[MEDIUM] AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` Validation

PKSA-1msk-y5kh-hb4p CVE-2026-33237 GHSA-v467-g7g7-hhfh

Affected package: wwbn/avideo

Affected version: <=14.0

Reported by:
GitHub