Open redirect on affiliate page

Signalé sur March 20, 2026

An affiliate marketing tool used on our page enabled redirect to any website. An attacker could exploit this in a phishing campaign, redirecting from a legitimately looking URL to a malicious website.

Signalé par Toshit Bharti

Trezor.io

Vulnérabilités résolues

Signalé par la communauté. Examiné. Résolu. Parce que votre sécurité n’est jamais optionnelle.

Unauthenticated Remote DoS via xpub Change-Index Amplification
19 mai 2026
Unauthenticated Remote Memory Exhaustion via Unbounded Timestamp Array
19 mai 2026
Cross-Origin Popup Takeover in Trezor Connect popup
3 mai 2026
Reflected cross-site scripting (XSS) vulnerability on connect.trezor.io via hash fragment script injection
25 mars 2026
EIP-712 Domain Spoofing via Double-Fetch
21 mars 2026
Biometric Verification bypassed in Trezor Suite with external monitor
9 mars 2026