Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

LizardByte — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting LizardByte. AI-powered Chinese analysis, POCs, and references for each vulnerability.

LizardByte develops open-source gaming infrastructure software, primarily known for the Sunshine game streaming project. Historically, their vulnerabilities have commonly included remote code execution, cross-site scripting, and privilege escalation flaws. The organization has addressed multiple critical security issues, including a high-severity RCE vulnerability in Sunshine's virtual audio device driver in 2023. While no major public security incidents have been documented, the 10 CVEs attributed to LizardByte highlight ongoing security challenges in their software development lifecycle, particularly in handling complex system-level interactions and user input validation within their streaming solutions.

Top products by LizardByte: Sunshine Sunshine for Windows
CVE IDTitleCVSSSeverityPublished
CVE-2025-54081 SunshineService Has Unquoted Service Path That Allows Local SYSTEM Code Execution — SunshineCWE-428 6.7 Medium2025-09-23
CVE-2025-10199 A local privilege escalation vulnerability exists in LizardBytes' Sunshine for Windows — Sunshine for Windows 7.8AIHighAI2025-09-09
CVE-2025-10198 LizardBytes Sunshine for Windows contains a DLL search-order hijacking vulnerability — Sunshine for Windows 7.8AIHighAI2025-09-09
CVE-2025-53095 Sunshine application-wide CSRF in the UI leads to command injection as Administrator — SunshineCWE-352 9.7 Critical2025-07-01
CVE-2025-53096 Sunshine clickjacking in the UI leads to unauthorized actions being performed — SunshineCWE-1021 5.4 Medium2025-07-01
CVE-2024-51738 Sunshine improperly enforces pairing protocol request order — SunshineCWE-305 5.9 -2025-01-20
CVE-2024-45407 Sunshine has incorrect state management during pairing process may lead to incorrectly authorized client — SunshineCWE-300 6.5 Medium2024-09-10
CVE-2024-31226 Sunshine's unquoted executable path could lead to hijacked execution flow — SunshineCWE-428 4.9 Medium2024-05-16
CVE-2024-31221 Clients removed during unpairing process may regain access if Sunshine was not restarted — SunshineCWE-384 5.9 Medium2024-04-08
CVE-2024-31220 Sunshine vulnerable to remote unauthenticated arbitrary file read — SunshineCWE-22 7.3 High2024-04-05

This page lists every published CVE security advisory associated with LizardByte. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.