log4j persistently keeps its place on the agenda. Although it has been stated that it is very critical and many articles have been written about it, a list has been published and put up for sale that is including more than 500k potential and 220k vulnerable hosts. You can reach to repo for this sale with the link below;
https://github.com/razz0r/CVE-2021-44228-Mass-RCE
Log4j is highly critical because it does not require user permission to run the vulnerability, and very easy to exploit. It is highly recommended to implement the patches quickly.