VYPR

Nullsoft Scriptable Install System

by Nullsoft

CVEs (4)

  • CVE-2026-42171HigApr 24, 2026
    risk 0.44cvss 7.8epss 0.00

    NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).

  • CVE-2015-9267MedOct 1, 2018
    risk 0.36cvss 5.5epss 0.00

    Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.

  • CVE-2023-37378Jul 3, 2023
    risk 0.00cvss epss 0.01

    Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.

  • CVE-2015-0941Mar 22, 2015
    risk 0.00cvss epss 0.01

    The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary…