Every CVE whose affected-product data names Rarlab Winrar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2004-0234 — CVSS 10.0 (critical): Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam…
CVE-2004-1254 — CVSS 10.0 (critical): WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long…
CVE-2008-7144 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2)…
CVE-2006-3845 — CVSS 9.3 (critical): Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long…
CVE-2018-20252 — CVSS 7.8 (high): In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive…
CVE-2018-20253 — CVSS 7.8 (high): In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive…
CVE-2005-3262 — CVSS 7.5 (high): Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string…
CVE-2005-3263 — CVSS 7.5 (high): Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via an ACE…
CVE-2024-36052 — CVSS 7.5 (high): RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than…
CVE-2015-5663 — CVSS 7.4 (high): The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name…
CVE-2024-33899 — CVSS 7.1 (high): RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI…
CVE-2022-43650 — CVSS 7.1 (high): This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User…
CVE-2025-31334 — CVSS 6.8 (medium): Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable…
CVE-2004-0235 — CVSS 6.4 (medium): Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive…
CVE-2019-25677 — CVSS 6.2 (medium): WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed…
CVE-2025-52331 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user…
CVE-2018-20251 — CVSS 5.5 (medium): In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format…
CVE-2005-4474 — CVSS 5.1 (medium): Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and…
CVE-2005-4620 — CVSS 4.6 (medium): Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. NOTE: because…
CVE-2024-30370 — CVSS 4.3 (medium): RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection…
CVE-2005-0331 — CVSS 2.6 (low): Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers…
CVE-2004-1495 — CVSS 2.6 (low): The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt ZIP…
CVE-2006-3912 — CVSS 2.1 (low): Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact.