Vendor
AVideo versions up to 26.0 are vulnerable to remote code execution due to unsanitized user-controlled input in the restreamer endpoint that is passed to shell commands.