{"vulnerability": "cve-2026-63305", "sightings": [{"uuid": "83ba766c-2600-43bb-b483-7c63cc9c2666", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-63305", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116929896586145034", "content": "CRITICAL: CVE-2026-63305 impacts WWBN AVideo \u226429.0. OS command injection in ffmpeg.json.php allows arbitrary command execution as the web-server user. No patch yet \u2014 restrict access &amp; monitor logs. Details: https://radar.offseq.com/threat/cve-2026-63305-improper-neutralization-of-special--2152563144062b29 #OffSeq #Vuln #WWBN #CVE202663305", "creation_timestamp": "2026-07-16T13:30:27.831080Z"}, {"uuid": "8538d743-9165-468c-98f2-c6aa950a07b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-63305", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqrdssbvep2z", "content": "WWBN AVideo \u226429.0 is affected by a CRITICAL (CVSS 9.2) OS command injection (CVE-2026-63305). Restrict ffmpeg.json.php access &amp; monitor for suspicious activity until a patch is available. https://radar.offseq.com/threat/cve-2026-63305-improper-neutralization-of-special--2152563144062b29 #OffSeq #...", "creation_timestamp": "2026-07-16T13:30:30.763641Z"}, {"uuid": "a1bf6183-6e5d-4203-bb82-b80805647f63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63305", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqrel3xc7x2o", "content": "CVE-2026-63305\nAVideo versions up to 29.0 have a security flaw that allows attackers to execute system commands. This can be exploited by sending specially crafted data to the ffmpeg.json.php endpoint. To protect your system,\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-16T13:44:04.967576Z"}, {"uuid": "33359741-2a95-4e03-b83c-02485ebea053", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63305", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqrjozn2vn2w", "content": "CVE-2026-63305 - AVideo through 29.0 OS Command Injection via ffmpeg.json.php\nCVE ID : CVE-2026-63305\n \n Published : July 16, 2026, 1:16 p.m. | 1\u00a0hour, 18\u00a0minutes ago\n \n Description : AVideo through 29.0 contains an OS command injection vulnerability in the ffmpeg.json.php end...", "creation_timestamp": "2026-07-16T15:15:45.509292Z"}]}