RARLAB

WinRAR

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-52331

  • EPSS 0.03%
  • Veröffentlicht 12.11.2025 00:00:00
  • Zuletzt bearbeitet 14.11.2025 16:42:30

Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command ...

8.8

CVE-2025-8088

Warnung Medienbericht
  • EPSS 3.4%
  • Veröffentlicht 08.08.2025 11:11:41
  • Zuletzt bearbeitet 30.10.2025 15:50:59

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Koši...

8.4

CVE-2014-125119

  • EPSS 20%
  • Veröffentlicht 25.07.2025 16:15:26
  • Zuletzt bearbeitet 29.07.2025 14:14:55

A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The issue arises due to inconsistencies between the Central Directory and Local File Header entries in ZIP files. When viewed in WinRAR, the file name fro...

7.8

CVE-2025-6218

Trending CVE
Warnung Medienbericht Exploit
  • EPSS 8.03%
  • Veröffentlicht 21.06.2025 00:09:02
  • Zuletzt bearbeitet 10.12.2025 13:48:42

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that...

6.8

CVE-2025-31334

Medienbericht
  • EPSS 0.2%
  • Veröffentlicht 03.04.2025 06:15:42
  • Zuletzt bearbeitet 01.07.2025 15:10:55

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the...

7.5

CVE-2024-36052

  • EPSS 0.12%
  • Veröffentlicht 21.05.2024 17:15:09
  • Zuletzt bearbeitet 21.11.2024 09:21:31

RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.

7.8

CVE-2023-40477

  • EPSS 92.8%
  • Veröffentlicht 03.05.2024 03:15:20
  • Zuletzt bearbeitet 04.11.2025 20:16:43

RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exp...

7.1

CVE-2024-33899

  • EPSS 1.03%
  • Veröffentlicht 29.04.2024 00:15:07
  • Zuletzt bearbeitet 21.11.2024 09:17:41

RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.

4.3

CVE-2024-30370

  • EPSS 0.49%
  • Veröffentlicht 02.04.2024 21:15:50
  • Zuletzt bearbeitet 20.06.2025 18:15:03

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability i...

7.8

CVE-2023-38831

Warnung Medienbericht Exploit
  • EPSS 93.61%
  • Veröffentlicht 23.08.2023 17:15:43
  • Zuletzt bearbeitet 31.10.2025 14:39:33

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder t...