4 matches found
CVE-2025-53095
CVE-2025-53095 applies to Sunshine, a self-hosted game stream host for Moonlight. Before version 2025.628.4510, the web UI lacked CSRF protection, allowing an authenticated user to trigger unintended actions by crafting a malicious page. Because Sunshine performs OS command execution by design, a...
CVE-2024-51738
Sunshine (Moonlight self-hosted game stream host) prior to 2025.118.151840 is affected. In 0.23.1 and earlier, the pairing protocol does not validate request order, enabling a MITM attack that can hijack a legitimate pairing and may also be used to crash Sunshine. The vulnerability is fixed in 20...
CVE-2026-32253
CVE-2026-32253 (Sunshine) : Sunshine, a self-hosted game stream host for Moonlight, had a vulnerability in client-certificate authentication where the OpenSSL verification results were mishandled in src/crypto.cpp. The custom verify callback treated X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, X...
CVE-2025-53096
Summary: CVE-2025-53096 affects Sunshine, a self-hosted game stream host for Moonlight. The issue is a lack of Clickjacking protection in Sunshine’s web UI prior to version 2025.628.4510, allowing an attacker to embed the UI in a malicious page via an invisible or disguised iframe. If a user, whi...