Detectify Security Updates for 27 April

Detectify's Crowdsource ethical hacker community has been actively providing security updates, including zero-day research, which are rapidly integrated into their Asset Monitoring system within 25 minutes from discovery to scanner deployment. Although not all updates can be disclosed publicly due to confidentiality agreements, they are immediately accessible to all users. Recent vulnerabilities identified by the community include multiple critical flaws such as a reflected XSS vulnerability in Composr CMS, authentication bypass in Dell OpenManage Administrator, information disclosure in Eclipse Jetty, arbitrary file read in Apache Solr, remote code execution in Yii 2, XSS vulnerabilities in Bitrix Site Manager and Tileserver GL, and a directory traversal issue in Rstudio Shiny Server. These vulnerabilities, once exploited, can lead to credential theft, unauthorized access, or execution of malicious JavaScript, highlighting the critical role of ongoing security vigilance and rapid response.