[MEDIUM] AVideo: Unauthenticated User Enumeration in objects/users.json.php via isCompany Parameter Allows Bypass of the Admin-Only Listing Restriction

PKSA-m1k1-6n5g-5skj CVE-2026-43881 GHSA-6rvw-7p8v-mjfq

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub