Nullsoft Nullsoft Scriptable Install System — known CVE vulnerabilities
Every CVE whose affected-product data names Nullsoft Nullsoft Scriptable Install System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2015-9268 — CVSS 7.8 (high): Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no…
CVE-2026-42171 — CVSS 7.8 (high): NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing…
CVE-2015-9267 — CVSS 5.5 (medium): Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite…
CVE-2023-37378 — CVSS 5.3 (medium): Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.