Known exploited
MDaemon
CVE published 2025-05-19
CVE-2024-11182
CVE-2024-11182 is a cross-site scripting (XSS) vulnerability in MDaemon Email Server. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on 2025-05-19, which indicates confirmed exploitation or sufficient evidence of active exploitation risk for prioritized remediation. Defensive attention should focus on identifying exposed MDaemon Email Server deployments, validating vendor guidance, and [truncated]