Known Vulnerabilities for products from Zsh Project
Listed below are 3 of the newest known vulnerabilities associated with the vendor "Zsh Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34060 | Not Provided | 2026-03-31 | 2026-03-31 | |
| CVE-2026-34042 | Not Provided | 2026-03-31 | 2026-03-31 | |
| CVE-2026-34041 | Not Provided | 2026-03-31 | 2026-03-31 | |
| CVE-2026-33949 | Not Provided | 2026-04-01 | 2026-04-01 | |
| CVE-2026-33742 | Not Provided | 2026-03-26 | 2026-03-27 | |
| CVE-2026-33700 | Not Provided | 2026-03-24 | 2026-03-24 | |
| CVE-2026-33680 | Not Provided | 2026-03-24 | 2026-03-26 | |
| CVE-2026-33678 | Not Provided | 2026-03-24 | 2026-03-24 | |
| CVE-2026-33663 | Not Provided | 2026-03-25 | 2026-03-25 | |
| CVE-2026-33628 | Not Provided | 2026-03-26 | 2026-03-27 | |
| CVE-2017-18205 | In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of ... | 8.1 - HIGH | 2018-02-27 | 2018-10-31 |
| CVE-2014-10072 | In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links. | 9.8 - CRITICAL | 2018-02-27 | 2018-10-31 |
| CVE-2014-10070 | zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treat... | 7.8 - HIGH | 2018-02-27 | 2018-03-21 |