Every CVE whose affected-product data names Lizardbyte Sunshine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2026-32253 — CVSS 9.8 (critical): Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can…
CVE-2025-53095 — CVSS 9.6 (critical): Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against…
CVE-2024-51738 — CVSS 8.1 (high): Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not…
CVE-2025-10198 — CVSS 7.8 (high): Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a…
CVE-2025-10199 — CVSS 7.8 (high): A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an…
CVE-2024-31220 — CVSS 7.3 (high): Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able…
CVE-2025-54081 — CVSS 6.7 (medium): Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed…
CVE-2024-45407 — CVSS 6.5 (medium): Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may…
CVE-2024-31221 — CVSS 5.9 (medium): Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all…
CVE-2025-53096 — CVSS 5.4 (medium): Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against…
CVE-2024-31226 — CVSS 4.9 (medium): Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may…