Signinghub

signinghub

Vendor: Ascertia • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-61166 1Ascertia 1Signinghub Apr 10, 2026 Apr 6, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL.
CVE-2025-54321 1Ascertia 1Signinghub Nov 20, 2025 Nov 18, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password re...Show more In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests.Show less
CVE-2025-54320 1Ascertia 1Signinghub Nov 20, 2025 Nov 18, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests.
CVE-2025-56224 1Ascertia 1Signinghub Oct 27, 2025 Oct 20, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification via a bruteforce attack.
CVE-2025-56223 1Ascertia 1Signinghub Oct 27, 2025 Oct 20, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive number of files.
CVE-2025-56219 1Ascertia 1Signinghub Oct 27, 2025 Oct 20, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large nu...Show more Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large number of user accounts are created.Show less
CVE-2025-56221 1Ascertia 1Signinghub Oct 27, 2025 Oct 17, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack.
CVE-2025-56218 1Ascertia 1Signinghub Oct 27, 2025 Oct 17, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.