Every CVE whose affected-product data names Zsh Project Zsh, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2014-10072 — CVSS 9.8 (critical): In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.
CVE-2017-18205 — CVSS 8.1 (high): In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command…
CVE-2014-10070 — CVSS 7.8 (high): zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as…