CVE-2026-34362 AVideo's WebSocket Token Never Expires Due to Commented-Out Timeout Validation in verifyTokenSocket()

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the verifyTokenSocket function in plugin/YPTSocket/functions.php has its token timeout validation commented out, causing WebSocket tokens to never expire despite being generated with a 12-hour timeout. This allows...

Roblox: Insecure redirect rule results in bypassing ban redirect on certain pages

Description Account bans on Roblox work via redirect rules. If an user attempts go to a page that's outside a whitelisted set of rules, they'll be redirected back to the ban page. After researching, I've found that the following rules are whitelisted and bypass this redirect: - Any URLs ending in...