[MEDIUM] AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`

PKSA-23zk-pg8x-sksb CVE-2026-45620 GHSA-vpfx-pxqw-2w79

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub