[HIGH] AVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP)

PKSA-2x5y-pg7k-8jx1 CVE-2026-33513 GHSA-8fw8-q79c-fp9m

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub