Two new vulnerabilities in Spring Security and Spring Framework allow attackers to bypass security checks due to flaws in how annotations are processed with generic types. This impacts applications using method-level security with annotations like `@PreAuthorize`, and patches are available to address the issue. Developers can also mitigate the risk by declaring secured methods directly in their target classes.