Discovery

This hub aggregates every CVE we track for Discovery, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Discovery.

• CVE-2026-33033Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload6.5Apr 7, 2026
• CVE-2026-4292Privilege abuse in ModelAdmin.list_editable2.7Apr 7, 2026
• CVE-2026-4277Privilege abuse in GenericInlineModelAdmin9.8Apr 7, 2026
• CVE-2026-3902ASGI header spoofing via underscore/hyphen conflation7.5Apr 7, 2026
• CVE-2026-4424Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing7.5Mar 19, 2026
• CVE-2026-25674Potential incorrect permissions on newly created file system objects3.7Mar 3, 2026
• CVE-2026-0861Integer overflow in memalign leads to heap corruption8.4Jan 14, 2026
• CVE-2025-66471urllib3 Streaming API improperly handles highly compressed data7.5Dec 5, 2025
• CVE-2025-65082Apache HTTP Server: CGI environment variable override6.5Dec 5, 2025
• CVE-2025-64460Potential denial-of-service vulnerability in XML serializer text extraction7.5Dec 2, 2025
• CVE-2025-13601Glib: integer overflow in in g_escape_uri_string()7.7Nov 26, 2025
• CVE-2025-59375libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.7.5Sep 15, 2025
• CVE-2024-12088Rsync: --safe-links option bypass leads to path traversal6.5Jan 14, 2025
• CVE-2024-45231An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers ...5.3Oct 8, 2024
• CVE-2024-8775Ansible-core: exposure of sensitive information in ansible vault files due to improper logging5.5Sep 14, 2024