Every CVE whose affected-product data names Ascertia Signinghub, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2025-54321 — CVSS 9.8 (critical): In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing…
CVE-2025-56218 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.
CVE-2025-56221 — CVSS 9.8 (critical): A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack.
CVE-2025-56224 — CVSS 8.1 (high): A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification…
CVE-2025-56223 — CVSS 7.5 (high): A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service…
CVE-2025-56219 — CVSS 7.1 (high): Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to…
CVE-2025-61166 — CVSS 6.1 (medium): An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL.
CVE-2025-54320 — CVSS 4.3 (medium): In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing…