<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-17T05:58:58.157991+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/33359741-2a95-4e03-b83c-02485ebea053/export</id>
    <title>33359741-2a95-4e03-b83c-02485ebea053</title>
    <updated>2026-07-17T05:58:58.179987+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "33359741-2a95-4e03-b83c-02485ebea053", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63305", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrjozn2vn2w", "content": "CVE-2026-63305 - AVideo through 29.0 OS Command Injection via ffmpeg.json.php\nCVE ID : CVE-2026-63305\n \n Published : July 16, 2026, 1:16 p.m. | 1\u00a0hour, 18\u00a0minutes ago\n \n Description : AVideo through 29.0 contains an OS command injection vulnerability in the ffmpeg.json.php end...", "creation_timestamp": "2026-07-16T15:15:45.509292Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/33359741-2a95-4e03-b83c-02485ebea053/export"/>
    <published>2026-07-16T15:15:45.509292+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a1bf6183-6e5d-4203-bb82-b80805647f63/export</id>
    <title>a1bf6183-6e5d-4203-bb82-b80805647f63</title>
    <updated>2026-07-17T05:58:58.182535+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a1bf6183-6e5d-4203-bb82-b80805647f63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63305", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqrel3xc7x2o", "content": "CVE-2026-63305\nAVideo versions up to 29.0 have a security flaw that allows attackers to execute system commands. This can be exploited by sending specially crafted data to the ffmpeg.json.php endpoint. To protect your system,\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-16T13:44:04.967576Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a1bf6183-6e5d-4203-bb82-b80805647f63/export"/>
    <published>2026-07-16T13:44:04.967576+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/8538d743-9165-468c-98f2-c6aa950a07b0/export</id>
    <title>8538d743-9165-468c-98f2-c6aa950a07b0</title>
    <updated>2026-07-17T05:58:58.182635+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "8538d743-9165-468c-98f2-c6aa950a07b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-63305", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqrdssbvep2z", "content": "WWBN AVideo \u226429.0 is affected by a CRITICAL (CVSS 9.2) OS command injection (CVE-2026-63305). Restrict ffmpeg.json.php access &amp;amp; monitor for suspicious activity until a patch is available. https://radar.offseq.com/threat/cve-2026-63305-improper-neutralization-of-special--2152563144062b29 #OffSeq #...", "creation_timestamp": "2026-07-16T13:30:30.763641Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/8538d743-9165-468c-98f2-c6aa950a07b0/export"/>
    <published>2026-07-16T13:30:30.763641+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/83ba766c-2600-43bb-b483-7c63cc9c2666/export</id>
    <title>83ba766c-2600-43bb-b483-7c63cc9c2666</title>
    <updated>2026-07-17T05:58:58.182707+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cve.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "83ba766c-2600-43bb-b483-7c63cc9c2666", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-63305", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116929896586145034", "content": "CRITICAL: CVE-2026-63305 impacts WWBN AVideo \u226429.0. OS command injection in ffmpeg.json.php allows arbitrary command execution as the web-server user. No patch yet \u2014 restrict access &amp;amp; monitor logs. Details: https://radar.offseq.com/threat/cve-2026-63305-improper-neutralization-of-special--2152563144062b29 #OffSeq #Vuln #WWBN #CVE202663305", "creation_timestamp": "2026-07-16T13:30:27.831080Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/83ba766c-2600-43bb-b483-7c63cc9c2666/export"/>
    <published>2026-07-16T13:30:27.831080+00:00</published>
  </entry>
</feed>
