VYPR
Vendor

Lizardbyte

Products
1
CVEs
12
Across products
12
Status
Private

Products

1

Recent CVEs

12
  • CVE-2026-32253CriMay 22, 2026
    risk 0.57cvss 9.8epss 0.00

    Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are handled. In src/crypto.cpp, the custom verify callback treats…

  • CVE-2025-52386MedAug 13, 2025
    risk 0.35cvss 5.4epss 0.00

    CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file

  • CVE-2025-54081Sep 23, 2025
    risk 0.00cvss epss 0.00

    Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a space, the Service Control Manager (SCM)…

  • CVE-2025-10199Sep 9, 2025
    risk 0.00cvss epss 0.00

    A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path.

  • CVE-2025-10198Sep 9, 2025
    risk 0.00cvss epss 0.00

    Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories.

  • CVE-2025-53095Jul 1, 2025
    risk 0.00cvss epss 0.00

    Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows an attacker to craft a malicious web page that, when visited by an…

  • CVE-2025-53096Jul 1, 2025
    risk 0.00cvss epss 0.00

    Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or…

  • CVE-2024-51738Jan 20, 2025
    risk 0.00cvss epss 0.01

    Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking…

  • CVE-2024-45407Sep 10, 2024
    risk 0.00cvss epss 0.00

    Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing authentication due to a PIN validation error. The pairing attempt fails due to…

  • CVE-2024-31226May 16, 2024
    risk 0.00cvss epss 0.00

    Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\Program.exe`, `C:\Program.bat`, or `C:\Program.cmd` on the…

  • CVE-2024-31221Apr 8, 2024
    risk 0.00cvss epss 0.01

    Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0…

  • CVE-2024-31220Apr 5, 2024
    risk 0.00cvss epss 0.00

    Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration…