[CRITICAL] AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)

PKSA-zqc4-q9ns-kq82 CVE-2026-33352 GHSA-mcj5-6qr4-95fj

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub