NSSM 2.24 is old but stable. The latest version as of this writing (2.24-101-g897c7ad, a post-2.24 build) includes minor fixes but no security patches for any disclosed exploit. Why? Because there is no inherent vulnerability.
When security researchers discuss an "exploit" regarding a service manager like NSSM, they are rarely discussing a remote code execution (RCE) vulnerability in the traditional sense. NSSM is a local tool. Therefore, the term usually refers to Local Privilege Escalation (LPE) vectors or Persistence Mechanisms utilized during post-exploitation. nssm-2.24 exploit