Open redirect on affiliate page

Reportada en March 20, 2026

An affiliate marketing tool used on our page enabled redirect to any website. An attacker could exploit this in a phishing campaign, redirecting from a legitimately looking URL to a malicious website.

Reportada por Toshit Bharti

Trezor.io

Vulnerabilidades solucionadas

Reportada por la comunidad. Investigada. Solucionada. Porque tu seguridad no es una opción.

Unauthenticated Remote DoS via xpub Change-Index Amplification
19 de mayo de 2026
Unauthenticated Remote Memory Exhaustion via Unbounded Timestamp Array
19 de mayo de 2026
Cross-Origin Popup Takeover in Trezor Connect popup
3 de mayo de 2026
Reflected cross-site scripting (XSS) vulnerability on connect.trezor.io via hash fragment script injection
25 de marzo de 2026
EIP-712 Domain Spoofing via Double-Fetch
21 de marzo de 2026
Biometric Verification bypassed in Trezor Suite with external monitor
9 de marzo de 2026