Nsis
Products
2- 3 CVEs
- 1 CVE
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-43715 | Hig | 0.53 | 8.1 | 0.00 | Apr 17, 2025 | Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by… | ||
| CVE-2015-9268 | Hig | 0.51 | 7.8 | 0.02 | Oct 1, 2018 | Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime. | ||
| CVE-2026-42171 | Hig | 0.44 | 7.8 | 0.00 | Apr 24, 2026 | NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references). | ||
| CVE-2023-37378 | 0.00 | — | 0.01 | Jul 3, 2023 | Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. |
- risk 0.53cvss 8.1epss 0.00
Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by…
- risk 0.51cvss 7.8epss 0.02
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.
- risk 0.44cvss 7.8epss 0.00
NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).
- CVE-2023-37378Jul 3, 2023risk 0.00cvss —epss 0.01
Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.