CVE-2025-34437 — AVideo versions prior to 20.1 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attacker — CVE Database · The Intelligence Room