VYPR

NSIS

by Nsis

Source repositories

CVEs (3)

  • CVE-2015-9268HigOct 1, 2018
    risk 0.51cvss 7.8epss 0.02

    Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.

  • CVE-2026-42171HigApr 24, 2026
    risk 0.44cvss 7.8epss 0.00

    NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).

  • CVE-2023-37378Jul 3, 2023
    risk 0.00cvss epss 0.01

    Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.