[HIGH] AVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and `liveTransmitionHistory_id` in Restreamer Log File Path

PKSA-cpqv-3x62-47s6 CVE-2026-33648 GHSA-5m4q-5cvx-36mw

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub