/03/09 12:0 a.m.•2 views

Exploits0References2

Mobatek MobaXterm 代码问题漏洞

Mobatek MobaXterm is a terminal software package developed by the French company Mobatek. It integrates an enhanced terminal, an X server, and a Unix command set GNU/Cygwin. Versions of Mobatek MobaXterm prior to version 26.1 contained code vulnerabilities. These vulnerabilities stemmed from...

8.5CVSS6.1AI score0.00019EPSS

Exploits0References3

Positive Technologies•added 2026/03/09 12:0 a.m.•0 views

PT-2026-24077

Name of the Vulnerable Software and Affected Versions MobaXterm versions prior to 26.1 Description The software contains an uncontrolled search path element issue. The application uses WinExec to launch Notepad++ without specifying the complete path to the executable when opening files from remot...

RedhatCVE•added 2026/01/09 11:25 a.m.•3 views

Exploits0References7

CVE-2021-28847

MobaXterm before 21.0 allows remote servers to cause a denial of service Windows GUI hang via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls...

7.5CVSS6.8AI score0.00467EPSS

RedhatCVE•added 2026/01/09 10:57 a.m.•1 views

CVE-2022-38336

An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication...

8.1CVSS7AI score0.004EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:56 a.m.•1 views

CVE-2022-38337

When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...

9.1CVSS6.9AI score0.00451EPSS