[MEDIUM] AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event Spoofing

PKSA-81bf-8cfg-hbh2 CVE-2026-43882 GHSA-mwgh-92m2-wvhv

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub