Ascertia Signinghub
8 CVEs affecting Ascertia Signinghub. Latest disclosed: 2026-04-06. Critical: 3, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-54321 | Critical | 9.8 | 2025-11-18 | In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authentica… |
CVE-2025-56221 | Critical | 9.8 | 2025-10-17 | A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack. |
CVE-2025-56218 | Critical | 9.8 | 2025-10-17 | An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file. |
CVE-2025-56224 | High | 8.1 | 2025-10-20 | A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification via a bruteforce atta… |
CVE-2025-56223 | High | 7.5 | 2025-10-20 | A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an e… |
CVE-2025-56219 | High | 7.1 | 2025-10-20 | Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhausti… |
CVE-2025-61166 | Medium | 6.1 | 2026-04-06 | An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL. |
CVE-2025-54320 | Medium | 4.3 | 2025-11-18 | In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated… |