Fidelity Funding has been helping families like yours purchase or refinance homes for over 28 years.
Discover® is now part of Capital One. Together, we’ll continue to deliver exceptional financial products and experiences, drive innovation, and serve customers. Find the latest updates at https://capitalonediscover.com. Discover is one of the most recognized brands in the U.S. with the Discover® card, America's cash rewards pioneer, and offers personal loans, home loans, checking and savings accounts and certificates of deposit. The Discover Global Network® is comprised of Discover Network, with millions of merchants and cash access locations; PULSE®, one of the nation's leading ATM/debit networks; and Diners Club International®, a global payments network with acceptance around the world.
Security & Compliance Standards Overview
No incidents recorded for Fidelity Funding Mortgage Group Branch NMLS 2464767 in 2026.
No incidents recorded for Discover in 2026.
Fidelity Funding Mortgage Group Branch NMLS 2464767 cyber incidents detection timeline including parent company and subsidiaries
Discover cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device to crash during session establishment when using TLS 1.0 or TLS 1.1. Attackers can trigger a crash by initiating TLS connections with these protocol versions to disrupt service availability.
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.
XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services
Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda and red_url parameters.
A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda parameter.
