USN-8315-1: MediaWiki vulnerabilities

It was discovered that MediaWiki incorrectly handled group membership visibility in the OATHAuth extension. An authenticated attacker could use this issue to determine if other users had two-factor authentication enabled. CVE-2026-34087 It was discovered that MediaWiki incorrectly handled...

EUVD-2021-18453

Malware in sbrugna...

EUVD-2021-18452

Malware in sbrugna...

EUVD-2015-7904

Malware in sbrugna...

EUVD-2025-10823

Malicious code in bioql PyPI...

CVE-2025-32068

Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43...

CVE-2025-32068

Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension allows Authentication Bypass.This issue affects Mediawiki - OAuth Extension: from 1.39 through 1.43...

PT-2025-16132 · Mediawiki · Mediawiki Extension:Oauth

Name of the Vulnerable Software and Affected Versions: Mediawiki - OAuth Extension versions 1.39 through 1.43 Description: The issue is related to an Incorrect Authorization vulnerability that allows Authentication Bypass in the Mediawiki - OAuth Extension. This flaw highlights the importance of...

CVE-2021-31556

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob...

Design/Logic Flaw

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarcversion aka oauthregisteredconsumer.oarcversion parameter's length...

PT-2021-3955 · Unknown +2 · Mysql Server +3

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 Description: An issue was discovered in the Oauth extension for MediaWiki. The problem lies in MWOAuthConsumerSubmitControl.php, which does not ensure that the length of an RSA key will fit in a MySQL blob...

The vulnerability of the OAuth2 extension for the software environment used to implement the MediaWiki hypertext environment allows a hacker to perform cross-site request forgeing attacks.

The vulnerability of the OAuth2 extension for implementing the MediaWiki hypertext environment is related to the absence of a check on the OAuth2 status parameter in the callback function. Exploiting this vulnerability allows a malicious actor to perform cross-site forged requests...

MediaWiki Oauth extension security bypass vulnerability (CNVD-2015-07397)

MediaWiki is a suite of free and freely available web-based wiki engines that can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in the MediaWiki Oauth extension, which allows remote attackers to exploit the vulnerability to bypass...

MediaWiki Oauth extension security bypass vulnerability (CNVD-2015-07398)

MediaWiki is a suite of free and freely available web-based wiki engines that can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in the MediaWiki Oauth extension, which allows remote attackers to exploit the vulnerability to bypass...