OpenSSL Security vulnerability CVE-2022-2068 and CVE-2022-2274

File names of certificates being hashed were possibly passed to a command executed through the shell. Additionally, the RSA implementation causing memory corruption.

Apache Tomcat vulnerability
CVE-2022-25762

An application may continue to use the socket after it has been closed.

Spring Security vulnerability
CVE-2022-22978

A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers.

Authorization Bypass vulnerability
CVE-2022-1996

Authorization Bypass Through User-Controlled Key in GitHub repository emickel/go-restful vulnerability.

Spring4shell vulnerability

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

Log4j vulnerability

Log4j zero-day authentication vulnerability allowing remote code execution (RCE).