Spring4shell vulnerability

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

Log4j vulnerability

Log4j zero-day authentication vulnerability allowing remote code execution (RCE).