In 2020, web application security suffered as organizations shifted focus to support remote work and business continuity amid the challenges of 2020. The number of high-severity vulnerabilities decreased steadily every year, with an average reduction rate of 22% year over year. The incidence of server-side request forgery (SSRF), the primary vulnerability behind the recent Microsoft Exchange breach in 2021, as well as Capital One in 2019, has not improved year-over-year. Remote code execution increased by one percentage point last year, according to Invicti Security.
Source: https://www.helpnetsecurity.com/2021/04/20/web-application-security-critical/