Lucene search
K

4 matches found

CVE
CVE
added 2025/07/01 1:33 a.m.105 views

CVE-2025-53095

CVE-2025-53095 applies to Sunshine, a self-hosted game stream host for Moonlight. Before version 2025.628.4510, the web UI lacked CSRF protection, allowing an authenticated user to trigger unintended actions by crafting a malicious page. Because Sunshine performs OS command execution by design, a...

9.6CVSS7.6AI score0.00207EPSS
CVE
CVE
added 2025/01/20 3:26 p.m.56 views

CVE-2024-51738

Sunshine (Moonlight self-hosted game stream host) prior to 2025.118.151840 is affected. In 0.23.1 and earlier, the pairing protocol does not validate request order, enabling a MITM attack that can hijack a legitimate pairing and may also be used to crash Sunshine. The vulnerability is fixed in 20...

8.1CVSS6.7AI score0.00562EPSS
CVE
CVE
added 2026/05/22 5:7 p.m.32 views

CVE-2026-32253

CVE-2026-32253 (Sunshine) : Sunshine, a self-hosted game stream host for Moonlight, had a vulnerability in client-certificate authentication where the OpenSSL verification results were mishandled in src/crypto.cpp. The custom verify callback treated X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, X...

9.8CVSS5.7AI score0.00291EPSS
CVE
CVE
added 2025/07/01 1:33 a.m.26 views

CVE-2025-53096

Summary: CVE-2025-53096 affects Sunshine, a self-hosted game stream host for Moonlight. The issue is a lack of Clickjacking protection in Sunshine’s web UI prior to version 2025.628.4510, allowing an attacker to embed the UI in a malicious page via an invisible or disguised iframe. If a user, whi...

6.1CVSS7AI score0.00211EPSS