Drupal has released security updates to address multiple vulnerabilities in Drupal 7.x, 8.5.x and 8.6.x. Exploitation of these vulnerabilities may allow a remote attacker to take control of affected system.
Users and administrators are encouraged to review released Drupal security advisories SA-CORE-2019-001 and SA-CORE-2019-002 and apply necessary updates.