threat
engine
.sh
Back
·
··:··
Home
/
Product
/
rarlab winrar
Product
rarlab winrar
28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2019-25677
<= 5.61
WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed
6.2
MEDIUM
CVE-2025-52331
all versions
Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose
6.1
MEDIUM
CVE-2025-8088
< 7.13
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting
8.8
HIGH
CVE-2025-6218
< 7.12
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbit
7.8
HIGH
CVE-2025-31334
< 7.11
Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an execu
6.8
MEDIUM
CVE-2024-36052
< 7.00
RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue th
7.5
HIGH
CVE-2023-40477
< 6.23
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows re
7.8
HIGH
CVE-2024-33899
< 7.00
RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service,
7.1
HIGH
CVE-2024-30370
all versions
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web prote
4.3
MEDIUM
CVE-2023-38831
< 6.23
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archi
7.8
HIGH
CVE-2022-43650
all versions
This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0.
7.1
HIGH
CVE-2018-20253
<= 5.60
In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZ
7.8
HIGH
CVE-2018-20252
<= 5.60
In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RA
7.8
HIGH
CVE-2018-20251
<= 5.61
In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE
5.5
MEDIUM
CVE-2018-20250
<= 5.61
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE
7.8
HIGH
CVE-2015-5663
<= 5.30
The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a
7.4
HIGH
CVE-2008-7144
<= 3.70
Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) AC
CVE-2006-3912
all versions
Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact.
CVE-2006-3845
all versions
Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a
CVE-2005-4620
all versions
Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. NOTE: b
CVE-2005-4474
all versions
Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash)
CVE-2005-3263
all versions
Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code v
CVE-2005-3262
all versions
Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string
CVE-2005-0331
all versions
Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote at
CVE-2004-1254
all versions
WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file wit
CVE-2004-1495
all versions
The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt Z
CVE-2004-0235
all versions
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LH
CVE-2004-0234
all versions
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda S
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin