Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/07/03 2:22 a.m.10 views

CVE-2025-53096

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. ...

6.1CVSS7.1AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2025/07/01 2:15 a.m.11 views

CVE-2025-53095

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery CSRF attacks. This vulnerability allows an attacker to craft a malicious web page that, when visited by an authenticated user, can...

9.6CVSS0.00207EPSS
Exploits0References2
CVE
CVE
added 2025/07/01 1:33 a.m.26 views

CVE-2025-53096

Summary: CVE-2025-53096 affects Sunshine, a self-hosted game stream host for Moonlight. The issue is a lack of Clickjacking protection in Sunshine’s web UI prior to version 2025.628.4510, allowing an attacker to embed the UI in a malicious page via an invisible or disguised iframe. If a user, whi...

6.1CVSS7AI score0.00211EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/07/01 1:33 a.m.9 views

CVE-2025-53096 Sunshine clickjacking in the UI leads to unauthorized actions being performed

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. ...

5.4CVSS0.00211EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:9 a.m.6 views

CVE-2024-31221

Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the...

5.9CVSS7AI score0.00509EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/20 3:26 p.m.16 views

CVE-2024-51738 Sunshine improperly enforces pairing protocol request order

Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairi...

7.7CVSS0.00562EPSS
Exploits0References2
Rows per page
Query Builder