EUVD-2024-29122

Malicious code in bioql PyPI...

EUVD-2025-19598

Malicious code in bioql PyPI...

EUVD-2024-45801

Malicious code in bioql PyPI...

CVE-2025-53096

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. ...

CVE-2025-53095

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery CSRF attacks. This vulnerability allows an attacker to craft a malicious web page that, when visited by an authenticated user, can...

CVE-2025-53096 Sunshine clickjacking in the UI leads to unauthorized actions being performed

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. ...

CVE-2025-53096

Summary: CVE-2025-53096 affects Sunshine, a self-hosted game stream host for Moonlight. The issue is a lack of Clickjacking protection in Sunshine’s web UI prior to version 2025.628.4510, allowing an attacker to embed the UI in a malicious page via an invisible or disguised iframe. If a user, whi...

CVE-2024-31221

Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the...

CVE-2024-51738

Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairi...

CVE-2024-51738 Sunshine improperly enforces pairing protocol request order

Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairi...

CVE-2024-45407

Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, b...

CVE-2024-45407 Sunshine has incorrect state management during pairing process may lead to incorrectly authorized client

Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to the incorrect PIN, b...

CVE-2024-45407

Sunshine is a self-hosted game stream host for Moonlight. The CVE describes a failure in pairing state management where a MITM during pairing causes the attacker’s certificate to be incorrectly persisted before the pairing completes, potentially enabling access to the attacker’s certificate and a...

CVE-2024-31226 Sunshine's unquoted executable path could lead to hijacked execution flow

Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named C:\Program.exe, C:\Program.bat, or C:\Program.cmd on the user's computer. This...

CVE-2024-31221

Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the...

CVE-2024-31221

CVE-2024-31221 affects Sunshine, a self-hosted game stream host for Moonlight. Reports across multiple sources indicate that versions 0.10.0 through 0.22.x are vulnerable: after unpairing all devices via the web UI and then pairing a single device, previously paired devices may be temporarily re-...

CVE-2024-31220 Sunshine vulnerable to remote unauthenticated arbitrary file read

Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface...

PT-2023-28586 · Unknown · Moonlight-Common-C

Name of the Vulnerable Software and Affected Versions: Moonlight-common-c versions prior to the version containing commit 02b7742f4d19631024bd766bd2bb76715780004e Description: The issue is related to a buffer overflow vulnerability in Moonlight-common-c, which contains the core GameStream client...

CVE-2018-6261

NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access...

CVE-2018-6262

NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure...