Known exploited
ProjectSend
CVE published 2024-12-03
CVE-2024-11680
CVE-2024-11680 is a ProjectSend improper authentication vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2024-12-03. Because it is listed as known exploited, affected environments should prioritize the official vendor and government guidance, verify whether their deployed version is fixed or mitigated, and discontinue use if no effective mitigation is available.