Signinghub
by Ascertia
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-61166 | Med | 0.40 | 6.1 | 0.00 | Apr 6, 2026 | An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL. | ||
| CVE-2025-54321 | 0.00 | — | 0.00 | Nov 18, 2025 | In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests. | |||
| CVE-2025-54320 | 0.00 | — | 0.00 | Nov 18, 2025 | In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests. |
- risk 0.40cvss 6.1epss 0.00
An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL.
- CVE-2025-54321Nov 18, 2025risk 0.00cvss —epss 0.00
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests.
- CVE-2025-54320Nov 18, 2025risk 0.00cvss —epss 0.00
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests.