Pundhapat

**Name of the Vulnerable Software and Affected Versions** Sunshine versions prior to 2025.923.33222 **Description** Sunshine, a self-hosted game stream host for Moonlight, is affected by an issue where the Windows service `SunshineService` is installed with an unquoted executable path. If Sunshine is installed in a directory containing spaces, the Service Control Manager (SCM) may incorrectly interpret the path and potentially execute a malicious binary placed earlier in the search string. **Recommendations** Update to version 2025.923.33222 or later.

Name of the Vulnerable Software and Affected Versions: Sunshine for Windows version v2025.122.141614 Description: Sunshine for Windows version v2025.122.141614 contains a DLL search-order hijacking vulnerability. This allows attackers to insert a malicious DLL into user-writable PATH directories. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Yoosee version 6.32.4 Description: An SQL injection flaw exists in the Yoosee application that allows authenticated users to inject arbitrary SQL queries through a request to a backend API endpoint. Successful exploitation can lead to the extraction of sensitive database information, including the database server banner and version, current database user and schema, DBMS user privileges, and arbitrary data from any table. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClipShare versions prior to 3.8.5 **Description** ClipShare is a lightweight and cross-platform tool for clipboard sharing. The issue arises because ClipShare Server for Windows uses the default Windows DLL search order, loading system libraries like `CRYPTBASE.dll` and `WindowsCodecs.dll` from its own directory before the system path. This allows a local, non-privileged user who can write to the folder containing `clip share.exe` to place malicious DLLs there, leading to arbitrary code execution in the context of the server. If the server is launched by an Administrator or another elevated user, it results in a reliable local privilege escalation. **Recommendations** For versions prior to 3.8.5, update to version 3.8.5 to resolve the issue. As a temporary workaround, consider restricting write access to the folder containing `clip share.exe` to prevent malicious DLL placement.