Lucene search
K

665 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.11 views

RARLAB WinRAR < 7.23 Heap-Based Buffer Overflow (CVE-2026-14191)

The version of RARLAB WinRAR installed on the remote Windows host is prior to 7.23. It is, therefore, affected by a heap-based buffer overflow vulnerability: - An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser. The RecItems vector is sized only when the first .rev file in...

7.8CVSS7.5AI score0.00306EPSS
Exploits1References2
NVD
NVD
added 2026/07/01 4:16 a.m.10 views

CVE-2026-14191

An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...

7.8CVSS0.00306EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/07/01 2:41 a.m.8 views

CVE-2026-14191 WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader

An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...

7.8CVSS7.1AI score0.00306EPSS
Exploits1References3
CVE
CVE
added 2026/07/01 2:41 a.m.150 views

CVE-2026-14191

CVE-2026-14191 describes an out-of-bounds heap write in WinRAR/UnRAR’s RAR5 recovery-volume (.rev) parser (RecVolumes5::ReadHeader). The RecItems vector is sized based on the first .rev file; subsequent .rev files supply an independent RecNum that is validated against that file’s TotalCount but n...

7.8CVSS5.8AI score0.00306EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2026/06/29 11:40 a.m.9 views

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

A Russian advanced persistent threat APT group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new...

8.8CVSS7.3AI score0.80906EPSS
Exploits35
The Hacker News
The Hacker News
added 2026/06/09 12:26 p.m.22 views

WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine

Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu aka Gamaredon and SHADOW-EARTH-066 aka...

8.8CVSS5.6AI score0.80906EPSS
Exploits35
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/06/08 12:0 a.m.10 views

Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open

Two separate Russia-aligned campaigns are still exploiting the WinRAR flaw CVE-2025-8088 against Ukrainian organizations nearly a year after it was patched, showing how unmanaged software keeps an exploited entry point open long after the fix ships...

8.8CVSS7.3AI score0.80906EPSS
Exploits35
The Hacker News
The Hacker News
added 2026/06/02 6:21 p.m.25 views

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR,...

8.8CVSS6.5AI score0.80906EPSS
Exploits35
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in unrar-nonfree

RARLAB WinRAR Recovery Volume: Improper validation of array index leads to remote code execution vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability, as the targe...

7.8CVSS8.5AI score0.1308EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/05 9:30 p.m.6 views

EUVD-2019-20089

WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violatio...

6.9CVSS5.9AI score0.00427EPSS
Exploits1References4
NVD
NVD
added 2026/04/05 9:16 p.m.10 views

CVE-2019-25677

WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violatio...

6.9CVSS0.00427EPSS
Exploits1References3
CVE
CVE
added 2026/04/05 8:45 p.m.25 views

CVE-2019-25677

WinRAR 5.61 is affected by a local-denial-of-service vulnerability caused by a malformed winrar.lng language file in the installation directory. When a user opens an archive and clicks the Test button, the program may crash due to an access violation at memory address 004F1DB8 while reading inval...

6.9CVSS5.9AI score0.00427EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/05 8:45 p.m.8 views

CVE-2019-25677

WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violatio...

6.9CVSS5.9AI score0.00427EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/05 8:45 p.m.25 views

CVE-2019-25677 WinRAR 5.61 Denial of Service via Malformed Language File

WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violatio...

6.9CVSS0.00427EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/05 8:45 p.m.2 views

CVE-2019-25677 WinRAR 5.61 Denial of Service via Malformed Language File

WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violatio...

6.9CVSS5.9AI score0.00427EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.8 views

WinRAR 安全漏洞

WinRAR is a file compressor developed by the WinRAR company. This product supports compression and decompression of files in formats such as RAR and ZIP. Version 5.61 of WinRAR contained a security vulnerability, which was caused by a denial-of-service attack. This vulnerability could allow local...

6.9CVSS5.8AI score0.00427EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.9 views

PT-2026-30485

WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malformed winrar.lng language file in the installation directory. Attackers can trigger the crash by opening an archive and pressing the test button, causing an access violatio...

6.9CVSS5.9AI score0.00427EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/03/25 1:4 p.m.128 views

Exploit for Path Traversal in Rarlab Winrar

POC f...

8.8CVSS7.1AI score0.80906EPSS
Exploits35
HackRead
HackRead
added 2026/03/16 11:2 a.m.8 views

New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection

New XWorm 7.1 and Remcos RAT campaigns abuse trusted Windows tools to evade detection. The attacks exploit a WinRAR flaw and use process hollowing to spy on victims...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/07 10:41 p.m.224 views

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 CVE-2025-8088 — Educational proof-of-concept for...

8.8CVSS6AI score0.80906EPSS
Exploits35
Rows per page
Query Builder