[MEDIUM] AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data

PKSA-rhxf-1yfy-x5fd CVE-2026-33685 GHSA-j36m-74g2-7m95

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub