Apache Tomcat vulnerability
CVE-2022-25762

An application may continue to use the socket after it has been closed.

Spring Security vulnerability
CVE-2022-22978

A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers.

Authorization Bypass vulnerability
CVE-2022-1996

Authorization Bypass Through User-Controlled Key in GitHub repository emickel/go-restful vulnerability.

Spring4shell vulnerability

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

Log4j vulnerability

Log4j zero-day authentication vulnerability allowing remote code execution (RCE).