[CRITICAL] AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass

PKSA-kz4k-1fdq-4jkn CVE-2026-33351 GHSA-5f7v-4f6g-74rj

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub