rarlab

Top products

The 15 most recently published vulnerabilities affecting rarlab.

• CVE-2019-25677WinRAR 5.61 Denial of Service via Malformed Language File6.2Apr 5, 2026
• CVE-2025-14111Rarlab RAR App com.rarlab.rar path traversal5.0Dec 5, 2025
• CVE-2025-52331Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report di...6.1Nov 12, 2025
• CVE-2025-8088Path traversal vulnerability in WinRARKEV8.8Aug 8, 2025
• CVE-2025-6218RARLAB WinRAR Directory Traversal Remote Code Execution VulnerabilityKEV7.8Jun 21, 2025
• CVE-2025-31334Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic l...6.8Apr 3, 2025
• CVE-2024-36052RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.7.5May 21, 2024
• CVE-2023-40477RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability7.8May 3, 2024
• CVE-2024-33899RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.7.1Apr 28, 2024
• CVE-2024-30370RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability4.3Apr 2, 2024
• CVE-2023-38831RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign fil...KEV7.8Aug 23, 2023
• CVE-2022-48579UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.7.5Aug 7, 2023
• CVE-2022-43650This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required to exploit this vulnerability in that ...7.1Mar 29, 2023
• CVE-2022-30333RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: Wi...KEV7.5May 9, 2022
• CVE-2017-20006UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).7.8Jul 1, 2021