Dengxmenglihua

**Name of the Vulnerable Software and Affected Versions** PublicCMS versions 5.202506.a through 5.202506.b **Description** An issue exists in PublicCMS that allows attackers to execute arbitrary commands. This occurs due to an OS command injection in the backupDB.bat file when processing crafted `DATABASE`, `USERNAME`, or `PASSWORD` variables. **Recommendations** Apply updates to versions beyond 5.202506.b.

Name of the Vulnerable Software and Affected Versions: zrlog version 3.1.5 Description: A Server-Side Request Forgery (SSRF) issue was discovered in zrlog via the `downloadUrl` parameter. This allows for potential unauthorized access to internal resources. Recommendations: For zrlog version 3.1.5, as a temporary workaround, consider restricting access to the `downloadUrl` parameter until a patch is available.