Winrar
Monthly
Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WinRAR for Windows contains a path traversal vulnerability allowing crafted archives to execute arbitrary code, discovered by ESET and exploited in the wild for targeted attacks.
WinRAR contains a directory traversal vulnerability (CVE-2025-6218, CVSS 7.8) enabling remote code execution when users extract crafted archives. KEV-listed with EPSS 4.7% and public PoC, this vulnerability allows archive files to write outside the extraction directory, placing malicious files in startup folders or other sensitive locations. Given WinRAR's 500+ million user base, this is a high-impact social engineering vector.
Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WinRAR for Windows contains a path traversal vulnerability allowing crafted archives to execute arbitrary code, discovered by ESET and exploited in the wild for targeted attacks.
WinRAR contains a directory traversal vulnerability (CVE-2025-6218, CVSS 7.8) enabling remote code execution when users extract crafted archives. KEV-listed with EPSS 4.7% and public PoC, this vulnerability allows archive files to write outside the extraction directory, placing malicious files in startup folders or other sensitive locations. Given WinRAR's 500+ million user base, this is a high-impact social engineering vector.
Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.