Open redirect on affiliate page

Gemeldet auf March 20, 2026

An affiliate marketing tool used on our page enabled redirect to any website. An attacker could exploit this in a phishing campaign, redirecting from a legitimately looking URL to a malicious website.

Gemeldet durch Toshit Bharti

Trezor.io

Behobene Sicherheitslücken

Gemeldet durch Community. Untersucht. Gelöst. Weil deine Sicherheit nie optional ist.

Unauthenticated Remote DoS via xpub Change-Index Amplification
19. Mai 2026
Unauthenticated Remote Memory Exhaustion via Unbounded Timestamp Array
19. Mai 2026
Cross-Origin Popup Takeover in Trezor Connect popup
3. Mai 2026
Reflected cross-site scripting (XSS) vulnerability on connect.trezor.io via hash fragment script injection
25. März 2026
EIP-712 Domain Spoofing via Double-Fetch
21. März 2026
Biometric Verification bypassed in Trezor Suite with external monitor
9. März 2026