Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    8 vulnerabilities found for nullsoft_scriptable_install_system by nullsoft

    CVE-2026-42171 (GCVE-0-2026-42171)

    Vulnerability from nvd – Published: 2026-04-24 21:20 – Updated: 2026-04-25 19:33
    VLAI
    Summary
    NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Nullsoft Nullsoft Scriptable Install System Affected: 3.06.1 , < 3.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42171",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-25T01:56:27.818440Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-25T01:56:37.358Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nullsoft Scriptable Install System",
              "vendor": "Nullsoft",
              "versions": [
                {
                  "lessThan": "3.12",
                  "status": "affected",
                  "version": "3.06.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.12",
                      "versionStartIncluding": "3.06.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-25T19:33:05.317Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://nsis.sourceforge.io/Docs/AppendixF.html#v3.12-cl"
            },
            {
              "url": "https://github.com/NSIS-Dev/nsis/commit/8e6f02205d5f22da6c7855dbfe59b2af667330ca"
            },
            {
              "url": "https://github.com/NSIS-Dev/nsis/blob/7359413009afd4f0fff472d841fc2f2cc0e0a5f8/Source/exehead/util.c#L475-L484"
            },
            {
              "url": "https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-gettempfilename"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-42171",
        "datePublished": "2026-04-24T21:20:35.525Z",
        "dateReserved": "2026-04-24T21:20:35.145Z",
        "dateUpdated": "2026-04-25T19:33:05.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-37378 (GCVE-0-2023-37378)

    Vulnerability from nvd – Published: 2023-07-03 00:00 – Updated: 2024-09-05 14:51
    VLAI

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-05T00:09:22.793Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://sf.net/p/nsis/bugs/1296"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://nsis.sourceforge.io/Docs/AppendixF.html#v3.09"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/nsis/news/2023/07/nsis-309-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0"
              },
              {
                "name": "[debian-lts-announce] 20230707 [SECURITY] [DLA 3483-1] nsis security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00005.html"
              },
              {
                "name": "FEDORA-2023-dfb6cc599f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/"
              },
              {
                "name": "FEDORA-2023-b9ec99605f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00013.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37378",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T14:50:49.808091Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T14:51:02.310Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-13T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://sf.net/p/nsis/bugs/1296"
            },
            {
              "url": "https://nsis.sourceforge.io/Docs/AppendixF.html#v3.09"
            },
            {
              "url": "https://sourceforge.net/p/nsis/news/2023/07/nsis-309-released/"
            },
            {
              "url": "https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967"
            },
            {
              "url": "https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467"
            },
            {
              "url": "https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0"
            },
            {
              "name": "[debian-lts-announce] 20230707 [SECURITY] [DLA 3483-1] nsis security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00005.html"
            },
            {
              "name": "FEDORA-2023-dfb6cc599f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/"
            },
            {
              "name": "FEDORA-2023-b9ec99605f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-37378",
        "datePublished": "2023-07-03T00:00:00.000Z",
        "dateReserved": "2023-07-03T00:00:00.000Z",
        "dateUpdated": "2024-09-05T14:51:02.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-9268 (GCVE-0-2015-9268)

    Vulnerability from nvd – Published: 2018-10-01 08:00 – Updated: 2024-08-06 08:43
    VLAI
    Summary
    Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://sourceforge.net/p/nsis/bugs/1125/ x_refsource_MISC
    http://jvn.jp/en/jp/JVN68418039/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2018-10-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:43:42.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/nsis/bugs/1125/"
              },
              {
                "name": "JVN#68418039",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN68418039/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-10-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-05T06:06:35.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sourceforge.net/p/nsis/bugs/1125/"
            },
            {
              "name": "JVN#68418039",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN68418039/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-9268",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html"
                },
                {
                  "name": "https://sourceforge.net/p/nsis/bugs/1125/",
                  "refsource": "MISC",
                  "url": "https://sourceforge.net/p/nsis/bugs/1125/"
                },
                {
                  "name": "JVN#68418039",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN68418039/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-9268",
        "datePublished": "2018-10-01T08:00:00.000Z",
        "dateReserved": "2018-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:43:42.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-9267 (GCVE-0-2015-9267)

    Vulnerability from nvd – Published: 2018-10-01 08:00 – Updated: 2024-08-06 08:43
    VLAI
    Summary
    Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://sourceforge.net/p/nsis/bugs/1125/ x_refsource_MISC
    http://jvn.jp/en/jp/JVN68418039/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2018-10-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:43:42.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/nsis/bugs/1125/"
              },
              {
                "name": "JVN#68418039",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN68418039/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-10-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-05T06:06:34.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sourceforge.net/p/nsis/bugs/1125/"
            },
            {
              "name": "JVN#68418039",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN68418039/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-9267",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html"
                },
                {
                  "name": "https://sourceforge.net/p/nsis/bugs/1125/",
                  "refsource": "MISC",
                  "url": "https://sourceforge.net/p/nsis/bugs/1125/"
                },
                {
                  "name": "JVN#68418039",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN68418039/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-9267",
        "datePublished": "2018-10-01T08:00:00.000Z",
        "dateReserved": "2018-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:43:42.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-42171 (GCVE-0-2026-42171)

    Vulnerability from cvelistv5 – Published: 2026-04-24 21:20 – Updated: 2026-04-25 19:33
    VLAI
    Summary
    NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references).
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Nullsoft Nullsoft Scriptable Install System Affected: 3.06.1 , < 3.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42171",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-25T01:56:27.818440Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-25T01:56:37.358Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Nullsoft Scriptable Install System",
              "vendor": "Nullsoft",
              "versions": [
                {
                  "lessThan": "3.12",
                  "status": "affected",
                  "version": "3.06.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.12",
                      "versionStartIncluding": "3.06.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTempFileName to return 0, as shown in the references)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-25T19:33:05.317Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://nsis.sourceforge.io/Docs/AppendixF.html#v3.12-cl"
            },
            {
              "url": "https://github.com/NSIS-Dev/nsis/commit/8e6f02205d5f22da6c7855dbfe59b2af667330ca"
            },
            {
              "url": "https://github.com/NSIS-Dev/nsis/blob/7359413009afd4f0fff472d841fc2f2cc0e0a5f8/Source/exehead/util.c#L475-L484"
            },
            {
              "url": "https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-gettempfilename"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-42171",
        "datePublished": "2026-04-24T21:20:35.525Z",
        "dateReserved": "2026-04-24T21:20:35.145Z",
        "dateUpdated": "2026-04-25T19:33:05.317Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-37378 (GCVE-0-2023-37378)

    Vulnerability from cvelistv5 – Published: 2023-07-03 00:00 – Updated: 2024-09-05 14:51
    VLAI

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-05T00:09:22.793Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://sf.net/p/nsis/bugs/1296"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://nsis.sourceforge.io/Docs/AppendixF.html#v3.09"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/nsis/news/2023/07/nsis-309-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0"
              },
              {
                "name": "[debian-lts-announce] 20230707 [SECURITY] [DLA 3483-1] nsis security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00005.html"
              },
              {
                "name": "FEDORA-2023-dfb6cc599f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/"
              },
              {
                "name": "FEDORA-2023-b9ec99605f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00013.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37378",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T14:50:49.808091Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T14:51:02.310Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-13T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "http://sf.net/p/nsis/bugs/1296"
            },
            {
              "url": "https://nsis.sourceforge.io/Docs/AppendixF.html#v3.09"
            },
            {
              "url": "https://sourceforge.net/p/nsis/news/2023/07/nsis-309-released/"
            },
            {
              "url": "https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967"
            },
            {
              "url": "https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467"
            },
            {
              "url": "https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0"
            },
            {
              "name": "[debian-lts-announce] 20230707 [SECURITY] [DLA 3483-1] nsis security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00005.html"
            },
            {
              "name": "FEDORA-2023-dfb6cc599f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/"
            },
            {
              "name": "FEDORA-2023-b9ec99605f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-37378",
        "datePublished": "2023-07-03T00:00:00.000Z",
        "dateReserved": "2023-07-03T00:00:00.000Z",
        "dateUpdated": "2024-09-05T14:51:02.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-9268 (GCVE-0-2015-9268)

    Vulnerability from cvelistv5 – Published: 2018-10-01 08:00 – Updated: 2024-08-06 08:43
    VLAI
    Summary
    Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://sourceforge.net/p/nsis/bugs/1125/ x_refsource_MISC
    http://jvn.jp/en/jp/JVN68418039/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2018-10-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:43:42.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/nsis/bugs/1125/"
              },
              {
                "name": "JVN#68418039",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN68418039/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-10-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-05T06:06:35.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sourceforge.net/p/nsis/bugs/1125/"
            },
            {
              "name": "JVN#68418039",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN68418039/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-9268",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html"
                },
                {
                  "name": "https://sourceforge.net/p/nsis/bugs/1125/",
                  "refsource": "MISC",
                  "url": "https://sourceforge.net/p/nsis/bugs/1125/"
                },
                {
                  "name": "JVN#68418039",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN68418039/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-9268",
        "datePublished": "2018-10-01T08:00:00.000Z",
        "dateReserved": "2018-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:43:42.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-9267 (GCVE-0-2015-9267)

    Vulnerability from cvelistv5 – Published: 2018-10-01 08:00 – Updated: 2024-08-06 08:43
    VLAI
    Summary
    Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://lists.debian.org/debian-lts-announce/2018… mailing-listx_refsource_MLIST
    https://sourceforge.net/p/nsis/bugs/1125/ x_refsource_MISC
    http://jvn.jp/en/jp/JVN68418039/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2018-10-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:43:42.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sourceforge.net/p/nsis/bugs/1125/"
              },
              {
                "name": "JVN#68418039",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN68418039/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-10-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-05T06:06:34.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sourceforge.net/p/nsis/bugs/1125/"
            },
            {
              "name": "JVN#68418039",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN68418039/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-9267",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1602-1] nsis security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00041.html"
                },
                {
                  "name": "https://sourceforge.net/p/nsis/bugs/1125/",
                  "refsource": "MISC",
                  "url": "https://sourceforge.net/p/nsis/bugs/1125/"
                },
                {
                  "name": "JVN#68418039",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN68418039/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-9267",
        "datePublished": "2018-10-01T08:00:00.000Z",
        "dateReserved": "2018-10-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:43:42.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }