📦 Sunshine

Sunshine's web UI lacks CSRF protection, allowing attackers to trick authenticated users into executing arbitrary OS commands with Administrator privileges via the 'Command Preparations' feature. This...

Sunshine for Windows v2025.122.141614 has a DLL search-order hijacking vulnerability where attackers can place malicious DLLs in user-writable PATH directories. When Sunshine loads DLLs, it may execut...

Sunshine versions 0.23.1 and earlier have a pairing protocol vulnerability that allows man-in-the-middle attacks during client pairing. An unauthenticated attacker could hijack legitimate pairing atte...

This vulnerability in Sunshine game streaming software allows an attacker to gain unauthorized access by exploiting a flaw in the pairing process. During a man-in-the-middle attack, if a client attemp...

This vulnerability in Sunshine game streaming software allows path interception attacks when terminating the service on Windows. Attackers can place malicious executables named 'Program.exe', 'Program...