As I understand it, overwhelmingly large majority of CVEs over the history of computing have been due to buffer overflows or use-after-free. If you leave out those vectors, you might actually be pretty close to having RCE-free piece of software.

But sure, it's always possible to be more innovative about how to go about enabling RCEs, like the log4j case demonstrates..